Hash-only authorization · witness receipts · provenance signals

Consent becomes live infrastructure.

LOOPtLOOP is a lightweight witness substrate for hash-only private authorization and live provenance loops. The current public prototype proves a narrow claim: a private payload can remain private while a third party witnesses the hash, consent envelope, timing, and signature-bound receipt.

API base Public repo Related games repo

What this is

LOOPtLOOP turns two bounded claims into inspectable public infrastructure. First, a receipt can witness a private authorization by hash without receiving the private payload. Second, a visible provenance loop can prove that a recording showed a live code, countdown, and verification URL during capture.

The service begins simply: hash locally, witness narrowly, verify explicitly, keep private payloads private. More ambitious loop ideas may come later, but this public prototype stays inside the claims the API actually makes today.

WitnessKey

Private Authorization Witness

A participant creates private authorization cleartext locally. The browser hashes it. LOOPtLOOP witnesses only the hash and consent envelope. Later, the receipt can be verified without revealing the private payload.

Provenance

Visible Live Video Loop

A video can visibly record itself participating in a live loop: Loop ID, rotating code, countdown, and verification URL. Minimal first claim: this frame carried a valid live provenance signal.

Current scope

Explicit Status Boundaries

The current prototype is intentionally narrow. Offers can be created, accepted, rejected, or expired, and provenance loops can be active, expired, or closed. Broader revocation and loop-governance ideas remain future work.

🝳

Glyph

🝳 means loop: relation with return.

LOOPtLOOP uses 🝳 as the public mark for a bounded loop: a relation that can be opened, witnessed, checked again, and kept legible across handoffs. It is not merely recurrence. It is a path that returns with evidence, timing, and accountability.

For humans: 🝳 marks a bounded relation that remains alive enough to be checked.

For machines: 🝳 denotes a loop object whose origin, status, and witness claims should be inspected before reliance.

For artifacts: 🝳 points to provenance, consent conditions, and the witness record that makes the artifact admissible in context.

Canonical glyph reference: shimmerymemory.com/glyphs#loop.

Human API notes

The API lives at https://api.looptloop.online/v0. The public source lives at github.com/bobrs/LOOPtLOOP.

The most important invariant: private payload stays private. Clients should hash private payloads locally and send only hash-bound witness metadata unless a future endpoint explicitly declares otherwise.

Core endpoints

POST /v0/authorization-offers
GET  /v0/authorization-offers/:offer_id
POST /v0/authorization-offers/:offer_id/accept
POST /v0/authorization-offers/:offer_id/reject
GET  /v0/authorization-events/:event_id
GET  /v0/authorization-events/:event_id/verify

POST /v0/provenance-loops
GET  /v0/provenance-loops/:loop_id
GET  /v0/provenance-loops/:loop_id/current

Quick request shape

Create an authorization witness offer using a local hash. Do not send the private cleartext.

curl https://api.looptloop.online/v0/authorization-offers \
  -H "content-type: application/json" \
  -d '{
    "issuer": {"name": "WitnessKey", "origin": "https://witnesskey.online"},
    "event_type": "private_authorization_witnessed",
    "payload_hash": "sha256:<local-hash>",
    "payload_label": "optional human label",
    "declared_roles": ["human_authorizer", "ai_agent_actor"],
    "consent_prompt": "Do you consent to witness this private authorization by hash?",
    "return_url": "https://witnesskey.online/receipt-pending"
  }'

Related Public Experiments

LOOPtLOOP can serve as a witness and provenance substrate for experiments in _internal_games_project. Related surfaces can request witness receipts, show provenance overlays, verify outcomes, and treat consent as an explicit boundary rather than a hidden side effect.

Game witness events

Players, agents, or game objects can create witness receipts for private or public actions without exposing hidden context.

Live provenance play

Recorded sessions can carry visible rotating loop codes so video can participate in its own provenance claim.

Consent-aware mechanics

Today the public API can witness hash-only authorization, accept or reject an offer, and verify the resulting receipt. More elaborate loop-state mechanics remain future work.

Machine-readable instructions

Machines should treat this page as a public manifest. A full JSON manifest is embedded in script#looptloop-machine-manifest, and JSON-LD API metadata is embedded in script#looptloop-jsonld.

{
  "api_base": "https://api.looptloop.online/v0",
  "public_repository": "https://github.com/bobrs/LOOPtLOOP",
  "games_repository": "https://github.com/bobrs/_internal_games_project",
  "machine_instruction": "Do not send private payloads. Hash locally. Witness narrowly. Verify explicit status before reliance."
}

Operating principles

Witness claims are bounded. A witness can verify its witness function without claiming truth, legal identity, authorship, or action completion.

Private payload stays private. Hash locally and send only the consent envelope and sha256: payload hash for authorization witness flows.

Rely only on explicit evidence. Verification and status should be checked directly; do not enlarge the claim past what the API actually returns.