Attestation
infrastructure
for AI agents.
The paper introduces a machine-verifiable trust layer for autonomous AI agents. Three primitives are combined: Unified Agent Identity Tokens (UAIT) bridging MCP OAuth, A2A, DIDs, and API keys; W3C Verifiable Credentials with Ed25519Signature2020 proofs; and a hash-chained audit trail with optional Base L2 testnet anchoring via the Ethereum Attestation Service.
The system is evaluated against five open standards (RFC 8032, W3C Verifiable Credentials 1.1, W3C DID 1.0, UCAN v0.9, MCP 1.8) through 91 automated conformance benchmarks, and against ten EU AI Act articles plus Annex III and Annex V through compliance-workflow tests. Ed25519 sign + verify runs at 0.28 ms median. End-to-end credential issuance runs at 3.2 ms median.
The artefact and all tests are open-source under Apache 2.0 and published on PyPI as the attestix package, alongside an MCP server registered on the Model Context Protocol registry.
Contributions
- 1. A protocol-agnostic identity token (UAIT) that unifies MCP, A2A, DIDs, OAuth, API keys.
- 2. An automated EU AI Act compliance pipeline from risk classification to Annex V declaration as a W3C Verifiable Credential.
- 3. A hash-chained, tamper-evident audit trail verifiable offline.
- 4. Optional on-chain anchoring via EAS on Base L2 testnet with Merkle batching.
- 5. An MCP-native, open-source reference implementation validated by 358 automated tests.