Problems & Solutions
Trust & Identity AI Fakes & Deepfakes Duplicate Accounts & Bots CAPTCHA: Prove You're Human Passwords, Spam & Phishing
Content & Discovery Invisible Content Data You Don't Own Better Apps Don't Win
Control & Freedom Censorship & Manipulation Platform Lock-in Cognitive Decline & Feeds Internet Centralization
Comparisons
IPFS Nostr ActivityPub AT Protocol ToIP Secure Scuttlebutt Qortal HyperMesh BitTorrent
Framework
Economy Trust Security Governance Database Identity Verification Why Nothing Less Works
Docs FAQ Roadmap About
Join us on Discord

Atlas Envelope

An envelope is a self-describing, signed data record. It carries its Schema.org type, authorship proof, and enough context for any app to validate it without prior coordination.

Envelopes are the atomic unit of data in Atlas. Everything that enters a registry, travels between peers, or gets ranked by a Guide is an envelope.

Structure

At minimum an envelope contains a signature and a data payload. The data field holds a Schema.org object with @context and @type.

Create Envelope (minimum)
{
  "signature": "<falcon-signature-base64>",
  "data": {
    "@context": "https://schema.org",
    "@type": "Message",
    "text": "Hello, Atlas.",
    "dateSent": "2026-04-02T12:00:00.000Z"
  }
}

Presented Envelope

When a registry returns an envelope it attaches computed metadata: the envelope hash, content hash, author identity, verification status, and the timestamp when it was received.

Presented Envelope (from Registry)
{
  "hash": "<blake3-hex>",
  "contentHash": "<sha256-cid>",
  "authorHash": "<blake3-of-public-key>",
  "authorPublicKey": "<falcon-public-key-base64>",
  "author": {
    "verificationStatus": "VERIFIED",
    "fairShares": 100,
    "competences": [],
    "createdAt": "2026-03-01T00:00:00.000Z"
  },
  "signature": "<falcon-signature-base64>",
  "data": {
    "@context": "https://schema.org",
    "@type": "Message",
    "text": "Hello, Atlas.",
    "dateSent": "2026-04-02T12:00:00.000Z"
  },
  "createdAt": "2026-04-02T12:00:01.000Z"
}
Field Source Description
hash Computed Blake3 of the canonical envelope object. Primary identifier.
contentHash Computed SHA256-CID of the data field alone. Used for content-addressable references.
authorHash Computed Blake3 of the author's public key. Stable identity reference.
authorPublicKey Registry Falcon public key that signed the envelope (base64).
author Registry Author metadata: verification status, FairShares balance, competences.
signature Author Falcon signature over the envelope hash.
data Author Schema.org payload. The @type determines how registries index and process the envelope.
createdAt Registry ISO timestamp of when the registry received the envelope.

Hashing

The envelope hash is computed over a canonical object using safe-stable-stringify for deterministic key ordering, then hashed with Blake3. Null fields are included explicitly — omitting them would change the hash.

Envelope Hash Formula
// Canonical object — deterministically serialized with safe-stable-stringify
const canonical = {
  author: { PublicKey: authorPublicKey },
  contentHash,          // sha256-CID of data field
  data,                 // the Schema.org payload
  encryptedData: null,  // or base64 string
  encryptionNonce: null,
  expiresAt: null,      // or ISO string
  kemCiphertext: null,
  recipientHash: null,  // or blake3 hash of recipient key
};

const envelopeHash = blake3(safeStableStringify(canonical));

Signing

The author signs the Blake3 hash bytes with their Falcon private key (or a delegated key, accompanied by a Permit proof). The signature and data are submitted together — the registry recomputes the hash and verifies before storing.

Signing an Envelope
import { signEnvelope } from "@app_/crypto";

const { signature, contentHash, hash } = await signEnvelope({
  data: {
    "@context": "https://schema.org",
    "@type": "Message",
    "text": "Hello, Atlas.",
    "dateSent": new Date().toISOString(),
  },
  authorPublicKey: session.publicKey,
  privateKey: session.delegatedPrivateKey,
});

Verification

Any party can verify an envelope. If the proofs include a Permit, the delegated key is extracted and verified against the author's root public key. The envelope hash is recomputed and checked against the signature. Expired envelopes are rejected.

