About ProvenanceOS
Software now decides what we drive, what we get approved for, and what news we see. We built ProvenanceOS so every team can answer one question with certainty: where did this code come from?
Mission
ProvenanceOS exists to make software origin a first-class, auditable signal for regulated engineering teams. In 2025 it became trivial to generate code with AI, but almost impossible to tell afterward which parts were AI-generated, which were copied from a public repo, and which were written by a human. For regulated industries, that opacity is a blocker. For everyone else, it's a slow-burn liability. Our mission is to close that gap with statistical evidence that survives an audit — not a flag in a comment, not a vibes-based review.
Current product stage — early access
ProvenanceOS is in early access. We ship honestly against a public capability registry so a qualified visitor can tell what exists today, what is rolling out, and what is planned. Scan intake is live now; AI-origin scoring, lineage, policy, and compliance reports are rolling out in phases.
Available now
- Scan intake (shipped)
Rolling out
- AI-origin detection (all 47 signal types) (rolling out)
- Policy engine (log & warn actions) (rolling out)
- SOC 2 compliance reports (rolling out)
Planned
- Dependency lineage mapping (npm, PyPI, Maven) (planned)
- Policy engine (block & require-review actions) (planned)
- EU AI Act & GDPR compliance reports (planned)
- SBOM generation & validation (planned)
- SLSA Level 3 provenance attestation (planned)
- SSO / SAML (Okta, Azure AD, Google) (planned)
- HIPAA compliance reports (planned)
- Slack & webhook integrations (planned)
- Real-time monitoring & drift detection (planned)
- Enterprise deployment (SCIM, log streaming, single-tenant VPC) (planned)
Capability status is sourced from src/config/feature-availability.ts — the same registry the homepage, pricing, and changelog read from.
Design partner invitation
We are looking for a small number of design partners — security, engineering, GRC, and legal teams who want to shape the policy engine, the dependency-lineage output, and the compliance-report format before general availability. Design partners get direct founder access, a configured scan pipeline for their repositories, and a say in what ships next. If that is useful, request early access and tell us what you would build first.
Who operates ProvenanceOS
ProvenanceOS is a product of Developer312, a one-person software studio focused on supply-chain integrity and AI-governance tooling. Developer312 is the legal operator and developer of the ProvenanceOS service; the ProvenanceOS brand and product are the studio's supply-chain-integrity line of business. Customer data is processed under Developer312's privacy policy and terms of service.
Founder
Edward Brooks is an AV systems engineer and software builder. He designs and ships ProvenanceOS end to end — the scan intake pipeline, the dependency and vulnerability analysis, the policy model, and the public trust surface. His engineering background spans audio-visual systems integration and full-stack software, with a focus on supply-chain integrity, least-privilege data handling, and evidence-first claims. He is also the author of the Imani series.
Reach the founder directly through contact or read more on the About page.