Add example: cryptographically verifiable AgentFacts trust fields via Attestix#1
Open
ascender1729 wants to merge 3 commits into
Open
Conversation
bcd142d to
54f5e39
Compare
… Attestix The certification and evaluations fields are reserved for trust but the format ships no way to prove them - they are plain strings today. This adds a runnable example that uses Attestix (Apache-2.0) to issue a signed W3C Verifiable Credential for an agent, populate certification / evaluations.auditTrail / auditorID from it, carry the credential under x-attestix-credential, and verify the whole thing offline. A forged certification.level is rejected without any call back to the issuer. Includes a schema-validated sample (agent.agentfacts.json) and a README.
54f5e39 to
9a35e85
Compare
added 2 commits
June 28, 2026 15:07
The example was written against the 0.4.1rc2 pre-release; attestix 0.4.1 is now the stable PyPI release. Re-verified end-to-end against 0.4.1 stable (schema validation + offline verify + both forgery rejections still pass).
Addresses review feedback: agent.agentfacts.json is regenerated on every run (fresh UUID and timestamps), so it is now gitignored instead of committed, and running the example no longer dirties the tree. Synced the README expected output to a real run, added a Limitations note (verify-only; expiry, trust root, and live revocation out of scope), and quoted the pip version spec.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
certificationandevaluations(auditTrail,auditorID) are reserved for trust, but the format ships no way to prove them. They are plain strings any publisher can write anything into. A consumer readingcertification.level: "EU-AI-Act-Annex-III"cannot tell a real audit from a self-asserted claim.Change
A self-contained, runnable example (
examples/attestix_verifiable_agentfacts/) that makes those fields cryptographically verifiable using Attestix (Apache-2.0):certification/evaluations.auditTrail/evaluations.auditorIDare populated from that credential; the credential travels with the doc underx-attestix-credential(extra top-level properties are allowed by the schema).certificationfields match exactly what was signed. A publisher cannot upgrade their owncertification.levelwithout detection.Verified
Run against
attestix 0.4.1+jsonschema 4.26:The script generates
agent.agentfacts.jsonlocally (gitignored output) and ships with a README.Field mapping
certification.level/issuer/ datesevaluations.auditorIDevaluations.auditTrailx-attestix-credentialContext
This is the AgentFacts side of the Attestix ↔ NANDA integration Prof. Raskar asked us to demo. A companion PR to
projnanda/adapteradds optional attestation to the agent-registration handshake. Happy to adapt either to your preferred repo/path or sign a CLA (I don't see a LICENSE file yet).Opened as a draft for discussion, not asking for a merge yet.