Attestix

Compliance Automation for AI Agents

Make your AI agents EU AI Act compliant with cryptographically verifiable proof.
Open-source identity, credentials, compliance automation, and trust scoring.
47 MCP tools across 9 modules, 44 REST API endpoints, 531-test suite (440 functional + 91 RFC / W3C conformance benchmarks).
Real integrations with LangChain, OpenAI Agents SDK, and CrewAI.

Status: v0.4.0 stable (pre-release 0.4.1rc1 available via the --pre channel). Single-maintainer project, community contributions welcome. No independent third-party security audit has been performed yet; deploy with the same diligence you would apply to any pre-1.0 open-source crypto stack.

---

Install

# Stable 0.4.0:
pip install attestix

# Pre-release 0.4.1rc1 (opt in with --pre):
pip install --pre attestix

Stable 0.4.0 ships only the canonical attestix.* namespace. The older flat layout (from services... import, from auth... import, ...) keeps working via thin deprecation shims that emit a DeprecationWarning on first import and are scheduled for removal in v0.5.0. Update imports to from attestix.services... import at your earliest convenience.

CLI

attestix status                          # System overview
attestix init --name MyBot               # Create agent identity
attestix compliance <agent-id>           # Check EU AI Act compliance
attestix verify <agent-id>               # Verify identity cryptographically
attestix audit <agent-id>                # View hash-chained audit trail
attestix credential --list               # List W3C Verifiable Credentials

REST API

pip install fastapi uvicorn
uvicorn attestix.api.main:app --reload   # Swagger docs at http://localhost:8000/docs

Web Dashboard

pip install streamlit
streamlit run demo/webapp/app.py         # Opens at http://localhost:8501

Quick Demo

python examples/quickstart.py            # Full 9-module workflow in 0.1 seconds

Verify in any language

Attestix credentials are issued once (Python core or cloud) and verify anywhere. Six independent verifier implementations share one conformance suite (spec/verify/v1): verify offline, no Python runtime, zero trust in the issuer. The verifiers are verifier-only: issuance stays in the Python core.

Language	Install	Status
Python	pip install attestix	live (full lib: issue + verify)
JS / TS	npm install attestix	live (attestix-js)
Go	go get github.com/VibeTensor/attestix-go	live (attestix-go)
Rust	cargo add attestix	live (attestix-rs)
Java	com.vibetensor:attestix:0.4.0	publishing soon (attestix-java)
R	install.packages("attestix")	coming to CRAN (attestix-r)

Every verifier checks the same canonical-JSON form (RFC 8785) and Ed25519 signatures (RFC 8032) against the shared spec/verify/v1 vectors. Verify in the browser at https://attestix.io/verify, or read the bundle wire-format at https://attestix.io/spec/bundle/v1.

Why Attestix

On August 2, 2026, the EU AI Act enforcement begins. Fines reach EUR 35M or 7% of global revenue.

Existing compliance tools (Credo AI, Holistic AI, Vanta) are organizational dashboards. None produce machine-readable, cryptographically verifiable proof that an AI agent can present to another agent, regulator, or system.

Agent identity is fragmenting across walled gardens (Microsoft Entra, AWS AgentCore, Google A2A, ERC-8004). No single tool combines agent identity + EU AI Act compliance + verifiable credentials in one protocol.

Attestix fills this gap.

---

Modules

Module	Tools	What it does
Identity	8	Unified Agent Identity Tokens (UAITs) bridging MCP OAuth, A2A, DIDs, and API keys. GDPR Article 17 erasure
Agent Cards	3	Parse, generate, and discover A2A-compatible agent cards
DID	3	Create and resolve W3C Decentralized Identifiers (did:key, did:web)
Delegation	4	UCAN-style capability delegation with EdDSA-signed JWT tokens
Reputation	3	Recency-weighted trust scoring (0.0 - 1.0) with category breakdown
Compliance	7	EU AI Act risk profiles, conformity assessments (Article 43), Annex V declarations
Credentials	8	W3C Verifiable Credentials with Ed25519Signature2020 proofs, presentations
Provenance	5	Training data provenance (Article 10), model lineage (Article 11), hash-chained audit trail (Article 12)
Blockchain	6	Anchor artifact hashes to Base L2 via Ethereum Attestation Service, Merkle batching

