01 / 098 tools
Identity
Unified Agent Identity Tokens (UAIT) bridging MCP OAuth, A2A, DIDs and API keys. GDPR Article 17 erasure.
create_agent_identityverify_identitytranslate_identity+5
Main enforcement wave in Aug 2, 2026 (high-risk systems, Aug 2, 2026) · Fines up to €35M or 7% global revenue
Cryptographic proof
your AI agents
are compliant.
Attestix is attestation infrastructure for autonomous AI agents. Open-source identity, W3C Verifiable Credentials, EU AI Act compliance automation, and reputation scoring. Machine-readable evidence your agent can present to a regulator, another agent, or a system.
$ pip install attestixv0.3.0 · apache 2.0◆Declaration of Conformity · Annex Vurn:uuid:9e2f7a3c
A
Agent
quarterly-analyst-v2
ID
attestix:f9bdb7a94ccb40f1
DID
did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK
Issuer
VibeTensor · did:web:vibetensor.com
Risk tier
HIGH · EU AI Act Article 6(2)
Basis
Article 43 third-party conformity · NB-XXXX Your certified auditor
Sample
illustrative \u00B7 not a real certificate
Issued
2026-04-18T14:02:41Z
Valid thru
2027-04-18
proof.type = Ed25519Signature2020
proofValue = z3Ap6K8mNwQr5bVz2Yh4jLfE1cXnPdRt…XqLbFgH2NvQrWsEd
proofValue = z3Ap6K8mNwQr5bVz2Yh4jLfE1cXnPdRt…XqLbFgH2NvQrWsEd
◉ anchored · base-l2verified ✓
47
MCP Tools · 9 Modules
358
Automated Tests · 91 Conformance
0.28 ms
Ed25519 Sign + Verify (median)
6
IETF · W3C · UCAN Standards
MCP Protocol / 47 toolsW3C Verifiable Credentials 1.1W3C DID Core 1.0UCAN v0.9 delegationRFC 8032 / Ed25519RFC 8785 / JSON canonicalizationRFC 6962 / Merkle treesEU AI Act Annex VGDPR Article 17 / erasureEthereum Attestation ServiceLangChain / CrewAI / OpenAI Agents SDKMCP Protocol / 47 toolsW3C Verifiable Credentials 1.1W3C DID Core 1.0UCAN v0.9 delegationRFC 8032 / Ed25519RFC 8785 / JSON canonicalizationRFC 6962 / Merkle treesEU AI Act Annex VGDPR Article 17 / erasureEthereum Attestation ServiceLangChain / CrewAI / OpenAI Agents SDK
§ 01 / The gap
Every AI agent will need an audit trail.
None of the existing tools produce one.
Existing compliance platforms produce organisational dashboards, not machine-readable, cryptographically verifiable evidence that a specific agent can present to a regulator, an auditor, or another agent. Agent identity is fragmenting across walled gardens. Attestix fills the gap.
Before Attestix
PDFs, spreadsheets, promises.
Compliance artefacts that exist in slide decks and screenshots, unverifiable by any external system.
- Human-readable reports with no cryptographic binding
- Identity scattered across Entra, AgentCore, A2A, ERC-8004
- Audit trails stored in vendor databases, no tamper-evidence
- High-risk systems self-assessing (blocked under Article 43)
- No offline-verifiable proof for regulators
With Attestix
Signed. Anchored. Offline-verifiable.
Every artefact signed Ed25519, chained SHA-256, optionally anchored to Base L2 testnet via the Ethereum Attestation Service.
- W3C Verifiable Credentials with Ed25519Signature2020
- Unified Agent Identity Tokens bridge MCP, A2A, DIDs, OAuth
- Hash-chained audit trail, tamper-evident by construction
- Article 43 enforcement, high-risk triggers third-party required
- No cloud dependency, works offline, JSON-file storage
§ 02 / The stack
Nine modules.
Forty-seven tools.
Attestix exposes the full compliance surface as MCP tools, REST endpoints and a Python library. Each module is independently testable, cryptographically self-contained, and conformant to the W3C, UCAN and RFC standards it implements.
