How provenance works here
Short version: every file we register gets a fingerprint, most of the catalog gets a second fingerprint of the shape itself, and a creator can put the file fingerprint on a blockchain so the record can't be quietly changed later. You can check any of it yourself, no account required.
What we store
Real files, mostly. Uploads live here in full, in an object store where the original bytes are never modified. The crawled catalog is stored as real files too wherever the source allows it. A smaller slice is index-only: metadata and a fingerprint without the bytes. Every crawled entry links back to the page it came from.
A fingerprint for every file
When a file lands in the registry, we run it through SHA-256. That gives a short string that stands in for the exact bytes of the file. Change one triangle in the model and the fingerprint changes completely. Keep the file the same and the fingerprint stays the same, forever.
So the fingerprint answers a narrow but useful question. Is this the same file, or not? You don't have to trust us on it. You can compute the same hash on your own machine and compare.
A second fingerprint, for the shape itself
SHA-256 has a blind spot. Export the same model from a different program, or re-mesh it, and the bytes change, so the hash changes too. Same shape, new fingerprint. A file hash can never tell you that two different files contain the same object.
That's why most of the catalog carries a second fingerprint: a compact numerical summary of the geometry itself, sampled from the model's surface. More than 275,000 models have one today. It recognizes the same shape across re-exports, re-meshes, decimation, scaling and rotation, and we use it inside our pipeline to catch duplicates across the catalog, so one shape doesn't slip in twice under different bytes. Because the index spans several platforms, the registry can also often say where a given file surfaced first.
Matching that goes further, tracing remixes and shared parts between models, is in development. We'd rather publish measured results than promises, so this page will say more when there's something real to show.
Anchoring it on the blockchain
A fingerprint on its own lives in our database. Useful, but it's ours. The next step is to write that fingerprint onto a public blockchain, where it gets a timestamp and a transaction that nobody can rewrite. That's what we mean by an anchor.
We use two chains. Polygon gives a fast, cheap, public transaction you can read on PolygonScan. Bitcoin, through OpenTimestamps, gives the most durable record there is, the kind that outlasts any single company. Not every model in the catalog is anchored. A lot of the catalog is indexed from other sites, and those entries carry a fingerprint but no on-chain stamp. When a model is anchored, its model page and its proof endpoint say so plainly.
What an anchor proves, and what it doesn't
It proves a specific file existed by a specific date, and that the record hasn't been altered since. It does not, by itself, prove who drew the model or who owns the rights. Authorship is a separate claim. We keep those two things distinct on purpose.
Check any of it yourself
- Open the verify page. Drop in a file. Your browser hashes it locally, so the file never gets uploaded.
- We look the fingerprint up in the registry and tell you what we have: whether it's recorded, who registered it, and whether it's anchored on-chain.
- If it's anchored, follow the link to the public block explorer and read the transaction for yourself.
Already have a Bitcoin OpenTimestamps proof? You can check it at the OpenTimestamps verifier.
What's anchored where
- Polygon. Live. Fast, public, cheap to write. Our registry contract is 0x687F2e6F96288Ac58fe22E2Eb000D1a628aEEB65, so you can read every stamp we've ever written straight off PolygonScan, without going through us. The same address is returned by GET /api/blockchain/status.
- Bitcoin, through OpenTimestamps. Live. The most durable record of the set. Check a proof at the OpenTimestamps verifier.
- Solana. On the roadmap, not built yet.
We would rather underclaim than overclaim. If a page says a model is anchored, the proof endpoint will back it up.
For developers and agents
If you're reading this with code, you don't need to scrape these pages. There's a read API that returns the same facts as JSON, no key and no login:
- Look up a fingerprint: GET /api/models/verify?hash={sha256}
- One model as JSON, anchors included: GET /api/models/{id}
- On-chain proof for a model: GET /api/models/{id}/proof
- Bitcoin proof, checked live, with a link to the raw .ots file: GET /api/models/{id}/verify-ots. Download the .ots and verify it yourself with the open-source OpenTimestamps tools, no ModelDirectory involved.
- Chain status and the registry contract address: GET /api/blockchain/status
Prefer to run the check yourself? There's a small open-source script at github.com/ModelDirectory/verify. It hashes your file locally and reads the registry contract through any public Polygon node you choose, so the answer never depends on our servers. MIT licensed, short enough to read before you run it.
Run a platform?
Everything on this page can sit behind your own upload flow. One POST at publish time gives every upload on your platform an independent, timestamped proof of first publication, and a small badge your creators can point to when their work shows up somewhere it shouldn't. We never ask for the file, only its hash, and the badge carries no cookies or tracking. The integration is deliberately boring: one secret, two calls, done in an afternoon.
Details, the exact requests, and how to get a key: the platform page.
Where was a file first?
Because the index spans several platforms, the registry can often answer a simple question with receipts: where did this exact file show up first? Try it at the first-aired lookup. Drop a file (hashed in your browser, never uploaded) or paste a hash, and read the timeline.
The full list is in the machine manifest at /.well-known/ai-agent.json, and there's a plain-language guide for language models at /llms.txt.