Thanks for OKF - the format is clean, and the "producers MAY include any additional keys" rule makes it easy to build on.
One gap shows up the moment agents act on shared bundles: a consumer has no way to verify that a bundle came from who it claims and hasn't been altered. The metadata stops at timestamp - there's no signature or integrity check. (Karpathy's original LLM-wiki gist has comments raising the same worry: stale synthesis pages that still look authoritative.)
I put together a small, additive layer that stays inside the spec:
optional provenance frontmatter keys (source, source_url, licence, measured_at) - additional keys the spec already permits
a root okf.manifest.json (not a reserved filename) that lists a SHA-256 of every file plus a provenance envelope, Ed25519-signed over its canonical form
a standalone verifier that re-hashes the files and checks the signature against the issuer's published key
Drop the manifest and it's a plain OKF bundle again - no fork, no required SDK. Repo (Apache-2.0): https://github.com/dynamicfeed/signed-okf
Sharing in case it's useful to the ecosystem, or as a reference if OKF ever wants to address provenance natively. Happy to align naming and conventions with the spec. Either way, thanks for shipping this.
Thanks for OKF - the format is clean, and the "producers MAY include any additional keys" rule makes it easy to build on.
One gap shows up the moment agents act on shared bundles: a consumer has no way to verify that a bundle came from who it claims and hasn't been altered. The metadata stops at timestamp - there's no signature or integrity check. (Karpathy's original LLM-wiki gist has comments raising the same worry: stale synthesis pages that still look authoritative.)
I put together a small, additive layer that stays inside the spec:
optional provenance frontmatter keys (source, source_url, licence, measured_at) - additional keys the spec already permits
a root okf.manifest.json (not a reserved filename) that lists a SHA-256 of every file plus a provenance envelope, Ed25519-signed over its canonical form
a standalone verifier that re-hashes the files and checks the signature against the issuer's published key
Drop the manifest and it's a plain OKF bundle again - no fork, no required SDK. Repo (Apache-2.0): https://github.com/dynamicfeed/signed-okf
Sharing in case it's useful to the ecosystem, or as a reference if OKF ever wants to address provenance natively. Happy to align naming and conventions with the spec. Either way, thanks for shipping this.