Core concepts

A small vocabulary covers everything Monolith does.

Fingerprint

A fingerprint is a SHA-256 hash of a file’s exact bytes, expressed as a 0x-prefixed 64-character lowercase hex string.

0xabcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789

Two files with the same bytes share a fingerprint. A single bit changed produces a completely different fingerprint. Monolith identifies content by fingerprint only — your file never leaves your device unless you choose to share it publicly.

For images, Monolith additionally computes a perceptual hash (pHash) — a 0x-prefixed 16-char hex value — to detect near-duplicates after re-encoding.

Mark

A Mark is your creative identity on Monolith — the persistent envelope of information that travels with every Artifact you create. A Mark carries your custom details (display name, license, AI training preference, links).

A Mark is about authorship, not ownership.

A Mark carries:

• visibility — public or private. Public Marks appear in the discovery gallery; private Marks are visible only to members.
• license — display info (name + URL); inherited by every Artifact.
• licenseKey — machine-readable identifier (e.g. CC-BY-4.0, CC0-1.0, MIT, UNLICENSED).
• allowAiTraining — true, false, or null (unspecified). Inherited by every Artifact. Lets creators opt in or out of AI training datasets.
• admin — the user with full Mark control.
• owner — the user who personally owns the Mark (null for organization-owned Marks).
• organization — the organization that owns the Mark (null for user-owned Marks).
• members — additional users who can submit Artifacts to this Mark.

Artifact

An Artifact is the permanent record of one fingerprint bound to one Mark: a database row plus a blockchain transaction that anchors the fingerprint-to-Mark binding. Once created, an Artifact cannot be deleted or modified — only its raw content visibility can be toggled. Each Artifact carries:

• The original fingerprint
• The Mark’s metadata at creation time (license, AI training preference, author)
• A C2PA manifest for compatible files
• An on-chain transaction

Artifacts have a lifecycle:

Once a fingerprint has a non-failed Artifact, no second Artifact can be created for the same fingerprint. The first Mark wins.

Organization

An Organization is a multi-member workspace that owns Marks and carries the subscription data. Each member has a role:

• owner — full administrative control
• member — can submit Artifacts to organization Marks

Organization tier (free / creator / ultra) governs Mark caps, member caps, and Artifact caps for everything inside the workspace.

C2PA

C2PA (Coalition for Content Provenance and Authenticity)  is the open standard for certifying the origin and history of digital content. Every supported file type produces a C2PA manifest that is signed and embedded into a copy of the asset. Major adopters include Google, Microsoft, Adobe, Sony, and OpenAI.

In the API, the c2paAssets field on an Artifact exposes:

• assetId — internal identifier
• manifestUrl — public URL of the manifest sidecar
• signedAssetUrl — public URL of the signed asset copy

License

Every Artifact inherits its parent Mark’s license. Two fields express this:

• license — display object: { name, url } for humans
• licenseKey — machine identifier: MIT, Apache-2.0, GPL-3.0, BSD-3-Clause, CC-BY-4.0, CC-BY-SA-4.0, CC-BY-NC-4.0, CC-BY-NC-SA-4.0, CC0-1.0, NONE_SPECIFIED, UNLICENSED

For private Marks, the license field is omitted from the public Artifact representation.

AI training preference

allowAiTraining is a three-state flag (true / false / null) on every Mark. Artifacts inherit it. Crawlers and training pipelines that respect provenance can read this signal from the C2PA manifest or the public Artifact record. For private Marks this field is also omitted from public Artifact responses.