@drm3labs-oss/provenance-node
v0.2.3
Published
DRM3 Provenance - Node/Bun WASM bindings (Ed25519 receipts, chains, Merkle rollups)
Downloads
65
Maintainers
Readme
@drm3labs-oss/provenance-node
Cryptographic proof of work for the AI age. Ed25519 receipts, receipt chains, and Merkle rollups: sign any unit of work - an AI call, a data fetch, a pipeline step - and let anyone verify it with your public key.
WebAssembly bindings (Cloudflare Workers, Node.js, browsers) over a Rust core.
Install
npm install @drm3labs-oss/provenance-nodeQuick start
import { Keyring, Receipt, Chain } from '@drm3labs-oss/provenance-node';
// One mnemonic derives as many keys as you need.
const keyring = Keyring.fromMnemonic(process.env.MY_MNEMONIC);
const keypair = keyring.derive('my-app/signer'); // any stable path string
// Sign your work.
const receipt = Receipt.create('llm.chat')
.inputs({ model: 'qwen3-4b', prompt: 'Hello' })
.outputs({ response: 'Hi there!' })
.cost(0.003, 'usd', 'paid')
.sign(keypair);
// Anyone with your public key can verify.
receipt.verify(); // true
// Chain receipts and get a Merkle root for on-chain anchoring.
const chain = Chain.create().add(receipt1).add(receipt2).build();
chain.merkleRoot(); // sha256:...API
Keyring
const keyring = Keyring.fromMnemonic(mnemonic); // from a BIP39 mnemonic
const mnemonic = Keyring.generateMnemonic(); // or generate a fresh one
const keypair = keyring.derive('my-app/ingest'); // derive a keypair at any pathReceipt
const receipt = Receipt.create('action.name')
.inputs(data)
.outputs(result)
.cost(amount, 'usd', 'paid')
.durationMs(100)
.sign(keypair);
receipt.verify(); // boolean
const json = receipt.toJson(); // serialize
Receipt.fromJson(json); // restoreChain
const chain = Chain.create().add(receipt1).add(receipt2).build();
chain.verify(); // verify every receipt + linkage
chain.merkleRoot(); // sha256:...
const proof = chain.merkleProof(0);
proof.verify(receipt1.hash(), chain.merkleRoot());Derivation paths
A path is any stable string naming a signing role in your system. One mnemonic derives a distinct, deterministic keypair per path, so each service, stage, or environment gets its own key from a single secret:
keyring.derive('my-app/signer'); // your app's main signer
keyring.derive('my-app/ingest'); // a separate key for a data-ingest stage
keyring.derive('worker/prod'); // per-environment keysKeep the mnemonic server-side (a secret env var). Publish only the public keys so others can verify your receipts independently.
Cloudflare Workers
This package is the pkg-web build - it exports initSync. Add a CompiledWasm
rule to wrangler.toml, then initialize once before use:
import wasmModule from './drm3_provenance_bg.wasm';
import { initSync, Keyring, Receipt, verify } from './drm3_provenance.js';
initSync({ module: wasmModule }); // call once before anything elseLicense
MIT. This package is the compiled WebAssembly binary and its JavaScript/TypeScript bindings - use it freely. The Rust source of the provenance protocol is proprietary and is not distributed. Closed source, open binary.
