TRUECAST — Docs & Integration

TRUECAST is an instrument for measuring character identity from real pixels. The current build supports image identity, Soul-or-Skin style separation, and C2PA integrity. Production authorization, payments, and audio/video identity are explicitly incomplete.

SCREEN — the flagship

In agent-to-agent commerce, one agent generates and another consumes — and the consumer has no reason to trust "this is the canonical character," or to notice when an asset is quietly passing off a character it has no right to. screen(asset) measures any asset against the registry of locked characters and returns one of:

The Determinism Law (stated openly)

Every consistency / authenticity / infringement verdict is computed by deterministic code — embedding extraction, cosine similarity, nearest-neighbor search, fixed empirically-calibrated thresholds, and signature verification — over real pixels and real cryptographic material. A language model may only route a request, classify an image's type to pick a backend, and narrate a finished verdict. An LLM never produces, estimates, or adjusts a score, a match, a pass/fail, an authorized/unauthorized call, or a signature check. The harness reproduces every score with the LLM fully disconnected (verify.py --phase 3).

The routed engine

A commercially-clean, multi-model ensemble: AuraFace is required for real-human identity; DINOv3 is required for stylized/non-human identity; DreamSim and OpenCLIP provide cross-checks. The engine withholds when the required backend is unavailable. ArcFace/insightface pretrained bundles never run on the commercial path.

The honest C2PA limit

C2PA proves which cryptographic credential signed an asset and whether its protected bytes changed. It does NOT prove the content is real, that a manifest identity string belongs to the signer, or that the signer owns an ERC-8004 identity. Development signatures are integrity evidence only and cannot authorize an asset.

Soul or Skin — two independent axes

analyze_identity_style(character_id, asset) reuses the locked identity ensemble for Soul. Skin is computed separately from channel moments and compact Gram/covariance statistics over intermediate DINOv3/OpenCLIP patch features, plus a low-level rendering-statistics read. A decisive two-of-three consensus is required; sparse, unstable, missing, or near-threshold evidence returns below_confidence. A style result never rescues a failed identity result.

Camera or AI — origin evidence, not a visual guess

attest_origin(asset) validates Content Credentials and reads the standard C2PA digitalSourceType: camera capture, trained-algorithmic media, or an AI-edited composite. The result separately reports manifest integrity, signature validity, and whether the signer is trusted. An unsigned or metadata-stripped image returns unknown; EXIF hints are displayed only as editable, unverified context.

A2MCP tool reference

NOT YET PAID/LISTED: the official OKX x402 middleware and challenge contract are implemented but remain disabled until credentials and an external USDT settlement are proven. A2MCP registration, gas sponsorship, and real ERC-8004 Agent binding are incomplete. The table below is a proposed contract with indicative prices.
ToolInputOutputPriceWhat it does
screen(asset, character_id?)any image (+ optional declared id)verdict, matches_registered_character, character_id, similarity, authorized, duplicate_of, evidence0.02THE FACE — measure any asset against the registry for unauthorized use / impersonation.
lock_character(reference_images[], rules, license_terms, image_type_hint?)reference images + policycharacter_id0.25Compute + store multi-model reference embeddings; add to the registry; anchor spec-hash.
get_spec(character_id)character_idthe locked spec to read before generating0.005Cheap, to drive adoption.
verify(character_id, asset)character_id + assetverdict, scores{per_model}, model_used, drift_details, c2pa_status, provenance_receipt0.02The consistency workhorse; localizes drift.
verify_sequence(character_id, asset[])character_id + a sequenceper-asset verdicts + which shot broke0.05Continuity across a comic / video / campaign set.
analyze_identity_style(character_id, asset)character_id + assetseparate Soul/Skin scores, quadrant, restraint, license_compliant0.04Measure identity and rendering style independently for transformation licensing.
enforce(character_id, asset, max_attempts?)character_id + drifted assetfinal_asset, verdict, attempts — or flagged_unfixable0.10Premium: re-roll drifted assets via hosted FLUX, then re-verify. Never a false fix.
authenticate(asset)assetis_authentic, character_id, issuing_agent, unaltered, c2pa_valid, lineage[]0.02Anti-impersonation, claim-side: looks right AND signed + unaltered.
attest_origin(asset)image assetorigin, status, AI/camera booleans, source types, actions, trust/integrity evidence0.01Read signed camera/AI/composite origin; unsigned media remains unknown.
get_lineage(asset_hash)asset_hashthe parent-hash chain from X Layer0.01Chain of custody, survives handoffs.
sign_asset(character_id, asset)character_id + assetC2PA manifest attached + provenance record written0.03For agents that already trust their own output.

Paid SCREEN request schema

GET /v1/signals/schema
POST /v1/signals
{"asset_base64":"<base64 PNG/JPEG>","filename":"asset.png","character_id":null}

On-chain methodology

ProvenanceRecords accumulate off-chain and are committed to X Layer mainnet (Chain ID 196) as Merkle roots — cost scales with batches, not assets; each asset keeps an off-chain proof against the on-chain root. A metadata-stripped re-upload stays provable because the anchor is keyed on the decoded-pixel hash, not the file bytes. Lineage walks a parent-hash chain so custody A→B→C survives handoffs.

Reproduce every claim

The harness runs real logic on real inputs and prints per-criterion PASS/FAIL:

python verify.py --phase 1   # routed embedding engine (which backend fired + the cosine)
python verify.py --phase 2   # thresholds calibrated from measured TAR/FAR + restraint layer
python verify.py --phase 3   # verify() end-to-end + DETERMINISM proof (identical score, LLM off)
python verify.py --phase 4   # verify_sequence — localizes the exact broken shot
python verify.py --phase 5   # integrity proof; exits non-zero until identity binding is complete
python verify.py --phase 6   # X Layer Merkle anchoring + lineage (mainnet write on a funded wallet)
python verify.py --phase 6.5 # registry proof; exits non-zero until production authorization exists
python verify.py --phase 7   # enforce / re-roll loop; real hosted FLUX re-roll, anti-false-fix proof
python verify.py --phase 8   # official x402 local proof; non-zero until external settlement
python verify.py --phase 9   # attest_origin — signed camera/AI/composite evidence, unsigned stays unknown
python verify.py --phase 10  # Soul-or-Skin two-axis identity/style separation (local calibration)