What does the Content Provenance Agent do?

Given a SHA-256 digest of any content (image, video, document, audio, code, anything) and a declaration of its creation source (human-original, AI-generated, or AI-assisted hybrid), the agent anchors the digest plus declared metadata to the Knox event chain and returns a self-authenticating provenance bundle: the Knox anchor record, a C2PA-aligned envelope, and an FRE 902(13)/(14)-shape affidavit. Every anchor is hashed, sequence-numbered, hourly-Merkle-aggregated, and published to the Bitcoin blockchain via the OpenTimestamps protocol. The receipt is independently verifiable without contacting Bonis Systems.

Why does cryptographic provenance matter for AI-generated content?

Because the U.S. legal system grants no rights at all to purely AI-generated work, the cryptographic provenance is the only IP any creator gets. For AI-generated content, the anchored receipt is what stands between the creator and complete IP nakedness. Beyond that, the EU AI Act Article 50 mandates labeling of AI-generated content; California AB 853 and similar state laws require disclosure; U.S. advertising-disclosure expectations are tightening around AI-generated content (the FTC's 16 CFR Part 255 endorsement guides and 2023 staff guidance on AI claims set the federal direction); and platforms increasingly require C2PA Content Credentials. Provenance is the substrate every regulator and platform is converging on.

What about human-created content?

Anchoring serves a different purpose for purely human work. U.S. copyright vests automatically — that's the law, not the receipt. But enforcement requires registration, and most creators skip registration until disputes arise. The anchored receipt establishes priority of creation in a tamper-evident, third-party-verifiable form: a photographer who anchors a raw file at capture time has cryptographic proof their photo predates any later AI lookalike. That's an entirely new defensive primitive against deepfake impersonation.

What about hybrid (human + AI) work?

U.S. copyright can attach to the human-authored portions of a hybrid work — the text, the arrangement, the selection — even when the AI portions are not copyrightable (Zarya of the Dawn, 2023). To assert that human authorship in a copyright proceeding, creators need evidence of the human creative process. The agent's hybrid mode anchors that evidence: prompt iterations, edit-chain history, declared human contribution, declared AI contribution. The anchored bundle strengthens the creator's copyright case where rights exist, and provides the only available evidence chain where they don't.

How is this different from C2PA / Adobe Content Credentials?

C2PA (Coalition for Content Provenance and Authenticity, the W3C industry standard adopted by Adobe, Microsoft, the major camera makers, and increasingly the AI labs) signs provenance at the capture device or generation tool. That signer is the device manufacturer or the model provider — not the creator. If the signer goes offline, the chain breaks. Bonis is structurally compatible — the agent emits a C2PA-aligned envelope subset — but adds creator-side anchoring on top of (or independent of) any C2PA signer, plus a long-term Bitcoin-anchored verification path that survives any individual signer going offline.

What is in the C2PA-aligned envelope?

The envelope is a subset of the C2PA 1.x specification — the parts that map cleanly onto a single creation-event anchor. It contains: a claim block (title, instance ID bound to the Knox anchor, claim_generator metadata, format), a list of assertions (c2pa.created with digital_source_type; one of c2pa.ai_model / c2pa.hybrid_authorship / c2pa.capture depending on the source mode; and c2pa.hash.data with the content SHA-256), and a Knox binding (anchor ID, payload hash, sequence number, timestamp, verify URL). Full C2PA support — manifest store, ingredient hashes, transcoding chain, etc. — is a larger build; the subset shipped here is honest about scope and is C2PA-compatible at the level a verifier can compare claim hashes to the Knox anchor.

What does the agent NOT do?

It does not adjudicate authorship. It does not grant copyright. It does not enforce any intellectual-property claim. It does not access third-party content-credential systems without authorization. It does not undertake any disruption, sabotage, or counter-action against any party. It does not issue verdicts on whether a creator is the true creator — it records what the creator presents and produces a receipt. Sanctions enforcement is reserved to the U.S. Treasury; copyright determinations are reserved to the U.S. Copyright Office and the courts; admissibility in any matter is reserved to the presiding authority. Bonis Systems is the evidence layer underneath those determinations, not in place of them.

Is the agent defensive only?

Yes. The agent reads what the creator presents (the SHA-256 digest plus declared metadata; the content itself is not transmitted) and produces an anchored receipt. It does not access third-party systems without authorization, does not generate or modify content, and does not undertake any active operation outside its own anchoring chain. The Knox primitive itself is a record-only layer — no actuation, no enforcement, no offensive function. The defensive-only doctrine binds this agent the same way it binds the rest of Bonis AAM.

Knox · Content provenance

Cryptographic proof of when you made what you made.

Q: Is this copyright?

No. The agent does not grant copyright. In the United States, copyright vests automatically on original works of authorship fixed in a tangible medium — that arises by operation of law, not by anchoring. Purely AI-generated content is currently not copyrightable in the U.S. (Thaler v. Perlmutter, 2023 D.C. district / affirmed 2025; U.S. Copyright Office Compendium §313.2), so for AI-generated work no copyright exists. The agent provides the cryptographic provenance — proof of when content existed in what form — that the legal system increasingly requires alongside or in place of copyright. It is the receipt that the legal effect depends on, not the legal effect itself.

