TRUECAST is an instrument for measuring character identity from real pixels. The current build supports image identity, Soul-or-Skin style separation, and C2PA integrity. Production authorization, payments, and audio/video identity are explicitly incomplete.
In agent-to-agent commerce, one agent generates and another consumes — and the
consumer has no reason to trust "this is the canonical character," or to notice when an asset is
quietly passing off a character it has no right to. screen(asset) measures any asset
against the registry of locked characters and returns one of:
Every consistency / authenticity / infringement verdict is computed by
deterministic code — embedding extraction, cosine similarity, nearest-neighbor search, fixed
empirically-calibrated thresholds, and signature verification — over real pixels and
real cryptographic material. A language model may only route a request, classify an image's type
to pick a backend, and narrate a finished verdict. An LLM never produces, estimates, or adjusts
a score, a match, a pass/fail, an authorized/unauthorized call, or a signature check. The
harness reproduces every score with the LLM fully disconnected (verify.py --phase 3).
A commercially-clean, multi-model ensemble: AuraFace is required for real-human identity; DINOv3 is required for stylized/non-human identity; DreamSim and OpenCLIP provide cross-checks. The engine withholds when the required backend is unavailable. ArcFace/insightface pretrained bundles never run on the commercial path.
analyze_identity_style(character_id, asset) reuses the locked
identity ensemble for Soul. Skin is computed separately from channel moments and compact
Gram/covariance statistics over intermediate DINOv3/OpenCLIP patch features, plus a low-level
rendering-statistics read. A decisive two-of-three consensus is required; sparse, unstable,
missing, or near-threshold evidence returns below_confidence. A style result never
rescues a failed identity result.
attest_origin(asset) validates Content Credentials and reads the
standard C2PA digitalSourceType: camera capture, trained-algorithmic media, or an
AI-edited composite. The result separately reports manifest integrity, signature validity, and
whether the signer is trusted. An unsigned or metadata-stripped image returns
unknown; EXIF hints are displayed only as editable, unverified context.
| Tool | Input | Output | Price | What it does |
|---|---|---|---|---|
| screen(asset, character_id?) | any image (+ optional declared id) | verdict, matches_registered_character, character_id, similarity, authorized, duplicate_of, evidence | 0.02 | THE FACE — measure any asset against the registry for unauthorized use / impersonation. |
| lock_character(reference_images[], rules, license_terms, image_type_hint?) | reference images + policy | character_id | 0.25 | Compute + store multi-model reference embeddings; add to the registry; anchor spec-hash. |
| get_spec(character_id) | character_id | the locked spec to read before generating | 0.005 | Cheap, to drive adoption. |
| verify(character_id, asset) | character_id + asset | verdict, scores{per_model}, model_used, drift_details, c2pa_status, provenance_receipt | 0.02 | The consistency workhorse; localizes drift. |
| verify_sequence(character_id, asset[]) | character_id + a sequence | per-asset verdicts + which shot broke | 0.05 | Continuity across a comic / video / campaign set. |
| analyze_identity_style(character_id, asset) | character_id + asset | separate Soul/Skin scores, quadrant, restraint, license_compliant | 0.04 | Measure identity and rendering style independently for transformation licensing. |
| enforce(character_id, asset, max_attempts?) | character_id + drifted asset | final_asset, verdict, attempts — or flagged_unfixable | 0.10 | Premium: re-roll drifted assets via hosted FLUX, then re-verify. Never a false fix. |
| authenticate(asset) | asset | is_authentic, character_id, issuing_agent, unaltered, c2pa_valid, lineage[] | 0.02 | Anti-impersonation, claim-side: looks right AND signed + unaltered. |
| attest_origin(asset) | image asset | origin, status, AI/camera booleans, source types, actions, trust/integrity evidence | 0.01 | Read signed camera/AI/composite origin; unsigned media remains unknown. |
| get_lineage(asset_hash) | asset_hash | the parent-hash chain from X Layer | 0.01 | Chain of custody, survives handoffs. |
| sign_asset(character_id, asset) | character_id + asset | C2PA manifest attached + provenance record written | 0.03 | For agents that already trust their own output. |
GET /v1/signals/schema
POST /v1/signals
{"asset_base64":"<base64 PNG/JPEG>","filename":"asset.png","character_id":null}
ProvenanceRecords accumulate off-chain and are committed to X Layer mainnet (Chain ID 196) as Merkle roots — cost scales with batches, not assets; each asset keeps an off-chain proof against the on-chain root. A metadata-stripped re-upload stays provable because the anchor is keyed on the decoded-pixel hash, not the file bytes. Lineage walks a parent-hash chain so custody A→B→C survives handoffs.
The harness runs real logic on real inputs and prints per-criterion PASS/FAIL:
python verify.py --phase 1 # routed embedding engine (which backend fired + the cosine) python verify.py --phase 2 # thresholds calibrated from measured TAR/FAR + restraint layer python verify.py --phase 3 # verify() end-to-end + DETERMINISM proof (identical score, LLM off) python verify.py --phase 4 # verify_sequence — localizes the exact broken shot python verify.py --phase 5 # integrity proof; exits non-zero until identity binding is complete python verify.py --phase 6 # X Layer Merkle anchoring + lineage (mainnet write on a funded wallet) python verify.py --phase 6.5 # registry proof; exits non-zero until production authorization exists python verify.py --phase 7 # enforce / re-roll loop; real hosted FLUX re-roll, anti-false-fix proof python verify.py --phase 8 # official x402 local proof; non-zero until external settlement python verify.py --phase 9 # attest_origin — signed camera/AI/composite evidence, unsigned stays unknown python verify.py --phase 10 # Soul-or-Skin two-axis identity/style separation (local calibration)