Skip to main content
ProvenanceKit is a monorepo of composable packages. Each layer builds on the one below it. You only need to include what your use case requires.

Package map

Base layer

These packages have no ProvenanceKit dependencies — they are the foundation everything else builds on.
PackagenpmDescription
@provenancekit/eaa-typesPure TypeScript types + Zod schemas for Entity, Action, Attribution
@provenancekit/contractsSolidity contracts for on-chain provenance recording
@provenancekit/storagePluggable storage: in-memory, MongoDB, Supabase/Postgres
@provenancekit/indexerIndex on-chain events back into queryable off-chain records

Extension layer

Domain-specific semantics that augment any EAA record.
PackagenpmDescription
@provenancekit/extensions15 typed extension schemas (AI, licensing, git, media, authorization, x402, …)
@provenancekit/paymentsRevenue splitting based on provenance graph (USDC, ERC-20)
@provenancekit/privacySelective disclosure, Pedersen commitments, encrypted storage
@provenancekit/gitGit commit → provenance action bridge
@provenancekit/mediaC2PA content credentials for images and video

Platform layer

Fully operational services built on top of the packages.
ComponentDescription
provenancekit-apiREST API — manages entities, actions, attributions, API keys, orgs, projects
provenancekit-appNext.js dashboard — manage projects, API keys, view provenance analytics
@provenancekit/sdkFramework-agnostic client SDK — wraps the API in a typed, ergonomic interface
@provenancekit/uiReact component library — ProvenanceBadge, ProvenanceGraph, ProvenanceBundleView

Data flow

Your app

  ├─ @provenancekit/sdk        ← TypeScript client (optional — you can call the API directly)


provenancekit-api              ← Single source of truth for provenance data
  │                               Exposes /v1/* (provenance) and /management/* (control plane)
  ├─ @provenancekit/storage    ← Persists EAA records (Postgres/Supabase default)

  └─ EVM chain (optional)      ← On-chain anchoring via ProvenanceRegistry contract

        └─ @provenancekit/indexer  ← Reads chain events back into the API's DB

Two API namespaces

The API exposes two distinct namespaces with separate auth:
NamespaceAuthPurpose
/v1/*pk_live_ API key (per-project)Record provenance, query records
/management/*MANAGEMENT_API_KEY + X-User-IdCreate orgs, projects, manage keys
provenancekit-app is a thin UI shell — it has no database of its own. All data lives in provenancekit-api.

Minimal usage (no API)

If you only need to work with provenance data types locally — for example in a pipeline or offline tool — you can use the packages directly: 
import { EntitySchema, ActionSchema, AttributionSchema } from "@provenancekit/eaa-types";
import { aiExtension } from "@provenancekit/extensions";
import { MemoryProvenanceStorage } from "@provenancekit/storage";

const storage = new MemoryProvenanceStorage();

const entity = EntitySchema.parse({ id: "ent_1", role: "human", name: "Alice" });
const action = ActionSchema.parse({
  id: "act_1",
  type: "file.create",
  performedBy: "ent_1",
  inputs: [],
  outputs: [{ cid: "bafy..." }],
  extensions: { "ext:ai@1.0.0": aiExtension.parse({ provider: "openai", model: "gpt-4o" }) },
  timestamp: new Date().toISOString(),
});

await storage.storeAction(action);
No API, no network — just types and local storage.