an open protocol for signing the provenance of AI-assisted code. Every AI-generated change, release manifest, commit envelope, or SBOM can be signed by an Ed25519 identity and verified offline with one command (matrixscroll verify exits 0 on success, 2 on any failure — tampering, missing signature, wrong schema, etc., so you can pipe it straight from CI).