Documentation

Technical reference for the Oversight protocol and its implementations

The protocol specification is the authoritative source for wire-format details, algorithm selection, and conformance requirements. Architecture and API docs cover implementation details for anyone working with the Oversight libraries.

Protocol Specification External

The canonical protocol specification. Defines the container format, algorithm suites, watermarking layers, policy schema, transparency log data structures, and conformance requirements. This is the primary reference for implementors.

Architecture Overview New

High-level architecture document covering the seal/open pipeline, crate structure (Rust), module layout (Python), and the interaction between the client library, CLI, and registry server. Includes component tables and cross-language conformance details.

Security Notes New External

Honest threat-model companion to the spec. Watermark layer survival matrix, L3 semantic watermark safety and document-class defaults, collusion and canonicalization limits, passive beacons as telemetry rather than guarantees, jurisdiction-by-IP as soft policy, and what RFC 3161 timestamps prove.

Registry v1 Spec New External

Registry federation and interoperability specification. Covers the HTTP surface a second operator must implement to run a compatible registry, the signed-manifest handshake, sidecar validation, and the fields needed for cross-operator attribution.

Registry Deployment Updated External

Public-safe deployment notes for the live registry: Compose/Caddy routing, operator token enforcement, DNS event bridge authentication, live conformance checks, and the Python-to-Rust SQLite migration path through oversight-registry --migrate-from and --migrate-dry-run.

Roadmap Updated

Launch plan gated on product usability and threat-model honesty. L3 safety shipped in v0.4.5; the browser inspector now decrypts classic, hybrid, and hardware-suite sample files; the Outlook add-in scaffold landed 2026-05-07; and v0.4.11 closed the Rust/Python/browser hardware-suite reference path. Current main adds live registry deployment config and Rust registry migration tooling. Remaining milestones: a regulated-industry design partner, SOC 2 Type 1 scoping, and a public launch only after a non-technical user experience exists. FedRAMP dropped from near-term planning.

Hardware Keys Guide Trait shipped

Storing Oversight decryption keys on hardware tokens (YubiKey, Nitrokey, OnlyKey). As of v0.4.10 the KeyProvider abstraction and the OSGT-HW-P256-v1 suite are implemented end-to-end in Rust; the PivKeyProvider (PKCS#11 binding) plugs into the same trait as a follow-up. Covers the vendor-neutral setup, on-device key generation, the P-256 curve choice, the threat model, and a deployment checklist.

API Reference New

Python API documentation for oversight_core. Covers seal/open, watermark embedding and recovery, semantic marks, content fingerprinting, ECC, manifest construction, and cryptographic primitives with full function signatures.

CLI Reference New

Full reference for the oversight command-line tool. Documents all subcommands (keygen, seal, open, inspect, attribute), their flags, watermark behavior, and the five-phase forensic attribution pipeline with example workflows.

GUI Guide New

Installation, launch, and walk-through of the v0.4.5 Tkinter desktop starter (oversight gui). Covers the three tabs (Generate Keys, Seal File, Open File), the L3 disclosure prompt, the files the seal path writes, private-key hardening on POSIX, troubleshooting, and implementation notes.

Watermark Resilience Analysis New

Technical analysis of watermark resilience against stripping attacks. Covers the attack taxonomy, per-layer survival, ECC protection, content fingerprinting, information-theoretic capacity bounds, the No Free Lunch theorem, and honest limitations.

Performance Evaluation New

Performance characteristics of the Oversight pipeline. Covers seal/open throughput, watermark embedding overhead, file size impact, fingerprint computation cost, Python vs Rust comparison, and registry query latency.

SIEM Integration New External

Export Oversight beacon events to Splunk HEC, Microsoft Sentinel, or an Elastic Common Schema stack. Covers the oversight siem export CLI, the event field dictionary, the Sentinel HMAC signing recipe, and the honest beacon-absence caveat that every dashboard needs to respect.

Sealed File Inspector New

Drag-drop a .sealed file to parse the container, verify the issuer's Ed25519 signature in the browser via WebCrypto, and see the manifest, watermarks, beacons, and policy. Optional registry lookup for recipients who want a provenance confirmation. Nothing leaves your device unless you click a registry button.

Mobile Verifier New

The Flutter and Rust mobile verifier shares the desktop CLI's verification core via flutter_rust_bridge, so a manifest that opens on a laptop opens the same way on a phone. Status, architecture, the reproducible-builds plan, and how to track the TestFlight and Android beta. Source on GitHub at oversight-protocol/oversight-mobile.