---

Quick Start

As an MCP Server (Claude Code)

Add to your Claude Code config (~/.claude.json):

{
  "mcpServers": {
    "attestix": {
      "type": "stdio",
      "command": "python",
      "args": ["-m", "attestix.main"]
    }
  }
}

Then ask Claude:

"Create an identity for my data analysis agent with capabilities: data_analysis, reporting"

As a Python Library

from attestix.services.identity_service import IdentityService
from attestix.services.compliance_service import ComplianceService
from attestix.services.credential_service import CredentialService

identity_svc = IdentityService()
compliance_svc = ComplianceService()
credential_svc = CredentialService()

# 1. Create an agent identity
agent = identity_svc.create_identity(
    display_name="MyAgent",
    source_protocol="manual",
    capabilities=["data_analysis", "reporting"],
    description="Analyzes quarterly financial data",
    issuer_name="VibeTensor",
    expiry_days=365,
)
agent_id = agent["agent_id"]      # attestix:f9bdb7a94ccb40f1
agent_did = agent["issuer"]["did"]  # did:key:z6Mk...

# 2. Create a compliance profile
profile = compliance_svc.create_compliance_profile(
    agent_id=agent_id,
    risk_category="limited",
    provider_name="VibeTensor",
    intended_purpose="Analyzes quarterly financial data",
)

# 3. Issue a verifiable credential
credential = credential_svc.issue_credential(
    subject_id=agent_id,
    credential_type="AgentIdentityCredential",
    issuer_name="VibeTensor",
    claims={"capabilities": ["data_analysis", "reporting"]},
    expiry_days=365,
)
print(credential["proof"]["type"])  # Ed25519Signature2020

For a complete end-to-end walkthrough covering all 9 modules, run the quickstart:

python examples/quickstart.py

From Source

git clone https://github.com/VibeTensor/attestix.git
cd attestix
pip install -r requirements.txt
python -m attestix.main

---

EU AI Act Compliance Workflow

Take a high-risk AI agent from zero to fully compliant:

1. create_agent_identity        --> UAIT with DID (Ed25519 signed)
2. record_training_data         --> Article 10 data governance
3. record_model_lineage         --> Article 11 technical documentation
4. create_compliance_profile    --> Risk categorization + obligations
5. record_conformity_assessment --> Article 43 third-party assessment
6. generate_declaration_of_conformity --> Annex V declaration + W3C VC
7. create_verifiable_presentation     --> Signed VP for regulator

High-risk systems are blocked from self-assessment:

record_conformity_assessment(assessment_type="self", ...)
--> ERROR: "High-risk AI systems require third_party conformity assessment"

Full walkthrough: EU AI Act Compliance Guide

---

How It Works

Every artifact Attestix produces is cryptographically signed with Ed25519:

Artifact	Standard	Signed
Agent Identity (UAIT)	Custom + DID	Ed25519
Verifiable Credential	W3C VC Data Model 1.1	Ed25519Signature2020
Verifiable Presentation	W3C VP	Ed25519Signature2020
Delegation Token	UCAN-style JWT	EdDSA
Compliance Records	EU AI Act Annex V	Ed25519
Audit Trail	Hash-chained log	SHA-256 chain
Blockchain Anchor	EAS on Base L2	On-chain

No cloud dependency. All core operations work offline with local JSON storage.

