# OpenWarrant

> Document-authenticity verification for the AI era. Give it a document (PDF or image) and it
> tells you whether the document is *true* — not whether AI made it. Delivered as one open,
> rate-limited API verb **and** MCP servers, built for autonomous agents and developers. It
> rates authenticity signals (tampering, AI-generation, arithmetic, provenance); it does NOT
> decide fraud and emits no 0–100 score — a human or agent makes the call. Use the `www.`
> host (a POST through the apex redirect 405s).

## What it does

AI has made fake documents trivial to produce, so "was this made by AI?" is a losing arms
race. OpenWarrant asks a different question — **is this document true?**: does the math
reconcile, do figures agree across documents, are the entities real, does the provenance hold
up. That catches a forgery whether it came from AI, Photoshop, or by hand — because a
fabricated payslip is caught by *not adding up*, regardless of how it was made.

Every result has **two orthogonal axes** (don't conflate them):
- `risk_band` — authenticity risk: `low | medium | high | insufficient | error`
- `inspection_quality` — how completely it could be inspected: `complete | limited | degraded`

…plus a `recommended_action` to branch on, and per-signal `evidence`. A clean phone photo of
a *real* payslip is often `low`-risk but `limited`-coverage — that's coverage, not tampering.
Every flag comes with a human-readable explanation; there is intentionally no opaque score.

## Who it's for

Anyone who makes a decision on a document a stranger submitted: non-bank lenders, insurers,
property managers, finance/AP teams, mortgage lenders, and HR & recruitment. Supported
document types include payslips, bank statements, tax returns, employment letters, invoices,
ID documents, utility bills, and business registrations.

## API

Base URL: `https://www.stipple.sh`. Anonymous: **20 documents/day per IP**. With a free API key
(`POST /v1/keys` → `Authorization: Bearer stp_...`): **50/day** on your own quota,
metered via `GET /v1/usage`. Burst guard ~10 at a time; max upload 25 MB.

- `POST https://www.stipple.sh/v1/warrants` — inspect a document (multipart `file` or JSON `bytes_b64`; `?stream=1` SSE lifecycle stream; `?fresh=1` to bypass the content-hash cache)
- `GET https://www.stipple.sh/v1/warrants/check?sha256=<64-hex>` — has this exact document already been inspected?
- `GET https://www.stipple.sh/v1/warrants/<id>` — retrieve a stored warrant (`?format=md` for Markdown)
- `GET https://www.stipple.sh/v1/warrants/<id>/report.pdf` — branded, audit-ready PDF report
- `POST https://www.stipple.sh/v1/warrants/<id>/feedback` — thumbs up/down on a rating (`{"verdict":"up"|"down"}`)
- `POST https://www.stipple.sh/v1/detect-ai-text` — probability a document's prose was AI-written (multipart `file`, or JSON `text`/`bytes_b64`/`url`); abstains on non-prose
- `POST https://www.stipple.sh/v1/verify-references` — check a document's citations + internal math (JSON `text`/`bytes_b64`/`url` or multipart `file`; `?deep=1` web claim-entailment; `?stream=1` SSE)
- `POST https://www.stipple.sh/v1/classify` — FINANCIAL document-type classification (payslip / tax_invoice / bank_statement / salary_certificate / payg_summary / receipt + country + confidence; abstains below threshold; multipart `file` or JSON `bytes_b64`/`url`)
- `POST https://www.stipple.sh/v1/feedback` — thumbs up/down for the stateless tools (`{"tool":"detect_ai_text"|"verify_references"|"classify_document","verdict":"up"|"down"}`)
- `POST https://www.stipple.sh/v1/keys` — create a free API key (`{"email": "..."}`; the key is returned ONCE)
- `GET https://www.stipple.sh/v1/usage` — metered usage for your key (send `Authorization: Bearer stp_...`)
- `GET https://www.stipple.sh/health` — liveness + engine version
- `https://www.stipple.sh/w/<id>` — human-readable shareable permalink

## MCP server (for agents & developers)

**One server, the full suite**: `https://www.stipple.sh/mcp` (Model Context Protocol, Streamable HTTP). Any
MCP-capable client (Claude Desktop, Claude Code, Cursor, your own agent) gets every tool with
one install. Hosted, same engine + rate limits:

- `verify_document(url | bytes_b64, filename)` — forensic authenticity inspection.
- `classify_document(url | bytes_b64, filename)` — FINANCIAL document-type classification
  (payslip / tax_invoice / bank_statement / salary_certificate / payg_summary / receipt) with
  country + confidence; abstains rather than guesses. Type only, not authenticity.
- `detect_ai_text(text | url | bytes_b64)` — probability a document's prose was AI-written,
  with the tells; abstains on forms/tables.
- `verify_references(url | text | bytes_b64, deep)` — citations resolve & match
  (arXiv/web/Wayback), internal math recomputed, unsupported/contradicted claims flagged;
  returns a shareable fact-check `permalink`. Reports COVERAGE, not truth.
- `check_document(sha256)`, `get_warrant(id)`, `submit_feedback(id, verdict)`.

All document tools take a public `url` directly (SSRF-guarded server-side fetch) — the cheapest
call when the document is public. Add it with
`claude mcp add --transport http openwarrant https://www.stipple.sh/mcp`, or
`{"mcpServers":{"openwarrant":{"type":"http","url":"https://www.stipple.sh/mcp"}}}`. (Scoped legacy servers
`/mcp-aitext` and `/mcp-verify` still serve existing installs.) A **local stdio** server also
mirrors `/mcp` to keep documents on your machine and verify a local `path` or `url` directly —
point it here with `OPENWARRANT_BASE_URL=https://www.stipple.sh`.

Full setup and the tool reference are in the agent guide.

## Docs

- [Agent guide](https://www.stipple.sh/agents.md): full endpoint + two-axis schema reference, a worked example, rate limits, and etiquette.