Verifying an Envelope
import { verifyEnvelope } from "@app_/crypto";

// Returns { contentHash, hash } on success, throws on failure.
// If proofs contain a Permit, the delegated key is extracted
// and verified against the author's root public key.
const result = await verifyEnvelope(envelope, authorPublicKey, proofs);

Schema.org Types

The data.@type field determines how an envelope is indexed, queried, and processed. Registries specialize by type. Atlas extends Schema.org with additionalType for protocol-specific subtypes.

@type additionalType Purpose
Message Chat messages with optional attachments
SocialMediaPosting Public posts, microblog entries
Article Long-form content
Comment Replies linked to a parent envelope
Person Public profile record
LikeAction Reaction to an envelope
EndorseAction Endorsement of another identity
BefriendAction Friendship / follow request
DataCatalog atlas:registry Registry announcement for discovery
DigitalDocument atlas:fairShares FairShares balance record
MoneyTransfer FairShares transfer between peers
BuyAction atlas:queryUnits Purchase of registry query access
BuyAction atlas:shelterLease Shelter storage lease
ApplyAction atlas:identityVerification Identity verification claim
DeleteAction Request to remove an envelope

Encryption

Envelopes support end-to-end encryption. The data field is replaced with encryptedData, and the recipient is identified by a hash of their public key. Encryption uses ML-KEM (X-Wing) for key encapsulation and AES-256-GCM for the payload.

Encrypted Envelope
{
  "signature": "<falcon-signature-base64>",
  "data": null,
  "recipientHash": "<blake3-of-recipient-public-key>",
  "kemCiphertext": "<ml-kem-encapsulated-key-base64>",
  "encryptedData": "<aes-256-gcm-ciphertext-base64>",
  "encryptionNonce": "<aes-gcm-nonce-base64>",
  "expiresAt": "2026-05-02T12:00:00.000Z"
}
Field Description
recipientHash Blake3 hash of the recipient's public key. Only they can decapsulate.
kemCiphertext ML-KEM (X-Wing) encapsulated symmetric key (base64).
encryptedData AES-256-GCM ciphertext replacing the data field (base64).
encryptionNonce AES-GCM nonce (base64).
expiresAt Optional ISO timestamp. Registry and verifiers reject expired envelopes.

Linking

Envelopes can reference other envelopes via the linksTo field — an array of envelope hashes. Links are directional and stored as relations. Only the author can create links from their envelopes. Targets must already exist.

Envelope with Link
{
  "signature": "...",
  "data": {
    "@context": "https://schema.org",
    "@type": "Comment",
    "text": "Great post."
  },
  "linksTo": ["<hash-of-parent-envelope>"]
}

Creating Envelopes

Envelopes are submitted in batches via POST /envelopes. The registry verifies each signature, checks for duplicates, validates links, and runs type-specific processors before storing.

Creating Envelopes (client)
import { createEnvelopeMethods } from "@app_/registry-client";

const { createSignedEnvelopes } = createEnvelopeMethods(buildHeaders);

// Signs and submits a batch of envelopes in one call.
const { hashes } = await createSignedEnvelopes(registryUrl, [
  { data, authorPublicKey, privateKey },
]);

Querying Envelopes

Registries expose envelopes through typed endpoints with Prisma-style filtering. Query by Schema.org type, author, time range, or fetch a single envelope by hash.

Query Examples
GET /envelopes/type/message?take=20&skip=0 HTTP/2.0

GET /envelopes?where={"data":{"path":["@type"],"equals":"Article"}} HTTP/2.0

GET /envelopes/<hash> HTTP/2.0

Blobs

Binary attachments (images, files) are uploaded separately to /blobs via chunked upload. The registry returns a CID, size, and encoding format. Envelopes reference blobs through contentUrl fields in their data payload (e.g. ImageObject attachments on a Message).

Previous ← Atlas Sign