---

Architecture

attestix/                  # Canonical Python package (v0.4.0)
  main.py                  # MCP server entry point (47 tools)
  cli.py                   # `attestix` console script
  config.py                # Environment-based configuration
  errors.py                # Error handling with JSON logging
  api/                     # FastAPI REST surface
    main.py                # uvicorn entry: `attestix.api.main:app`
    routers/               # one router per service (44 endpoints)
  auth/
    crypto.py              # Ed25519 key management
    ssrf.py                # SSRF protection for outbound HTTP
  services/
    identity_service.py    # UAIT lifecycle, GDPR erasure
    agent_card_service.py  # A2A agent card operations
    did_service.py         # DID creation and resolution
    delegation_service.py  # UCAN delegation tokens
    reputation_service.py  # Trust scoring
    compliance_service.py  # EU AI Act profiles and assessments
    credential_service.py  # W3C VCs and VPs
    provenance_service.py  # Training data, lineage, audit trail
    blockchain_service.py  # Base L2 anchoring via EAS
  storage/                 # Repository seam (file / memory / pg)
  signing/                 # Signer seam (in-process / kms)
  audit/                   # Tamper-evident event chain
  tenancy/                 # Tenant context
  idempotency/             # Stripe-style idempotency keys + middleware
  blockchain/
    merkle.py              # Merkle tree for batch anchoring
  tools/                   # MCP tool definitions (one file per module)

The pre-v0.4.0 flat layout (services/, auth/, storage/, ...) is preserved as deprecation shims at the same paths. They re-export from the canonical attestix.* namespace and emit a DeprecationWarning on first import. The shims are scheduled for removal in v0.5.0.

---

All 47 Tools

Identity (8 tools)

Tool	Description
create_agent_identity	Create a UAIT from any identity source
resolve_identity	Auto-detect token type and register
verify_identity	Check existence, revocation, expiry, signature
translate_identity	Convert to A2A, DID Document, OAuth, or summary
list_identities	List UAITs with protocol/revocation filters
get_identity	Get full UAIT details
revoke_identity	Mark a UAIT as revoked
purge_agent_data	GDPR Article 17 right to erasure across all stores

Agent Cards (3 tools)

Tool	Description
parse_agent_card	Parse an A2A Agent Card JSON
generate_agent_card	Generate agent.json for hosting
discover_agent	Fetch /.well-known/agent.json from a URL

DID (3 tools)

Tool	Description
create_did_key	Generate ephemeral did:key with Ed25519 keypair
create_did_web	Generate did:web DID Document for self-hosting
resolve_did	Resolve any DID to its DID Document

Delegation (4 tools)

Tool	Description
create_delegation	UCAN-style capability delegation token
verify_delegation	Verify JWT signature, expiry, structure
list_delegations	List delegations by agent and role
revoke_delegation	Revoke a delegation token

Reputation (3 tools)

Tool	Description
record_interaction	Record outcome and update trust score
get_reputation	Get score with category breakdown
query_reputation	Search agents by reputation criteria

Compliance (7 tools)

Tool	Description
create_compliance_profile	Create EU AI Act profile with risk categorization
get_compliance_profile	Retrieve full compliance profile
update_compliance_profile	Update an existing compliance profile
get_compliance_status	Gap analysis: completed vs missing requirements
record_conformity_assessment	Record self or third-party assessment (Article 43)
generate_declaration_of_conformity	Generate Annex V declaration + auto-issue VC
list_compliance_profiles	Filter by risk category and compliance status

Credentials (8 tools)

Tool	Description
issue_credential	Issue W3C VC with Ed25519Signature2020 proof
verify_credential	Check signature, expiry, revocation
verify_credential_external	Verify any VC JSON from an external source
revoke_credential	Revoke a Verifiable Credential
get_credential	Get full VC details
list_credentials	Filter by agent, type, validity
create_verifiable_presentation	Bundle VCs into a signed VP for a verifier
verify_presentation	Verify a VP with embedded credentials

Provenance (5 tools)

Tool	Description
record_training_data	Record training data source (Article 10)
record_model_lineage	Record model chain and metrics (Article 11)
log_action	Log agent action with hash-chained audit trail (Article 12)
get_provenance	Get full provenance record
get_audit_trail	Query audit log with filters

Blockchain (6 tools)