02 / 093 tools
Agent Cards
Parse, generate and discover A2A-compatible agent cards via /.well-known/agent.json.
parse_agent_cardgenerate_agent_carddiscover_agent
03 / 093 tools
DID
Create and resolve W3C Decentralized Identifiers (did:key, did:web) with Ed25519VerificationKey2020.
create_did_keycreate_did_webresolve_did
04 / 094 tools
Delegation
UCAN-style capability delegation with EdDSA-signed JWT tokens, attenuation and revocation.
create_delegationverify_delegationlist_delegationsrevoke
05 / 093 tools
Reputation
Recency-weighted trust scoring (0.0 to 1.0) with category breakdown and search.
record_interactionget_reputationquery_reputation
06 / 097 tools
Compliance
EU AI Act risk profiles, conformity assessments (Article 43), Annex V declarations with auto-issued VCs.
create_profilerecord_conformitydeclaration+4
07 / 098 tools
Credentials
W3C Verifiable Credentials with Ed25519Signature2020 proofs, Verifiable Presentations and external verification.
issue_credentialverify_credentialpresentation+5
08 / 095 tools
Provenance
Training data provenance (Article 10), model lineage (Article 11), hash-chained audit trail (Article 12).
record_training_datarecord_model_lineagelog_action+2
09 / 096 tools
Blockchain
Anchor artifact hashes to Base L2 testnet via Ethereum Attestation Service with Merkle batching.
anchor_identityanchor_credentialanchor_audit_batch+3
§ 03 / Seven steps
From zero to
EU AI Act-compliant.
A high-risk AI agent, walked through the seven-step pipeline that produces a regulator-ready Declaration of Conformity. Each stage below maps to the EU AI Act article it satisfies, and the exact Attestix call that produces the artefact.
Identity · Ed25519
Create agent identity
Issue a Unified Agent Identity Token (UAIT) with a fresh did:key, Ed25519 keypair and bindings to MCP OAuth or A2A.
- Ed25519 keypair generated
- did:key document published
- UAIT JSON signed and registered
python / attestix.quickstart.py• running
// attestix.identity.create_agent_identity agent = identity_svc.create_identity( display_name="quarterly-analyst-v2", source_protocol="manual", capabilities=["data_analysis", "reporting"], issuer_name="VibeTensor", expiry_days=365, ) # output { "agent_id": "attestix:f9bdb7a94ccb40f1", "did": "did:key:z6MkhaXgBZDvotDkL5...", "verification_method": "Ed25519VerificationKey2020", "created": "2026-04-19T09:14:02Z", "signature": "z3Ap6K8m...xDoSnUwM" }
§ 04 / The product
A console that
behaves like
compliance.
Every agent, every credential, every hash. The Attestix console is a working surface across the full stack with the same primitives the CLI, MCP server, and REST API expose. The diagram shows how the pieces fit together under the hood.
Attestix Console / localhost:8501connected
Agents
8 / 8 agents
| Agent | Risk | Status | Trust |
|---|---|---|---|
| quarterly-analyst-v2 | HIGH | 0.94 | |
| clinical-triage-bot | HIGH | 0.78 | |
| supply-chain-optimizer | LIM | 0.89 | |
| fraud-detector | PRO | 0.96 | |
| doc-summarizer | MIN | 0.91 |
Launch interactive console→data is simulated
Architecture
From agent to regulator
§ 05 / Correspondence
Reviewed by
the people who
write the rules.
Attestix has been reviewed by an Ethereum founding member and founder of the Ethereum Attestation Service, an INRIA PRIVATICS researcher, a GenAI governance director, and senior engineers building adjacent infrastructure at enterprise scale. Their exact words are preserved below.
Direct Correspondence
“This looks great. I would love to see exactly how EAS is being used in Attestix.”
Steve Dakh
Ethereum Founding Member
Founder, EAS
2026
Discovery Call
“Very well positioned product. I was building something very similar.”
Laisha Wadhwa
ex-Moca Network, ex-Fuel Labs, ex-Polygon
Web3 Integration Engineer
Remote / 2026
Direct Discussion
“Very aligned with the GenAI governance architectures I have been working on.”
Anindya Biswas
Director, GenAI Governance
Enterprise AI Risk
2026
Direct Correspondence
“Highly relevant to EU AI Act compliance. Focus on articles 9 to 15.”
Hanene Brachemi Meftah
Researcher
INRIA PRIVATICS
INRIA / 2026
Direct Correspondence
“This is something even I had been working on, around AI provenance.”
Rishabh Pathak
Senior Software Engineer
Major US airline
2026
§ 06 / Framework integrations
Drop into your
agent stack.
Three production integrations shipped in v0.3.0: LangChain, OpenAI Agents SDK, CrewAI. Four more documented as example integrations via the MCP protocol: Dify, Google ADK, Semantic Kernel, Strands.
Production ready
LangChain
Native BaseCallbackHandler. Every tool call, LLM call, and chain step is attested.
$ pip install attestix[langchain]- BaseCallbackHandler implementation
- Hash-chained audit trail per chain run
- Auto VC issuance on chain completion
example / langchain.py• ready
from attestix.integrations.langchain import AttestixCallback from langchain.agents import AgentExecutor attestix_cb = AttestixCallback( agent_id="attestix:f9bdb7a94ccb40f1", ) agent = AgentExecutor( agent=my_agent, tools=tools, callbacks=[attestix_cb], ) # every tool call is now signed and hash-chained
§ 07 / Use cases
Four agents,
four risk tiers,
one toolkit.
