StreetMP Trust Protocol (STP)
An open, cryptographic specification for AI execution governance certificates. Free to implement. Auditor-readable. Regulatorily-anchored.
STP is to AI governance what TLS is to web traffic: the protocol is free and open, but the infrastructure to issue, verify, and audit STP certificates at scale requires StreetMP OS. Every AI inference through StreetMP OS automatically produces an STP/1.0 certificate — tamper-evident, privacy-preserving, and independently verifiable by any third party.
Overview
Each AI execution through the StreetMP OS router produces exactly one STP Execution Certificate. The certificate is issued as the final step of the pipeline — after policy evaluation, PII scrubbing, NeMo safety analysis, and trust scoring — and is stored in a tamper-evident in-memory ledger anchored to the Merkle tree.
The certificate is designed around a single principle: prove that a computation was governed, without revealing what was computed. No prompt text, no response text, and no user-identifiable content is ever present in an STP certificate.
Certificate Schema
Globally unique, non-guessable identifier for this AI execution. Generated using 10 random bytes (80-bit entropy). Format: exec_ + 20 hex chars.
e.g. exec_a3f8c2d1e94b7056
UTC timestamp of certificate issuance. Precision to milliseconds.
e.g. 2026-04-01T07:14:32.004Z
Global Trust Score. Computed from: model safety tier, RBAC permissions exercised, consensus result, NeMo evaluation, and prompt firewall signals.
e.g. 87.3
Human-readable trust classification. PLATINUM (≥90) · GOLD (≥75) · SILVER (≥50) · BRONZE (≥25) · CRITICAL (<25).
e.g. GOLD
The AI model identifier used for this execution. Drawn from the Smart Router selection or tenant-specified override.
e.g. gpt-4o
AI provider. One of: openai · anthropic · google · streetmp (on-prem).
e.g. openai
AWS region or on-prem zone where inference was executed. Enforced by Regional Router against tenant data_sovereignty_region.
e.g. ap-southeast-1
and policy tags that were active during this execution. Empty array for unconstrained executions.
e.g. ["MAS_TRM_9.2_AI_GOVERNANCE","V74_CONSENSUS_REQUIRED"]
HMAC-SHA256 of the canonical payload: execution_id|issued_at|trust_score|compliance_flags|region|model|provider. Field order is fixed. Verifiable with the published signing key root.
e.g. 3a7f1c9d…
The first 12 uppercase hex characters of zk_signature. Human-readable short form for comparison in audit logs.
e.g. 3A7F1C9D4B2E
STP v1.0.0 — schema version stable. Non-breaking additions may be added in minor versions.
Trust Bands
trust_score ≥ 90
All security subsystems passed. Consensus reached. NeMo safety clear.
trust_score ≥ 75
Standard execution. Minor risk signals present but within policy bounds.
trust_score ≥ 50
Elevated risk. On-prem fallback or reduced model trust tier.
trust_score ≥ 25
Significant risk signals. Human review recommended.
trust_score < 25
Policy violation or tampered signature. Execution should be quarantined.
ZK Signature Verification
The zk_signature is an HMAC-SHA256 computed over the canonical payload — a deterministic string constructed from all certificate fields in fixed order. Any field mutation invalidates the signature. The signing key root is published in the STP governance registry.
// Canonical payload — field order is FIXED
const payload = [
`execution_id=${cert.execution_id}`,
`issued_at=${cert.issued_at}`,
`trust_score=${cert.trust_score}`,
`compliance_flags=${cert.compliance_flags.sort().join(",")}`,
`region=${cert.region}`,
`model=${cert.model}`,
`provider=${cert.provider}`,
].join("|");
const expected = createHmac("sha256", SIGNING_KEY_ROOT)
.update(payload)
.digest("hex");
const valid = (expected === cert.zk_signature);Merkle Tree Anchoring
Every STP certificate is appended to a per-tenant, per-day SHA-256 Merkle tree (engine). The tree produces a single merkle_root that CISOs can publish out-of-band (email digest, blockchain anchor) as proof that no receipts were deleted, inserted, or reordered after the fact.
# Leaf hash formula (idempotent, collision-resistant)
leaf_hash = SHA256(receipt.signature + "|" + receipt.timestamp)
# Internal node formula
node = SHA256(left_child + right_child)
# Root = top of tree. Changes if any leaf mutations.
Threat mitigated: log deletion · log insertion · reordering · post-hoc forgery
Privacy Model — What Is Never Included
Public API Reference
/api/v1/public/verify/{hash}Look up a certificate by Merkle leaf hash (64-char hex) or execution ID (exec_*).
/api/v1/public/verifyReturns STP ledger health — total certificates issued, active Merkle trees, and spec link.
/api/v1/verify/{execution_id}(Authenticated) Internal verification with HMAC re-computation against the cert ledger.
// Verify a Merkle leaf hash GET /api/v1/public/verify/a3f8c2d1e94b7056fe3a812c490d67b2e15f9308… // Verify by execution ID GET /api/v1/public/verify/exec_a3f8c2d1e94b7056fe3a // Response — see full schema at /stp#certificate-schema
Compliance Flag Registry (APAC)
The following flags may appear in compliance_flags[] when APAC regulatory frameworks () are active for the executing tenant.
Example Certificate Response
Full response from GET /api/v1/public/verify/exec_*:
{
"success": true,
"verified": true,
"protocol": "STP/1.0",
"lookup_mode": "execution_id",
"status": "SECURE",
"certificate": {
"execution_id": "exec_a3f8c2d1e94b7056fe3a",
"fingerprint": "3A7F1C9D4B2E",
"issued_at": "2026-04-01T07:14:32.004Z",
"trust_score": 87.3,
"trust_band": "GOLD",
"model": "gpt-4o",
"provider": "openai",
"region": "ap-southeast-1",
"compliance_flags": ["MAS_TRM_9.2_AI_GOVERNANCE", "V74_CONSENSUS_REQUIRED"],
"zk_signature": "3a7f1c9d4b2ef839…"
},
"attestation": {
"verified_by": "StreetMP Trust Protocol Kernel v1.0",
"algorithm": "HMAC-SHA256 Canonical Payload",
"verify_timestamp": "2026-04-01T09:01:15.882Z",
"stp_spec": "https://os.streetmp.com/stp"
},
"prompt_retained": false,
"response_retained": false
}Verify a Certificate Now
Paste any STP execution ID or Merkle leaf hash to verify a real governance certificate.