Tool	Description
anchor_identity	Anchor identity hash to Base L2 via EAS
anchor_credential	Anchor credential hash to Base L2 via EAS
anchor_audit_batch	Merkle batch anchor of audit log entries
verify_anchor	Verify an on-chain anchor against local data
get_anchor_status	Get anchoring status for an artifact
estimate_anchor_cost	Estimate gas cost for anchoring

---

Standards Conformance

Every standards claim is validated by 91 automated conformance benchmarks that run alongside the rest of the suite for a total of 531 tests passing (1 skipped on Windows). These benchmarks demonstrate cryptographic conformance with the listed standards; they are not a substitute for a legal compliance audit. Run them yourself:

docker build -f Dockerfile.test -t attestix-bench . && docker run --rm attestix-bench

Standard	What is tested	Tests
RFC 8032 (Ed25519)	4 IETF canonical vectors: key derivation, signature generation (exact match), verification, tamper rejection	18
W3C VC Data Model 1.1	Credential structure, Ed25519Signature2020 proof, mutable field exclusion, VP structure, replay protection	25
W3C DID Core 1.0	did:key and did:web document structure, roundtrip resolution, Ed25519VerificationKey2020	18
UCAN v0.9.0	JWT header (alg/typ/ucv), all payload fields, capability attenuation, expiry enforcement, revocation	18
MCP Protocol	47 tools registered, 9 modules, async convention, snake_case naming	5
Performance	Ed25519 key gen, JSON canonicalization, sign/verify, identity creation, credential ops	7

Performance (median latency, 1000 runs)

Operation	Latency
Ed25519 key generation	0.08 ms
JSON canonicalization	0.02 ms
Ed25519 sign + verify	0.28 ms
Identity creation	~14 ms
Credential issuance	~17 ms
Credential verification	~2 ms
UCAN token creation	~9 ms

---

Security

• Ed25519 signatures on all UAITs, VCs, assessments, declarations, and audit entries
• Hash-chained audit trail with SHA-256 for tamper-evident logging
• SSRF protection blocks private IPs, metadata endpoints, and DNS rebinding
• Encrypted key storage with AES-256-GCM when ATTESTIX_KEY_PASSWORD is set
• Private keys never exposed in tool responses
• No external API calls required for core operations

---

Research Paper

Attestix is described in a research paper covering system architecture, cryptographic pipeline, EU AI Act compliance automation, and evaluation with 531 automated tests (440 functional + 91 RFC / W3C conformance benchmarks).

Attestix: A Unified Attestation Infrastructure for Autonomous AI Agents Pavan Kumar Dubasi, VibeTensor Private Limited, 2026.

Citing Attestix

If you use Attestix in your research, please cite:

@article{dubasi2026attestix,
  title     = {Attestix: A Unified Attestation Infrastructure for Autonomous AI Agents},
  author    = {Dubasi, Pavan Kumar},
  year      = {2026},
  url       = {https://github.com/VibeTensor/attestix},
  note      = {Open-source. Apache License 2.0}
}

---

Documentation

Full documentation at attestix.io/docs

Guide	Description
Getting Started	Installation and first identity in 5 minutes
EU AI Act Compliance	Step-by-step compliance workflow
Risk Classification	How to determine your AI system's risk category
Architecture	System design and data flows
API Reference	All 47 tools with parameter tables
Integration Guide	LangChain, OpenAI Agents SDK, CrewAI, MCP client
Configuration	Environment variables, storage, Docker
Research Paper	Paper, citation formats, evaluation highlights
Reputation Scoring	Recency-weighted trust scoring and categories
Examples	End-to-end code examples for common workflows

---

Disclaimer

Attestix generates machine-readable, cryptographically signed compliance documentation. It is a documentation and evidence tooling system. It does not replace legal counsel, notified body assessments, or official regulatory submissions. Always consult qualified legal professionals for compliance decisions.

---

Sponsors

Attestix is free and open-source. If you or your organization benefit from it, please consider sponsoring to support continued development, security audits, and infrastructure.

---

Contributing

See CONTRIBUTING.md for development setup and guidelines.

License

Apache License 2.0. See LICENSE.

---

Built by VibeTensor