AI agents can execute tasks. But they still don't understand rights.

ProofMeta is an open protocol for machine-readable licensing, permissions and usage policies — so agents and autonomous systems can discover, verify and act on rights at scale. Apache 2.0. Chain-agnostic. Specification, not SaaS.

Why this matters Read the spec →
02 / THE PROBLEM

Humans already struggle with usage rights. Agents will struggle at scale.

Autonomous systems now consume datasets, call APIs, remix prompts, reuse generated outputs and chain tools together — often without a machine-verifiable answer to a basic question: is this allowed, under which terms, with what proof?

Datasets

An agent ingests a corpus. The license is a PDF in a footer link. No scope tags. No training exclusion. No verifiable grant.

APIs & tools

A workflow calls third-party endpoints. Terms of service exist — but not in a form a runtime can parse, compare or enforce.

Generated outputs

One agent's output becomes another's input. Derivative rights, attribution and commercial use are ambiguous — even for humans.

Composed workflows

Skills, plugins and capability registries multiply reuse. Permissions do not travel with the artefact. Verification does not compose.

Today

Licenses are PDFs. Policies are fragmented. Permissions are human-readable. Machines cannot verify rights.

ProofMeta

Rights, scopes and usage policies expressed as signed, machine-readable primitives — verifiable before action.

The agentic era needs programmable rights infrastructure — the same way the web needed HTTP, not another storefront.

03 / PROTOCOL · SDK · PANDR

Three layers. One clear separation.

ProofMeta is an open specification and reference implementation — not a hosted product, not a marketplace, not a take rate on your artefacts. Commercial applications built on the protocol are separate.

Open · Apache 2.0

ProofMeta Protocol

  • Open specification and JSON schemas
  • Machine-readable rights primitives
  • Signed envelopes and verification flows
  • Status lifecycle: OPEN → PENDING → GRANTED | DENIED → REVOKED
  • Chain-agnostic, platform-agnostic architecture
Reference · npm

SDK + CLI

  • TypeScript reference implementation
  • Create, sign and verify envelopes
  • License contract templates and scope tags
  • Validator CLI for any ProofMeta artifact
  • npm i @proofmeta/sdk-ts
Commercial · separate

Pandr

  • Commercial applications on the protocol
  • AI rights analysis and policy tooling
  • Governance and operational workflows
  • Enterprise implementation support
  • Not required to use the protocol · pandr.de →

The license is a pointer, not a contract. ProofMeta references terms, scopes and proof — it does not replace counsel. It makes permission computable for machines.

04 / ARCHITECTURE

Signed envelopes. Verifiable by design.

Every ProofMeta artifact is a signed envelope: who wrote it, what exactly was written, when, and in what order. Agents verify before they act — no bare JSON, no implied consent.

PRIMITIVE SHIPPED

Signed Envelopes

ed25519 signatures, DID identity (did:key), JCS canonical hashing. Cryptographic foundation for every protocol message.

SEMANTICS SHIPPED

License Contracts

Chain-agnostic license semantics. Scope tags, pricing models, ready-made templates. One JSON object per permission surface.

TOOLING SHIPPED

TypeScript SDK + CLI

Create envelopes, sign, verify, chain. Validate any ProofMeta artifact from your terminal.

EXTENSION PLANNED

Pluggable Resolvers

Payment, delivery and anchoring are plug-in concerns — not protocol requirements. Pick your stack; permission logic stays portable.

Payments

Was value exchanged? (external resolver)

Identity

Who acted? (DID + signature)

ProofMeta

Was it allowed — under which terms, with what proof?

05 / LIFECYCLE

Discover. Request. Decide. Act with proof.

An agent discovers permission metadata attached to an artefact, requests access, receives a machine-readable grant or denial, and acts only inside the terms — with an auditable trail.

// Permission metadata — pointer to terms, not the contract itself
{
  "artefact":   "urn:proofmeta:dataset:training-corpus-v2",
  "scope":      ["inference-allowed", "training-excluded", "commercial-use"],
  "terms_url":  "https://example.com/terms/corpus-v2",
  "terms_hash": "sha256:a1b2c3...",
  "proof":      { "envelope_id": "env_...", "status": "GRANTED" }
}
OPEN PENDING GRANTED | DENIED REVOKED

Every state is machine-readable. Every transition is auditable. Revocation is expressible — not implied.

06 / ARTEFACT TYPES

One permission primitive. Any digital artefact.

ProofMeta does not assume a single content type. Any resource an agent might discover, compose or execute can carry the same signed permission envelope — datasets, APIs, code, documents, media, model outputs and agent capabilities.

DatasetsTraining data, corpora, labelled collections
APIsEndpoints, tools, callable capabilities
CodeRepos, modules, generated snippets
DocumentsSpecs, policies, knowledge bases
MediaAudio, video, images, creative assets
Model outputsGenerations, embeddings, derivatives
Agent capabilitiesRegistered tools, composable functions
WorkflowsPrompt chains, orchestration kits, skills
07 / FOR BUILDERS

Open infrastructure for the agentic era.

ProofMeta is written in public under Apache 2.0. Implement without permission. Fork without capture. No vendor account. No marketplace listing required.

I'm Daud — in software since the late 1990s, most of the last decade on licensing and IP. ProofMeta compounds that work into infrastructure for an era where agents, not lawyers, need to parse what is allowed.

Specification, not SaaS

An open spec and reference implementations — not a hosted product with a take rate.

Neutral by design

Chain-agnostic. Platform-agnostic. Policy interoperability without platform capture.

Pointer, not contract

Machine-readable permission metadata references legal terms — it does not replace them.

Pre-launch, honest

No fake testimonials. No inflated claims. The spec is live; implementations are early.

"Is this a product, SDK, marketplace or specification?"

The protocol and schemas are the specification — open, Apache 2.0. The TypeScript SDK and CLI are the reference implementation. PANDR builds commercial applications on top. There is no marketplace and no requirement to use any commercial layer.

"Does this replace my lawyer?"

No. ProofMeta makes permission computable for agents and apps. Legal agreements still exist — the protocol gives machines something parseable to point at.

"Which runtimes can use this?"

Any runtime that can fetch JSON and verify signatures. SDKs are convenience — not a lock-in layer.

"Why now?"

Agents are already composing tools, datasets and outputs at scale. Rights metadata has not kept pace. Without machine-readable licensing, every autonomous workflow is a liability waiting to be discovered — not because agents are malicious, but because permissions were never designed for them.

08 / READ THE SPEC

Implement the rights layer. No waitlist.

The specification is Apache 2.0 and open for implementation. Clone it. Run the demo. Attach permission metadata to your first artefact.

# 1. read the spec
$ git clone https://github.com/bettabeta/proofmeta-primitive-core

# 2. install the SDK + run the end-to-end demo
$ cd proofmeta-primitive-core && npm install && npm run e2e

# 3. browse license templates
$ git clone https://github.com/bettabeta/proofmeta-license-contracts

# 4. wrap an artefact — see examples/ for starting points
Primitive Core → License Contracts →

Low-volume updates as the spec moves. Nothing else. Unsubscribe in one click.