# Sorcha
> Cryptographic proof infrastructure for multi-party workflows. Every action is wallet-signed, every record is Merkle-chained, every disclosure is cryptographically bounded. Built for AI systems that need verified data inputs to make automated decisions.

## Capabilities
- Verifiable credentials: SD-JWT VC issuance, presentation, and revocation per W3C Verifiable Credentials Data Model 2.0
- HAIP-aligned exchange: OpenID4VCI issuer, OpenID4VP verifier, IETF Token Status List 2024 publishing
- Distributed registers: append-only transaction logs with Merkle-chained dockets, peer replication, validator consensus
- HD wallets: BIP32 / BIP39 / BIP44 with Sorcha-specific purpose derivation paths and per-slot key isolation
- Post-quantum cryptography: ML-DSA (FIPS 204) signatures and ML-KEM (FIPS 203) key encapsulation as core; classical co-key at the HAIP wire boundary per HAIP 1.0
- Selective disclosure: JSON Pointer paths with per-recipient symmetric key wrapping; the platform cannot read data it was not given the key for (architectural, not policy)
- MCP server: 36 tools across admin, designer, and participant slices for AI-driven workflow automation
- Multi-tenant authentication: OAuth 2.0 / JWT Bearer with role-based access control and platform-org topology

## Standards
- BIP32: https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki
- BIP39: https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki
- BIP44: https://github.com/bitcoin/bips/blob/master/bip-0044.mediawiki
- ML-DSA (FIPS 204): https://csrc.nist.gov/pubs/fips/204/final
- ML-KEM (FIPS 203): https://csrc.nist.gov/pubs/fips/203/final
- OpenID4VCI: https://openid.net/specs/openid-4-verifiable-credential-issuance-1_0.html
- OpenID4VP: https://openid.net/specs/openid-4-verifiable-presentations-1_0.html
- HAIP 1.0: https://openid.net/specs/openid4vc-high-assurance-interoperability-profile-1_0.html
- W3C Verifiable Credentials Data Model 2.0: https://www.w3.org/TR/vc-data-model-2.0/
- IETF Token Status List 2024 (RFC 9972): https://datatracker.ietf.org/doc/html/rfc9972
- W3C Bitstring Status List: https://www.w3.org/TR/vc-bitstring-status-list/
- DID (W3C): https://www.w3.org/TR/did-core/
- OAuth 2.0: https://datatracker.ietf.org/doc/html/rfc6749

## Links
- OpenAPI: /.well-known/openapi.json
- OpenAPI (YAML): /.well-known/openapi.yaml
- MCP manifest: /.well-known/mcp.json
- Quickstart: https://github.com/Sorcha-Platform/Sorcha/blob/master/docs/quickstart.md
- Architecture: https://github.com/Sorcha-Platform/Sorcha/blob/master/docs/architecture.md
- STANDARDS.md: https://github.com/Sorcha-Platform/Sorcha/blob/master/STANDARDS.md
- llms-full.txt: https://github.com/Sorcha-Platform/Sorcha/blob/master/docs/llms-full.txt