
C2PA ComfyUI Integration: Signing Open-Source Workflows
Definition: The Original Pictures ComfyUI integration adds a custom node that signs generated images at the end of a workflow, marking output from the dominant open-source diffusion UI.
TL;DR: ComfyUI is the leading open-source diffusion interface. A custom output node that calls the signing API marks every generated image with a manifest, watermark, and anchor, bringing Article 50 marking to self-hosted generation.
A node at the end of the graph
ComfyUI workflows are node graphs. A custom output node placed after the save step POSTs the generated image to the signing API and writes back the manifest, so marking is part of the workflow rather than a manual afterthought.
Self-hosted, still compliant
Teams running ComfyUI self-hosted still face Article 50 if they place output on the EU market. The signing node adds marking without changing the model or the workflow, which suits builders who want control over generation but not over provenance plumbing.
Share the node
Because ComfyUI's ecosystem shares custom nodes, a published signing node lets the community add marking easily, expanding provenance across open-source generation.
Implementation
class OPSignNode: def sign(self, image, producer='comfyui'): from originalpictures import client op = client(api_key=os.environ['OP_KEY']) return op.sign(asset=image, producer=producer, assertions={'c2pa.created': {'actions': [{'action': 'c2pa.ai_generated'}]}}, disclosure='art50.2', watermark='trustmark', anchor=True)
FAQ
Does this fit a self-hosted setup?
Yes. The node calls the signing API over the network; your generation stays self-hosted while marking is added at the output step.
Where Original Pictures stands today
Original Pictures ships three things today: a Sign API, a Verify API, and the SDKs that wrap them. One POST /v1/sign attaches a C2PA-format manifest, an invisible TrustMark watermark, and an OpenTimestamps anchor. The open-source verifier checks any of it without calling us.
Two things are on the near roadmap, and we name them as roadmap, not as shipped: C2PA Conformance Program recognition (target Q3 2026, until then our manifests use the published C2PA v2.2 format and any C2PA-aware validator can read them, but third-party validators will show our signer as not-yet-listed), and a consumer capture app (Q3 2026). We do not sell a capture SDK, and we do not claim Trust-List membership we do not yet hold.
Bottom line: Add a signing node to your ComfyUI workflow to mark every generated image, bringing Article 50 marking to self-hosted open-source generation.
Related
Original Pictures is progressing through the C2PA Conformance Program; our signing certificate is not yet on the official C2PA Trust List. Target: Q3 2026. We will not describe ourselves as "C2PA-certified" until it is true.
Original Pictures provides content-provenance infrastructure. It does not by itself constitute legal compliance with the EU AI Act or any other regime; compliance depends on how you deploy it, your disclosures, and your governance. Figures are drawn from public reporting, verify against primary sources before citing in regulated materials. Nothing here is legal advice.
Last verified 2026-05-25. Author: Mahdi Kazempour, Founder, Original Pictures.