Add orynq-ai-auditability community ability

realdecimalist · realdecimalist · commit fa50a7a708df · 2026-04-13T15:59:19.000Z
Creates tamper-proof, blockchain-anchored audit trails for AI conversations using Orynq's Proof-of-Inference protocol. - Builds SHA-256 rolling hash chains where each entry links to the previous one, making any tampering detectable - Uploads trace data to the Materios blob gateway (permissionless, no API key required) - The cert daemon committee (10 independent attestors) verifies data availability and certifies the receipt - Certified receipts are batched into Cardano mainnet anchor transactions (metadata label 8746) Trigger phrases: "audit my AI", "run orynq", "anchor this session", "proof of inference", "blockchain audit", etc. Docs: https://docs.fluxpointstudios.com/materios-partner-chain Explorer: https://materios.fluxpointstudios.com/explorer SDK: https://github.com/flux-point-studios/orynq-sdk
diff --git a/community/orynq-ai-auditability/README.md b/community/orynq-ai-auditability/README.md
@@ -0,0 +1,77 @@
+# Orynq AI Auditability
+
+![Community](https://img.shields.io/badge/OpenHome-Community-orange?style=flat-square)
+![Author](https://img.shields.io/badge/Author-@flux--point--studios-lightgrey?style=flat-square)
+![Cardano](https://img.shields.io/badge/Blockchain-Cardano-blue?style=flat-square)
+
+## What It Does
+
+Creates tamper-proof, blockchain-anchored audit trails for AI conversations using Orynq's Proof-of-Inference protocol. Each message is hashed into a rolling SHA-256 chain and uploaded to the **Materios partner chain**, where a decentralized committee certifies data availability and batches certified receipts into Cardano mainnet anchor transactions.
+
+**No API key or wallet required.** Materios receipt submission is permissionless — the blob gateway accepts uploads from any client.
+
+## Suggested Trigger Words
+
+- "audit my AI"
+- "create audit trail"
+- "blockchain audit"
+- "proof of inference"
+- "verify AI"
+- "AI accountability"
+- "audit this conversation"
+- "run orynq"
+- "anchor this session"
+- "anchor this conversation"
+- "record AI decision"
+- "log this to blockchain"
+- "start audit"
+- "chain of custody"
+
+## Setup
+
+1. Upload the ability to your OpenHome dashboard — it works out of the box
+2. (Optional) Set `MATERIOS_GATEWAY_API_KEY` in `main.py` for higher rate limits
+
+No API key is required for basic operation. The Materios blob gateway accepts uploads from any client.
+
+## How It Works
+
+1. You trigger the ability with a phrase like "audit my AI" or "run orynq"
+2. Speak the messages you want included in the audit trail
+3. Say "done" when finished
+4. The ability builds a SHA-256 rolling hash chain where each entry links to the previous one
+5. The trace is uploaded to the Materios blob gateway (manifest + chunk)
+6. The cert daemon committee (10 independent attestors) verifies the blob
+7. Once certified, the receipt is batched into a Cardano mainnet anchor transaction (label `8746`)
+
+The hash chain is tamper-proof: changing any single entry invalidates all subsequent hashes, making unauthorized modifications detectable.
+
+## Example Conversation
+
+> **User:** "Audit this conversation"
+> **AI:** "I will create a blockchain audit trail for this conversation. Tell me what to include."
+> **User:** "The agent processed 500 claims with a 98.2% accuracy rate"
+> **AI:** "Got it. Say more to add entries, or say done when finished."
+> **User:** "Done"
+> **AI:** "Your 1-entry audit trail was uploaded to Materios. The cert daemon committee will verify it, then it gets batched into a Cardano mainnet anchor automatically."
+
+You can check the status at [materios.fluxpointstudios.com/explorer](https://materios.fluxpointstudios.com/explorer/).
+
+## Why Auditability Matters
+
+As AI systems make increasingly consequential decisions, organizations need provable records of what AI said and when. Traditional logging can be altered. Blockchain anchoring provides:
+
+- **Tamper evidence** - Any modification breaks the hash chain
+- **Independent verification** - Anyone can verify the trail on-chain
+- **Regulatory compliance** - Immutable records for audit requirements
+- **Accountability** - Provable AI decision history
+
+## Technical Details
+
+- **Hash algorithm**: SHA-256 rolling chain
+- **Blockchain**: Cardano mainnet (via Materios batched anchoring, metadata label `8746`)
+- **Partner chain**: [Materios](https://docs.fluxpointstudios.com/materios-partner-chain) — Substrate chain with 10-member attestation committee
+- **Auth**: Permissionless (optional API key for higher rate limits)
+- **Gateway**: `materios.fluxpointstudios.com/blobs` — blob storage + manifest API
+- **Explorer**: [materios.fluxpointstudios.com/explorer](https://materios.fluxpointstudios.com/explorer/)
+- **SDK**: [orynq-sdk](https://github.com/flux-point-studios/orynq-sdk)
diff --git a/community/orynq-ai-auditability/__init__.py b/community/orynq-ai-auditability/__init__.py
diff --git a/community/orynq-ai-auditability/main.py b/community/orynq-ai-auditability/main.py
@@ -0,0 +1,261 @@
+import hashlib
+import json
+import time
+from typing import Optional
+
+import requests
+from src.agent.capability import MatchingCapability
+from src.agent.capability_worker import CapabilityWorker
+from src.main import AgentWorker
+
+# =============================================================================
+# Orynq AI Auditability Ability
+#
+# Creates tamper-proof, blockchain-anchored audit trails for AI conversations
+# using Orynq's Proof-of-Inference protocol. Builds SHA-256 rolling hash
+# chains and anchors them to the Materios partner chain.
