Attestation Infrastructure for AI Agents
Verifiable identity, W3C credentials, EU AI Act compliance, delegation chains,
and reputation scoring for every AI agent. 47 MCP tools across 9 modules.
pip install attestixOn August 2, 2026, the EU AI Act enforcement begins. Fines reach EUR 35M or 7% of global revenue.
Existing compliance tools (Credo AI, Holistic AI, Vanta) are organizational dashboards. None produce machine-readable, cryptographically verifiable proof that an AI agent can present to another agent, regulator, or system.
Agent identity is fragmenting across walled gardens (Microsoft Entra, AWS AgentCore, Google A2A, ERC-8004). No single tool combines agent identity + EU AI Act compliance + verifiable credentials in one protocol.
Attestix fills this gap.
| Module | Tools | What it does |
|---|---|---|
| Identity | 8 | Unified Agent Identity Tokens (UAITs) bridging MCP OAuth, A2A, DIDs, and API keys. GDPR Article 17 erasure |
| Agent Cards | 3 | Parse, generate, and discover A2A-compatible agent cards |
| DID | 3 | Create and resolve W3C Decentralized Identifiers (did:key, did:web) |
| Delegation | 4 | UCAN-style capability delegation with EdDSA-signed JWT tokens |
| Reputation | 3 | Recency-weighted trust scoring (0.0 - 1.0) with category breakdown |
| Compliance | 7 | EU AI Act risk profiles, conformity assessments (Article 43), Annex V declarations |
| Credentials | 8 | W3C Verifiable Credentials with Ed25519Signature2020 proofs, presentations |
| Provenance | 5 | Training data provenance (Article 10), model lineage (Article 11), hash-chained audit trail (Article 12) |
| Blockchain | 6 | Anchor artifact hashes to Base L2 via Ethereum Attestation Service, Merkle batching |
Add to your Claude Code config (~/.claude.json):
{
"mcpServers": {
"attestix": {
"type": "stdio",
"command": "python",
"args": ["/path/to/attestix/main.py"]
}
}
}Then ask Claude:
"Create an identity for my data analysis agent with capabilities: data_analysis, reporting"
from services.identity_service import IdentityService
svc = IdentityService()
agent = svc.create_identity(
display_name="MyAgent",
source_protocol="manual",
capabilities=["data_analysis", "reporting"],
description="Analyzes quarterly financial data",
issuer_name="Acme Corp",
)
print(agent["agent_id"]) # attestix:f9bdb7a94ccb40f1
print(agent["issuer"]["did"]) # did:key:z6Mk...git clone https://github.com/VibeTensor/attestix.git
cd attestix
pip install -r requirements.txt
python main.pyTake a high-risk AI agent from zero to fully compliant:
1. create_agent_identity --> UAIT with DID (Ed25519 signed)
2. record_training_data --> Article 10 data governance
3. record_model_lineage --> Article 11 technical documentation
4. create_compliance_profile --> Risk categorization + obligations
5. record_conformity_assessment --> Article 43 third-party assessment
6. generate_declaration_of_conformity --> Annex V declaration + W3C VC
7. create_verifiable_presentation --> Signed VP for regulator
High-risk systems are blocked from self-assessment:
record_conformity_assessment(assessment_type="self", ...)
--> ERROR: "High-risk AI systems require third_party conformity assessment"
Full walkthrough: EU AI Act Compliance Guide
Every artifact Attestix produces is cryptographically signed with Ed25519:
| Artifact | Standard | Signed |
|---|---|---|
| Agent Identity (UAIT) | Custom + DID | Ed25519 |
| Verifiable Credential | W3C VC Data Model 1.1 | Ed25519Signature2020 |
| Verifiable Presentation | W3C VP | Ed25519Signature2020 |
| Delegation Token | UCAN-style JWT | EdDSA |
| Compliance Records | EU AI Act Annex V | Ed25519 |
| Audit Trail | Hash-chained log | SHA-256 chain |
| Blockchain Anchor | EAS on Base L2 | On-chain |
No cloud dependency. All core operations work offline with local JSON storage.
