·Bridges

Standards Satsignal anchors around.

Satsignal is not a replacement for content provenance, code signing, supply-chain attestation, observability, or agent-tool transport. It is the external time-and-integrity layer those standards leave open. Each section below is one standard, what it does well, and the bridge pattern that lets a Satsignal proof sit alongside it — not in front of it.

01The principle

Complement. Don’t compete.

Each of the five standards on this page does work Satsignal deliberately does not do. C2PA carries signed authorship metadata inside media files. Sigstore signs code with short-lived certificates against a transparency log. SLSA defines the rigor of build-provenance attestations. OpenTelemetry carries structured traces, metrics, and logs through observability pipelines. MCP exposes tools and data to AI agents over a common transport. Satsignal does one thing those standards leave open: anchor a hash of any artefact, manifest, or event bundle to a public chain so the commitment to those bytes is externally verifiable at chain time, without trusting the producer’s own clock. (The proof shows the bytes existed by the block timestamp — not authorship, and not that the underlying event happened then.)

The bridge for each standard is the same shape: take the canonical bytes the standard already produces, hash them, and record that hash in a Satsignal proof. The standard’s own semantics are preserved; the new fact added is independent timing. The destination of every bridge is the same canonical object — see the canonical proof model.

02C2PA — content provenance

External timing for signed content credentials.

C2PA (the Coalition for Content Provenance and Authenticity) binds signed provenance metadata to media files — images, video, audio, documents — with hard hashes and soft watermarks. Its conformance program and trust list are maturing into a governance layer for who can issue credentials.

The gap. A C2PA manifest is signed by the producer at the producer’s wall-clock time. Anyone verifying the manifest trusts the producer’s clock and the trust-list revocation state at verification time.

The bridge. Anchor the canonical bytes of the C2PA manifest (or the assertion store hash) as a Satsignal proof. The chain timestamp is now externally verifiable: regardless of what the producer’s clock said, the manifest existed by the time of the on-chain transaction. A worked sample is one of the five live chain-anchor-v1 demonstrations on BSV.

03Sigstore — keyless code signing

A second, independent chain reference for high-assurance code.

Sigstore signs software artefacts using short-lived certificates issued by Fulcio against an OIDC identity, and publishes each signature to Rekor — an append-only transparency log. For most software, that log is sufficient: it is operated by the Linux Foundation under a stated set of trust assumptions.

The gap. The trust assumption is that Rekor itself is operated and witnessed correctly. For artefacts where the cost of a successful log compromise is catastrophic, defenders ask for a second, independent witness with different trust assumptions.

The bridge. Anchor the canonical bytes of a Rekor inclusion proof, or the cosign attestation digest, as a Satsignal proof. The resulting evidence packet has two independent timestamping witnesses — Rekor and a public blockchain — whose compromises are not correlated.

04SLSA — supply-chain provenance

The attestation is the canonical fact. The chain anchor makes its timing public.

SLSA (Supply-chain Levels for Software Artifacts) is a framework for describing how rigorously a build was produced. The canonical SLSA provenance attestation captures the builder, the source repository, the build invocation, the materials, and the resulting artefacts.

The gap. SLSA provenance is signed by the builder. Its timing relies on the builder’s clock or the signing-time asserted in the attestation.

The bridge. Treat the SLSA provenance attestation as the satsignal.provenance.v1 payload, with source.type = slsa-provenance. The Satsignal proof records the attestation existed at chain time and binds it to the artefact hash. SLSA defines what gets attested; Satsignal makes when it was attested independently checkable.

05OpenTelemetry — observability

Marked spans become anchored evidence.

OpenTelemetry is the open standard for traces, metrics, and logs. Its GenAI semantic conventions (still in development status) cover agent runs, model identifiers, evaluations, and tool calls. Trace data normally flows to backends like Jaeger, Tempo, Honeycomb, or Datadog — not to a public chain.

The gap. Traces are private operational telemetry. They are excellent for diagnosis and incident response and poor for external evidence: the trace store is operated by you, and an external auditor cannot tell whether spans were added, rewritten, or filtered before the audit.

The bridge. The satsignal-otel adapter watches for spans annotated with satsignal.anchor=true and emits a Satsignal proof over the canonical bytes of that span. The trace itself stays in your observability backend; the chain proof shows that the trace existed in that form at the recorded time.

06MCP — agent tool transport

One of many tools an MCP-enabled agent can use.

MCP (the Model Context Protocol) is the open transport standard for exposing tools, data sources, and prompts to AI agents. LangChain, Claude, and other agent frameworks document MCP as the cross-framework integration layer for tool access.

The gap. MCP does not define what any individual tool does; it defines how tools are exposed. An agent using MCP needs concrete tools to do useful work.

The bridge. The satsignal-mcp server exposes five tools over MCP stdio — anchor_file, anchor_text, anchor_json, lookup_hash, and verify_bundle. An MCP-enabled agent can call these directly to commit a decision, anchor a tool result, or verify a counterparty’s bundle in the middle of a run, without leaving the agent’s transport layer.

07What “complement” means

The line we don’t cross.

Each bridge above adds external timing and integrity to an artefact the standard already produces. None of them replaces the standard’s own semantics. C2PA is still the source of truth for content provenance metadata. Sigstore is still the source of truth for keyless signing identity. SLSA is still the source of truth for what build-rigor level applies. OpenTelemetry is still the source of truth for traces. MCP is still the transport. Satsignal anchors hashes; it does not parse, validate, or interpret what is inside them. See what a proof proves for the canonical scope statement.