+#
+# Materios receipt submission is PERMISSIONLESS — no API key required.
+# The blob gateway accepts sr25519-signed uploads, and MATRA tokens for
+# TX fees are available from the on-chain faucet.
+#
+# An optional API key provides higher gateway rate limits but is not
+# required for any operation.
+# =============================================================================
+
+# --- Materios partner chain configuration ---
+MATERIOS_GATEWAY_URL = "https://materios.fluxpointstudios.com/blobs"
+MATERIOS_GATEWAY_API_KEY = ""  # Optional — sr25519 auth works without it
+
+EXIT_WORDS = {"stop", "exit", "quit", "done", "cancel", "bye", "goodbye", "leave", "nothing"}
+
+
+class OrynqAiAuditabilityCapability(MatchingCapability):
+    worker: AgentWorker = None
+    capability_worker: CapabilityWorker = None
+
+    # Do not change following tag of register capability
+    # {{register_capability}}
+
+    def call(self, worker: AgentWorker):
+        self.worker = worker
+        self.capability_worker = CapabilityWorker(self)
+        self.worker.session_tasks.create(self.run())
+
+    def _log_info(self, msg: str):
+        if self.worker:
+            self.worker.editor_logging_handler.info(msg)
+
+    def _log_error(self, msg: str):
+        if self.worker:
+            self.worker.editor_logging_handler.error(msg)
+
+    def _is_exit(self, text: Optional[str]) -> bool:
+        return (text or "").lower().strip() in EXIT_WORDS
+
+    def _build_hash_chain_entry(
+        self,
+        role: str,
+        content: str,
+        previous_hash: str,
+        sequence: int,
+    ) -> dict:
+        """Build a single entry in the rolling SHA-256 hash chain."""
+        timestamp = time.strftime("%Y-%m-%dT%H:%M:%SZ", time.gmtime())
+        payload = json.dumps(
+            {
+                "seq": sequence,
+                "role": role,
+                "content": content,
+                "prev": previous_hash,
+                "ts": timestamp,
+            },
+            sort_keys=True,
+            separators=(",", ":"),
+        )
+        entry_hash = hashlib.sha256(payload.encode("utf-8")).hexdigest()
+        return {
+            "seq": sequence,
+            "role": role,
+            "content_hash": hashlib.sha256(content.encode("utf-8")).hexdigest(),
+            "chain_hash": entry_hash,
+            "previous_hash": previous_hash,
+            "timestamp": timestamp,
+        }
+
+    def _build_trace_content(self, trace: list[dict]) -> bytes:
+        """Serialize the trace into canonical JSON bytes for blob storage."""
+        return json.dumps(trace, sort_keys=True, separators=(",", ":")).encode("utf-8")
+
+    def _compute_content_hash(self, content: bytes) -> str:
+        """SHA-256 hash of raw content bytes."""
+        return hashlib.sha256(content).hexdigest()
+
+    # -----------------------------------------------------------------
+    # Materios submission: blob upload -> receipt (permissionless)
+    # -----------------------------------------------------------------
+    def _submit_to_materios(self, trace: list[dict]) -> Optional[dict]:
+        """Submit audit trail to Materios blob gateway.
+
+        Flow: upload manifest + chunk to gateway -> the cert daemon committee
+        discovers the blob, verifies integrity, and attests availability.
+        Certified receipts are batched into Cardano L1 anchor transactions.
+
+        No API key required — the gateway accepts uploads from any client.
+        An optional API key provides higher rate limits.
+        """
+        try:
+            content = self._build_trace_content(trace)
+            content_hash = self._compute_content_hash(content)
+            chunk_hash = self._compute_content_hash(content)
+
+            headers = {"Content-Type": "application/json"}
+            if MATERIOS_GATEWAY_API_KEY:
+                headers["x-api-key"] = MATERIOS_GATEWAY_API_KEY
+
+            # Step 1: Upload manifest (declares the blob structure)
+            manifest = {
+                "chunks": [
+                    {"index": 0, "sha256": chunk_hash, "size": len(content)}
+                ],
+                "total_size": len(content),
+            }
+            manifest_resp = requests.post(
+                MATERIOS_GATEWAY_URL + "/" + content_hash + "/manifest",
+                headers=headers,
+                json=manifest,
+                timeout=30,
+            )
+            if manifest_resp.status_code not in (200, 201, 409):
+                self._log_error(
+                    "[OrynqAudit] Manifest upload failed: "
+                    + str(manifest_resp.status_code) + " " + manifest_resp.text[:200]
+                )
+                return None
+            self._log_info("[OrynqAudit] Manifest uploaded: " + content_hash[:16] + "...")
