CPoE
Cryptographic authorship witnessing for writers and creators

CPoE is a cryptographic engine and CLI that produces independently verifiable, tamper-evident process evidence constraining when and how a document could have been created. It implements the draft-condrey-rats-pop IETF protocol specification.

This monorepo contains the full CPoE ecosystem:

The three library crates are split by compilation target:

• cpoe-jitter compiles to no_std (bare-metal, embedded microcontrollers with no OS)
• cpoe-protocol compiles to wasm32 (browser extensions for client-side evidence verification)
• cpoe-engine compiles to native only (requires OS APIs: CGEventTap, TPM, SQLite, Unix sockets)

Dependencies flow one direction: engine -> protocol -> jitter. Merging them would break WASM and embedded compilation.

macOS (Homebrew):

brew install writerslogic/tap/writerslogic

Windows (Scoop):

scoop bucket add writerslogic https://github.com/writerslogic/scoop-bucket
scoop install writerslogic

Linux / macOS (script):

curl -sSf https://raw.githubusercontent.com/writerslogic/cpoe/main/apps/cpoe_cli/install.sh | sh

From source:

cargo install --git https://github.com/writerslogic/cpoe --bin cpoe

# Start tracking a document
cpoe essay.md

# Create a checkpoint
cpoe commit essay.md -m "first draft complete"

# View history
cpoe log essay.md

# Export cryptographic evidence (.cpoe)
cpoe export essay.md -t 2

# Verify evidence
cpoe verify essay.cpoe

Run cpoe with no arguments for an interactive menu, or cpoe --help for full command reference.

All commands support --json for machine-readable output and --quiet for silent operation.

Add to your Cargo.toml:

[dependencies]
cpoe_engine = { git = "https://github.com/writerslogic/cpoe", branch = "main" }

writerslogic/
├── crates/
│   ├── cpoe_engine/    High-performance cryptographic engine
│   │   └── src/
│   │       ├── analysis/   Signal analysis and behavioral metrics
│   │       ├── anchors/    Blockchain and timestamp anchoring
│   │       ├── crypto/     Cryptographic primitives
│   │       ├── evidence/   Evidence export/verify
│   │       ├── forensics/  Authorship analysis
│   │       ├── ipc/        Inter-process communication
│   │       ├── keyhierarchy/ Key derivation and ratcheting
│   │       ├── platform/   OS-specific code (macOS, Linux, Windows)
│   │       ├── sentinel/   Real-time monitoring
│   │       ├── rfc/        RFC wire types
│   │       ├── tpm/        TPM 2.0 / Secure Enclave
│   │       └── vdf/        Verifiable Delay Functions
│   ├── cpoe_protocol/  PoP wire format (CBOR/COSE)
│   └── cpoe_jitter/    Hardware timing entropy
├── apps/
│   ├── cpoe_cli/       Command-line interface
│   ├── cpoe_macos/     Native macOS app (submodule)
│   └── cpoe_windows/   Native Windows app (submodule)
└── docs/              Schemas, specs, and user guides

cargo test --workspace           # Run all tests
cargo test -p cpoe-engine --lib   # Fast engine tests (~1020 tests)
cargo clippy --workspace -- -D warnings  # Lint (zero warnings maintained)
cargo fmt --all -- --check       # Format check
cargo audit && cargo deny check  # Security audit

Anyone can verify .cpoe evidence packets — no account or software required:

• Web: Upload at writerslogic.com/verify
• CLI: cpoe verify proof.cpoe

Verification checks the checkpoint chain, Ed25519 signatures, VDF timing proofs, and behavioral consistency. It runs entirely client-side — your evidence is never uploaded to our servers.

CPoE is designed with a strictly offline-first and privacy-preserving architecture. Core witnessing, keystroke capture, and evidence generation occur entirely on your local machine.

The applications interact with the following external domains for specific enhanced features:

• Verification Portal (writerslogic.com/verify): Browser-based tool for verifying .cpoe evidence packets. Runs client-side; evidence data is never uploaded.
• Attestation API (writerslogic.com/api): Used for Tier 3 and Tier 4 evidence to request anti-replay nonces and receive cloud-signed attestation certificates.
• Schema Registry (protocol.writerslogic.com): Hosts JSON schemas and DID resolution data for protocol compliance.

For a detailed breakdown, see the Privacy & External Interactions Wiki.

See SECURITY.md for the security policy.

@article{condrey2026writerslogic,
  title={CPoE: Proof-of-process via Adversarial Collapse},
  author={Condrey, David},
  journal={arXiv preprint arXiv:2602.01663},
  year={2026},
  doi={10.48550/arXiv.2602.01663}
}

Abstract: Digital signatures prove key possession but not authorship. We introduce proof-of-process — a mechanism combining jitter seals, Verifiable Delay Functions, timestamp anchors, keystroke validation, and optional hardware attestation.

— arXiv:2602.01663 [cs.CR]

Licensed under AGPL-3.0-only. See individual component licenses in the table above.