POST a SHA-256 digest plus a declaration of how the content was created. Get back a Knox anchor, a C2PA-aligned envelope, and an FRE 902(13)/(14)-shape affidavit. The receipt is verifiable on the Bitcoin blockchain via OpenTimestamps without contacting Bonis Systems. Three creation modes: human-original, AI-generated, and AI-assisted hybrid.

SHA-256 anchoredKnox event chainBitcoin / OpenTimestampsC2PA-aligned envelopeFRE 902(13)/(14) architectural fitMCP-callableNo customer account required

TL;DR

Bonis is the evidence layer underneath the legal effect.

Three modes. human_original for original capture / writing / recording; ai_generated for model output (model + prompt + parameters anchored); ai_assisted_hybrid for human-AI collaboration with edit chain.
Defensive only. The agent does not adjudicate authorship, does not grant copyright, and does not enforce any intellectual-property claim. It records, timestamps, and produces independently verifiable receipts.
For AI work, this is the only IP available. Purely AI-generated content is not copyrightable in the U.S. (Thaler v. Perlmutter, 2023 D.C. district / affirmed 2025). The anchored receipt is the only evidence chain creators have.
For human work, this is deepfake-defense. A photographer who anchors a raw file at capture time has cryptographic proof their photo predates any later AI lookalike.
For hybrid work, this strengthens copyright. Anchored prompt iterations + edit-chain history are exactly what the Copyright Office wants to see when evaluating whether human authorship exists.
C2PA-aligned, not C2PA-replacing. Output envelope is a subset of the C2PA 1.x spec — compatible at the level a verifier can compare claim hashes to the Knox anchor. Adds Bitcoin-block-header durability on top of any C2PA signer.

Endpoints

Two ways to call. Same primitive.

HTTP REST: POST https://bonissystems.com/api/knox/agents/content-provenance. Body is JSON with name, contentHash (SHA-256, 64 lowercase hex chars), optional contentType + sizeBytes, and a source field (one of human_original, ai_generated, ai_assisted_hybrid). Mode-specific metadata under ai, hybrid, or human.

MCP server: POST https://bonissystems.com/api/knox/agents/content-provenance/mcp. JSON-RPC 2.0 over Streamable HTTP per MCP specification 2025-03-26. Tools: anchor_creation, verify_provenance. Standard methods: initialize, ping, tools/list, tools/call.

Verification: GET https://bonissystems.com/api/knox/verify?hash=<payload_hash>. Public. No authentication. Returns the anchor record, predecessor hash, and the OpenTimestamps proof reference.

Authentication: an auto-seeded public-demo Knox API key is provisioned on first call. No customer account required at the demo tier. Bearer Knox keys are honored on the Authorization header for tier upgrades.

What the bundle contains

Knox anchor + C2PA envelope + affidavit. All three from one call.

Knox anchor record

id, hash (SHA-256 payload commitment), previousHash, sequence number, timestamp (UTC), and a verifyUrl at /api/knox/verify?hash=…. The payload hash is rolled into Knox's hourly Merkle aggregation and submitted to the Bitcoin blockchain via OpenTimestamps. Independently verifiable.

C2PA-aligned envelope (subset of C2PA 1.x)

A claim block (title, instance ID bound to the Knox anchor, claim_generator, format), assertions (c2pa.created with digital_source_type; one of c2pa.ai_model / c2pa.hybrid_authorship / c2pa.capture; and c2pa.hash.data), and a Knox binding. Full manifest store + ingredient hashes are deferred to a follow-up build; this is honestly labeled “subset” and is C2PA-compatible at the verifier-level.

FRE 902(13)/(14)-shape affidavit

Plain-English affidavit declaring the content hash, declared source, anchor identifiers, predecessor hash, sequence, and verify URL. Includes the explicit disclaimer that Bonis Systems does not adjudicate authorship, does not grant copyright, and does not enforce any IP claim. Architected to satisfy FRE 902(13) / 902(14) self-authentication — admissibility in any given matter remains a determination of the presiding court.

Posture

Provenance, not copyright. Evidence, not rights.

U.S. copyright vests automatically on original works of authorship fixed in a tangible medium — that arises by operation of law, not by anchoring. Bonis Systems does not grant copyright on a hash. What the agent provides is the cryptographic provenance — proof of when content existed in what form — that the legal system increasingly requires alongside or in place of copyright as AI-generated content proliferates.

For purely AI-generated work, no copyright exists in the U.S. (Thaler v. Perlmutter, 2023 D.C. district / affirmed 2025; U.S. Copyright Office Compendium §313.2). The anchored receipt is the only evidence chain available. For human-authored work, the receipt is supplementary — copyright already exists by law; anchoring provides priority-of-creation evidence and deepfake-impersonation defense. For hybrid work, the receipt strengthens the case for human authorship by capturing the prompt iterations, edit history, and arrangement decisions the Copyright Office wants to see.

Defensive only

The agent reads what the creator presents and produces an anchored receipt. It does not access third-party content-credential systems without authorization, does not generate or modify content, does not undertake any disruption of any external system, and does not issue verdicts beyond the literal content-hash + creator- declared-source binding. Authorship determinations are reserved to the U.S. Copyright Office and the courts; AI-content disclosure determinations to the FTC, EU AI Act regulators, and state authorities; admissibility in any matter to the presiding court. Bonis Systems is the evidence layer underneath them, not in place of them.