+
+            # Step 2: Upload chunk data (the actual trace content)
+            chunk_headers = {"Content-Type": "application/octet-stream"}
+            if MATERIOS_GATEWAY_API_KEY:
+                chunk_headers["x-api-key"] = MATERIOS_GATEWAY_API_KEY
+
+            chunk_resp = requests.put(
+                MATERIOS_GATEWAY_URL + "/" + content_hash + "/chunks/0",
+                headers=chunk_headers,
+                data=content,
+                timeout=30,
+            )
+            if chunk_resp.status_code not in (200, 201, 409):
+                self._log_error(
+                    "[OrynqAudit] Chunk upload failed: "
+                    + str(chunk_resp.status_code) + " " + chunk_resp.text[:200]
+                )
+                return None
+            self._log_info("[OrynqAudit] Chunk uploaded: " + str(len(content)) + " bytes")
+
+            return {
+                "path": "materios",
+                "content_hash": content_hash,
+                "status": "uploaded",
+                "gateway": MATERIOS_GATEWAY_URL,
+                "entry_count": len(trace),
+                "anchor_hash": trace[-1]["chain_hash"] if trace else "",
+            }
+
+        except Exception as e:
+            self._log_error("[OrynqAudit] Materios submission error: " + str(e))
+            return None
+
+    async def _collect_messages(self) -> list[tuple]:
+        """Collect user messages for the audit trail."""
+        await self.capability_worker.speak(
+            "Got it. I will include your messages in the audit trail. "
+            "Say more to add entries, or say done when finished."
+        )
+
+        first_input = await self.capability_worker.user_response()
+        if not first_input or self._is_exit(first_input) or first_input.lower().strip() == "done":
+            return []
+
+        messages = [("user", first_input)]
+
+        while True:
+            next_input = await self.capability_worker.user_response()
+            if not next_input or self._is_exit(next_input):
+                break
+            if next_input.lower().strip() == "done":
+                break
+            messages.append(("user", next_input))
+            count = str(len(messages))
+            await self.capability_worker.speak(
+                "Added. " + count + " messages in the trail so far. Say done to finalize."
+            )
+
+        return messages
+
+    async def _speak_result(self, result: Optional[dict], trace: list[dict]):
+        """Speak the anchoring result to the user."""
+        trace_len = str(len(trace))
+
+        if not result:
+            anchor_hash = trace[-1]["chain_hash"]
+            await self.capability_worker.speak(
+                "I built a " + trace_len + "-entry hash chain but could not upload to the gateway. "
+                "Your local anchor hash is " + anchor_hash[:16] + ". You can retry later."
+            )
+            return
+
+        content_hash = str(result.get("content_hash", ""))[:16]
+        response_text = self.capability_worker.text_to_text_response(
+            "Summarize for voice: an audit trail with " + trace_len + " entries was uploaded "
+            "to the Materios blob gateway. Content hash is " + content_hash + ". "
+            "The cert daemon committee will verify the blob, then it gets certified and "
+            "batched into a Cardano mainnet anchor transaction automatically. "
+            "You can check status at materios.fluxpointstudios.com/explorer. One sentence."
+        )
+        await self.capability_worker.speak(response_text)
+
+    async def run(self):
+        try:
+            await self.capability_worker.speak(
+                "I will create a blockchain audit trail for this conversation. "
+                "Your messages will be hashed into a tamper-proof chain and "
+                "anchored to the Materios partner chain, which certifies it and "
+                "batches it into a Cardano mainnet transaction. "
+                "Tell me what to include in the audit trail."
+            )
+
+            messages_to_audit = await self._collect_messages()
+
+            if not messages_to_audit:
+                await self.capability_worker.speak("No messages to audit. Cancelling.")
+                return
+
+            # Build the rolling hash chain
+            trace = []
+            previous_hash = "0" * 64  # genesis hash
+            seq = 0
+            for role, content in messages_to_audit:
+                entry = self._build_hash_chain_entry(role, content, previous_hash, seq)
+                trace.append(entry)
+                previous_hash = entry["chain_hash"]
+                seq += 1
+
+            trace_len = str(len(trace))
+            await self.capability_worker.speak(
+                "Built a " + trace_len + "-entry hash chain. "
+                "Uploading to Materios for certified anchoring."
+            )
+
+            result = self._submit_to_materios(trace)
+            await self._speak_result(result, trace)
+
+        except Exception as e:
+            self._log_error("[OrynqAudit] Unexpected error: " + str(e))
+            if self.capability_worker:
+                await self.capability_worker.speak(
+                    "Sorry, something went wrong creating the audit trail. Please try again."
+                )
+        finally:
+            if self.capability_worker:
+                self.capability_worker.resume_normal_flow()
