The Biological Sovereignty Protocol is an open protocol that gives every individual cryptographic ownership of their biological data — genomics, clinical records, wearables, and more.

Where is my data stored?

All data is permanently stored on the Arweave network, a decentralized storage blockchain. No company can delete or revoke your access.

Do I need to pay to use BSP?

No. BSP is open source and MIT-licensed. Any developer can integrate for free. Arweave storage costs are minimal.

How does consent work?

Every access requires a ConsentToken — cryptographically signed by the BEO holder. You define scope, time limits, and can revoke at any time.

Can I integrate with existing systems (FHIR, HL7)?

Yes. BSP was designed to interoperate with existing standards. Our Exchange API translates between formats natively.

BSP is maintained by the Ambrósio Institute and community-governed through BIPs (BSP Improvement Proposals). Anyone can propose changes.

CLI Reference

Install globally or run via npx:

bash

npm install -g bspctl
# or
npx bspctl --help

Configuration

Config is stored at ~/.bsp/config.json.

bash

bsp config set network testnet
bsp config set registry https://api.biologicalsovereigntyprotocol.com
bsp config set private-key <hex>
bsp config show

Key	Default	Description
`registry`	`https://api.biologicalsovereigntyprotocol.com`	Registry API URL
`network`	`testnet`	mainnet, testnet, local
`private-key`	—	Ed25519 private key (hex)
`ieo-domain`	—	IEO domain (for institutional commands)

BEO Commands

`bsp create <domain>`

Create a new Biological Entity Object. Generates Ed25519 keypair locally.

bash

bsp create andre.bsp
# Returns: BEO ID, private key, seed phrase
# ⚠️ Store private key and seed securely — shown once

`bsp resolve <domain>`

Look up a BEO by its .bsp domain.

bash

bsp resolve andre.bsp

`bsp lock <beoId>`

Emergency lock — freezes the BEO. No operations permitted while locked.

`bsp unlock <beoId>`

Unlock a previously locked BEO.

`bsp rotate-key <beoId>`

Generate a new Ed25519 keypair and rotate the BEO's key on-chain.

`bsp destroy <beoId> --confirm`

IRREVERSIBLE — Permanently destroy the BEO. LGPD Art. 18 / GDPR Art. 17.

Nullifies public key, revokes all ConsentTokens, releases domain, wipes recovery config.

`bsp consent grant <beoId> <ieoId>`

Issue a ConsentToken to an institution.

bash

bsp consent grant <beoId> <ieoId> \
  --intents SUBMIT_RECORD,READ_RECORDS \
  --categories BSP-LA,BSP-CV \
  --days 365

Flag	Required	Description
`--intents`	Yes	Comma-separated intents
`--categories`	No	Comma-separated BSP categories
`--days`	No	Expiration in days (default: permanent)

`bsp consent revoke <tokenId> <beoId>`

Revoke a single ConsentToken.

`bsp consent revoke-all <beoId> --confirm`

Emergency — revoke ALL active tokens for a BEO.

`bsp consent verify <tokenId>`

Check if a ConsentToken is valid.

`bsp consent list <domain>`

List all consent tokens for a BEO domain.

IEO Commands

`bsp ieo create <domain>`

bash

bsp ieo create fleury.bsp --type LAB --name "Fleury Laboratórios"

Flag	Required	Description
`--type`	Yes	LAB, HOSPITAL, WEARABLE, PHYSICIAN, INSURER, RESEARCH, PLATFORM
`--name`	Yes	Display name

`bsp ieo get <ieoId>`

Get IEO details by ID.

`bsp ieo list`

List IEOs with optional filters.

bash

bsp ieo list --type LAB --status ACTIVE --cert ADVANCED

`bsp ieo lock <ieoId>`

Emergency lock an IEO.

`bsp ieo unlock <ieoId>`

Unlock a locked IEO.

`bsp ieo destroy <ieoId> --confirm`

IRREVERSIBLE — Permanently destroy an IEO.

Exchange Commands

`bsp records submit <beoId>`

Submit BioRecords to a BEO.

bash

bsp records submit <beoId> --token <tokenId> --file records.json

`bsp records read <beoId>`

Read BioRecords from a BEO.

bash

bsp records read <beoId> --token <tokenId> --categories BSP-LA,BSP-CV --json

`bsp export <beoId>`

Export all biological data (sovereign portability — GDPR Art. 20).

bash

bsp export <beoId> --token <tokenId> --format FHIR_R4 > health-data.json

Formats: JSON, CSV, FHIR_R4

Security

Private keys never leave your machine
All signing happens locally via bsp-sdk
The registry API only receives signed payloads
Destructive operations require --confirm

→ GitHub · SDK Reference · MCP Server

CLI Reference ​

Configuration ​

BEO Commands ​

bsp create <domain> ​

bsp resolve <domain> ​

bsp lock <beoId> ​

bsp unlock <beoId> ​

bsp rotate-key <beoId> ​

bsp destroy <beoId> --confirm ​

Consent Commands ​

bsp consent grant <beoId> <ieoId> ​

bsp consent revoke <tokenId> <beoId> ​

bsp consent revoke-all <beoId> --confirm ​

bsp consent verify <tokenId> ​

bsp consent list <domain> ​

IEO Commands ​

bsp ieo create <domain> ​

bsp ieo get <ieoId> ​

bsp ieo list ​

bsp ieo lock <ieoId> ​

bsp ieo unlock <ieoId> ​

bsp ieo destroy <ieoId> --confirm ​

Exchange Commands ​

bsp records submit <beoId> ​

bsp records read <beoId> ​

bsp export <beoId> ​

Security ​

CLI Reference

Configuration

BEO Commands

`bsp create <domain>`

`bsp resolve <domain>`

`bsp lock <beoId>`

`bsp unlock <beoId>`

`bsp rotate-key <beoId>`

`bsp destroy <beoId> --confirm`

Consent Commands

`bsp consent grant <beoId> <ieoId>`

`bsp consent revoke <tokenId> <beoId>`

`bsp consent revoke-all <beoId> --confirm`

`bsp consent verify <tokenId>`

`bsp consent list <domain>`

IEO Commands

`bsp ieo create <domain>`

`bsp ieo get <ieoId>`

`bsp ieo list`

`bsp ieo lock <ieoId>`

`bsp ieo unlock <ieoId>`

`bsp ieo destroy <ieoId> --confirm`

Exchange Commands

`bsp records submit <beoId>`

`bsp records read <beoId>`

`bsp export <beoId>`

Security