Every EU AI Act risk tier maps to the same Attestix workflow, with different obligations automatically unfolded. Examples below are illustrative. Real deployments configure their own agent names, issuers, and notified bodies.
High-riskArticle 43Financial services
attestix:quarterly-analyst-v2
Analyses quarterly financial data, generates regulatory reports, and produces narrative summaries for board review. Sits in the Annex III high-risk list under credit scoring and financial automation.
Attestix output
Third-party conformity assessment recorded, Annex V declaration auto-issued as a W3C VC, every analysis call hash-chained into the audit trail.
High-riskArticle 10Healthcare
attestix:clinical-triage-bot
First-line patient triage for non-emergency consultations. Flags high-acuity cases for human review. Article 10 mandates strict data governance and bias testing.
Attestix output
Training dataset checksums captured, demographic-parity and equal-opportunity bias tests attached, full provenance chain from data to model to action.
Prohibited-adjacentArticle 5HR / Hiring
attestix:hr-screener-v1
CV pre-screening agent for shortlisting candidates. Sits adjacent to prohibited practices if used for automated decisions without human oversight.
Attestix output
Attestix blocks self-assessment, forces third-party conformity, and halts credential issuance if bias audit fails. Revocation is tamper-evident on the hash chain.
Limited-riskArticle 50Logistics
attestix:supply-chain-optimizer
Optimises supplier routing and inventory levels across warehouses. Limited-risk under the EU AI Act. Transparency obligations apply.
Attestix output
Agent identity card published at /.well-known/agent.json, delegations to sub-agents tracked as UCAN, reputation score updated per interaction.
§ 08 / Benchmarks
Fast enough
to sit in the
hot path.
Illustrative performance targets derived from the conformance benchmark suite. Attestix stays under a millisecond for sign-verify, under 5 ms end-to-end for credential issuance, and verifies a 10k-entry audit chain in under 50 ms on commodity hardware. Run pytest tests/benchmarks/ to reproduce on your own machine.
Ed25519 sign + verify
0.28ms median
p95 = 0.41 ms / 10,000 iterations on commodity hardware
Merkle batch anchor
1000artifacts / tx
Proof: 32 bytes per artifact. Depth log2(n).
VC issuance end-to-end
17ms median
Canonicalise (JCS) + sign (Ed25519) + persist JSON store
Audit chain verify
42ms / 10k entries
SHA-256 re-chain + signature batch verify
§ 09 / Compliance matrix
Every article,
mapped to a
tool call.
Thirteen EU AI Act articles and annexes. Each row names the evidence Attestix produces and the exact MCP tool that emits it. Filter by audience (provider, deployer) or risk tier (high-risk only) to see the obligations that apply to your role.
| Article | Obligation | Attestix tool | Status |
|---|---|---|---|
| Article 5 | Prohibited practices enforcement Block self-assessment for prohibited-adjacent agents. | compliance.create_compliance_profile | shipped |
| Article 9 | Risk management system Risk-tier profile with unfolded obligations. | compliance.create_compliance_profile | shipped |
| Article 10 | Data governance Training data provenance, bias test attachments. | provenance.record_training_data | shipped |
| Article 11 | Technical documentation Model lineage records with eval metrics. | provenance.record_model_lineage | shipped |
| Article 12 | Record keeping Hash-chained audit trail, tamper-evident. | provenance.log_action | shipped |
| Article 13 | Transparency Agent card at /.well-known/agent.json. | identity.generate_agent_card | shipped |
| Article 14 | Human oversight Delegation with attenuation, revocation. | delegation.create_delegation | shipped |
| Article 15 | Accuracy and robustness Reputation scoring, performance baselines. | reputation.record_interaction | shipped |
| Article 43 | Conformity assessment Third-party enforcement, notified body capture. | compliance.record_conformity_assessment | shipped |
| Annex V | Declaration of Conformity Auto-issued W3C VC with Ed25519 proof. | compliance.generate_declaration_of_conformity | shipped |
| Article 72 | Post-market monitoring Ongoing reputation + audit trail feed. | reputation.query_reputation | partial |
| Article 73 | Serious incident reporting Incident credential issuance pattern. | credentials.issue_credential | partial |
| Annex III | High-risk use-case list Automatic classification from intended purpose. | compliance.create_compliance_profile | shipped |
§ 10 / Next
Compliance by construction,
not by hope.
Install Attestix, create your first identity, and issue your first Verifiable Credential in under sixty seconds. Open source under Apache 2.0.