attestix/
main.py # MCP server entry point (47 tools)
config.py # Environment-based configuration
errors.py # Error handling with JSON logging
auth/
signing.py # Ed25519 key management
ssrf.py # SSRF protection for outbound HTTP
services/
identity_service.py # UAIT lifecycle, GDPR erasure
agent_card_service.py # A2A agent card operations
did_service.py # DID creation and resolution
delegation_service.py # UCAN delegation tokens
reputation_service.py # Trust scoring
compliance_service.py # EU AI Act profiles and assessments
credential_service.py # W3C VCs and VPs
provenance_service.py # Training data, lineage, audit trail
blockchain_service.py # Base L2 anchoring via EAS
blockchain/
merkle.py # Merkle tree for batch anchoring
tools/ # MCP tool definitions (one file per module)
Identity (8 tools)
| Tool | Description |
|---|---|
create_agent_identity |
Create a UAIT from any identity source |
resolve_identity |
Auto-detect token type and register |
verify_identity |
Check existence, revocation, expiry, signature |
translate_identity |
Convert to A2A, DID Document, OAuth, or summary |
list_identities |
List UAITs with protocol/revocation filters |
get_identity |
Get full UAIT details |
revoke_identity |
Mark a UAIT as revoked |
purge_agent_data |
GDPR Article 17 right to erasure across all stores |
Agent Cards (3 tools)
| Tool | Description |
|---|---|
parse_agent_card |
Parse an A2A Agent Card JSON |
generate_agent_card |
Generate agent.json for hosting |
discover_agent |
Fetch /.well-known/agent.json from a URL |
DID (3 tools)
| Tool | Description |
|---|---|
create_did_key |
Generate ephemeral did:key with Ed25519 keypair |
create_did_web |
Generate did:web DID Document for self-hosting |
resolve_did |
Resolve any DID to its DID Document |
Delegation (4 tools)
| Tool | Description |
|---|---|
create_delegation |
UCAN-style capability delegation token |
verify_delegation |
Verify JWT signature, expiry, structure |
list_delegations |
List delegations by agent and role |
revoke_delegation |
Revoke a delegation token |
Reputation (3 tools)
| Tool | Description |
|---|---|
record_interaction |
Record outcome and update trust score |
get_reputation |
Get score with category breakdown |
query_reputation |
Search agents by reputation criteria |
Compliance (7 tools)
| Tool | Description |
|---|---|
create_compliance_profile |
Create EU AI Act profile with risk categorization |
get_compliance_profile |
Retrieve full compliance profile |
update_compliance_profile |
Update an existing compliance profile |
get_compliance_status |
Gap analysis: completed vs missing requirements |
record_conformity_assessment |
Record self or third-party assessment (Article 43) |
generate_declaration_of_conformity |
Generate Annex V declaration + auto-issue VC |
list_compliance_profiles |
Filter by risk category and compliance status |
Credentials (8 tools)
| Tool | Description |
|---|---|
issue_credential |
Issue W3C VC with Ed25519Signature2020 proof |
verify_credential |
Check signature, expiry, revocation |
verify_credential_external |
Verify any VC JSON from an external source |
revoke_credential |
Revoke a Verifiable Credential |
get_credential |
Get full VC details |
list_credentials |
Filter by agent, type, validity |
create_verifiable_presentation |
Bundle VCs into a signed VP for a verifier |
verify_presentation |
Verify a VP with embedded credentials |
Provenance (5 tools)
| Tool | Description |
|---|---|
record_training_data |
Record training data source (Article 10) |
record_model_lineage |
Record model chain and metrics (Article 11) |
log_action |
Log agent action with hash-chained audit trail (Article 12) |
get_provenance |
Get full provenance record |
get_audit_trail |
Query audit log with filters |
Blockchain (6 tools)
| Tool | Description |
|---|---|
anchor_identity |
Anchor identity hash to Base L2 via EAS |
anchor_credential |
Anchor credential hash to Base L2 via EAS |
anchor_audit_batch |
Merkle batch anchor of audit log entries |
verify_anchor |
Verify an on-chain anchor against local data |
get_anchor_status |
Get anchoring status for an artifact |
estimate_anchor_cost |
Estimate gas cost for anchoring |
- Ed25519 signatures on all UAITs, VCs, assessments, declarations, and audit entries
- Hash-chained audit trail with SHA-256 for tamper-evident logging
- SSRF protection blocks private IPs, metadata endpoints, and DNS rebinding
- Encrypted key storage with AES-256-GCM when
ATTESTIX_KEY_PASSWORDis set - Private keys never exposed in tool responses
- No external API calls required for core operations
Full documentation at attestix.vibetensor.com
| Guide | Description |
|---|---|
| Getting Started | Installation and first identity in 5 minutes |
| EU AI Act Compliance | Step-by-step compliance workflow |
| Risk Classification | How to determine your AI system's risk category |
| Architecture | System design and data flows |
| API Reference | All 47 tools with parameter tables |
| Integration Guide | LangChain, CrewAI, AutoGen, MCP client |
| Configuration | Environment variables, storage, Docker |
Attestix generates machine-readable, cryptographically signed compliance documentation. It is a documentation and evidence tooling system. It does not replace legal counsel, notified body assessments, or official regulatory submissions. Always consult qualified legal professionals for compliance decisions.
See CONTRIBUTING.md for development setup and guidelines.
Apache License 2.0. See LICENSE.
Built by VibeTensor