The product
A cryptographic opt-out registry for AI training.
Publishers register their training preferences. Labs query a single API at training-data ingestion to honor them with audit-defensible evidence. Anyone can verify any record without trusting Akaeon.
What it is
For a lab
The registry is one HTTPS GET per domain at training-data ingestion. The response is a bundle whose every cryptographic claim is checkable in standard-library Node.js against the public Arweave network — three checks, no SDK, no proprietary cryptography. No required ongoing relationship with us beyond initial credentialing.
For a publisher
The registry is a cryptographically-signed, third-party-timestamped, publicly-anchored record of intent. Submit an opt-out, prove domain control with a DNS challenge, receive a public Arweave transaction ID. The record is independently verifiable forever — by any lab, court, or auditor — without us in the loop.
The four properties that hold the system up
01
Independent timestamping
Timestamps come from Arweave block inclusion, not from our clock. The lab cannot be accused of trusting our word about when an opt-out was effective. We cannot backdate. We cannot forward-date.
02
Independent verifiability
The verifier runs against the public Arweave network using standard-library Ed25519. No Akaeon code in the verify path. If we disappear, every record ever issued still checks.
03
Tamper-evident chain
The cryptographic link from publisher intent to anchored record is unbreakable. A challenger cannot manufacture a plausible alternative record after the fact. The substrate’s design prevents it.
04
Key-rotation handling
Old records remain verifiable against the keypair that signed them, indefinitely. New records anchor under the current key. Rotation events are themselves anchored to Arweave.
The architecture in one diagram
Architecture
┌────────────────────────────────────────────────────────────────────────┐
│ CONSUMERS │
│ │
│ ┌─────────────────────────────┐ ┌─────────────────────────────┐ │
│ │ Stelais (in production) │ │ Akaeon Registry (building)│ │
│ │ │ │ │ │
│ │ stelais-web ──▶ stelais- │ │ akaeon-registry │ │
│ │ api │ │ (publisher submit + lab │ │
│ │ │ │ lookup) │ │
│ └──────────────┬──────────────┘ └──────────────┬──────────────┘ │
│ │ │ │
│ │ app='stelais' │ app='akaeon- │
│ │ prefix='stelais:proof:v1' │ registry' │
│ ▼ ▼ │
│ ┌──────────────────────────────────────────────────────────────────┐ │
│ │ @akaeon/core-* (brand-neutral primitives — shared) │ │
│ │ │ │
│ │ core-arweave core-verification core-fingerprinting │ │
│ │ ────────── ─────────────── ──────────────── │ │
│ │ canonical Ed25519 sign / SimHash · pHash · │ │
│ │ payload verify · key audio constellation │ │
│ │ cost est. encryption · │ │
│ │ canonical msg core-watermarking │ │
│ │ ──────────────── │ │
│ │ DCT · LSB embed │ │
│ └────────────────────────────────┬─────────────────────────────────┘ │
│ │ │
└────────────────────────────────────┼───────────────────────────────────┘
▼
┌────────────────────────────────────────────────────────────────────────┐
│ Arweave │
│ permanent · public · third-party-operated trust root │
│ │
│ per-record tx today │ Merkle-root tx (registry) │
│ (Stelais creator proofs) │ (batched publisher opt-outs) │
└─────────────────────────────────┬──────────────────────────────────────┘
│
▼ canonical payload (public GET)
┌────────────────────────────────────────────┐
│ Third-party verifier │
│ AI lab · court · auditor · competitor │
│ · reads Arweave tx OR /public/verify/:id │
│ · runs Ed25519.verify with no registry │
│ code in the verify path │
└────────────────────────────────────────────┘
Brand-neutral primitives in the middle. Both consumers (Stelais and the registry) call them with their own parameters. Underneath: Arweave, the public, third-party-operated trust root. Verifiers — labs, courts, auditors — read directly from Arweave.
One record, end to end
A publisher submits an opt-out for example-publisher.com. They publish a DNS TXT challenge to prove control. We sign their declaration (Ed25519 over a canonical UTF-8 message). The signed record is included in a Merkle batch, the root is anchored to Arweave, and the publisher receives a public transaction ID and an inclusion proof.
At training-data ingestion, a lab calls GET /v1/lookup/example-publisher.com. The response contains the canonical payload, the registry’s signature, the Arweave transaction ID, and the inclusion proof. The lab’s audit log gets one row. The verification — Ed25519, SHA-256, Merkle proof check — runs as three independent checks in standard-library Node.js.