-brightgreen){kind=icon}
TrustProof Protocol defines signed action receipts — compact Ed25519/EdDSA JWTs that bind a subject, policy snapshot, action, hashed inputs/outputs, timestamp, jti, and tamper-evident chain. Interoperable with W3C Verifiable Credentials, Mastercard Verifiable Intent, Google AP2, and all major agent frameworks.
- Protocol (OSS): Schema + canonicalization + hashing + chain rules + golden vectors + SDKs + CLI
- Enterprise layer (Verdicto): KYH/KYA identity, policy engine, hosted verification, dashboards, webhooks, step-up UX, multi-tenant keys, SLAs
protocol_refs— Link TrustProofs to external protocol artifacts: Mastercard Verifiable Intent, Google AP2 mandates, Stripe ACP sessions, Coinbase x402 payments, Google A2A tasks, Anthropic MCP tool calls, and upstream TrustProofs from other platforms (Proof Mesh)vc_profile— Map TrustProof claims to W3C Verifiable Credential Data Model 2.0 for interoperability with VC verifiers and wallets- Action type prefixes — Recommended namespaced types for OpenClaw, LangChain, CrewAI, autoresearch, A2A, and MCP
- Proof Mesh — Multi-issuer chain verification: validate trust chains spanning multiple platforms, signing keys, and issuers
- Golden vector
v006— Cross-protocol proof with VC profile validation - Timing-safe comparison — All chain verification uses
hmac.compare_digest(Python) to prevent side-channel attacks - All new fields are optional. v0.1 proofs remain fully valid.
TrustProof protocol_refs links to any agentic commerce protocol:
| Protocol | Field | Organization |
|---|---|---|
| Verifiable Intent | verifiable_intent_id |
Mastercard |
| AP2 Mandates | ap2_mandate_id |
|
| A2A Tasks | a2a_task_id |
|
| Agentic Commerce | acp_checkout_id |
Stripe / OpenAI |
| x402 Payments | x402_payment_hash |
Coinbase |
| MCP Tool Calls | mcp_tool_call_id |
Anthropic |
| Upstream Proofs | upstream_proof |
TrustProof Mesh |
pnpm install
pnpm spec:validate
pnpm --filter @trustproof/sdk build
pnpm --filter @trustproof/sdk test
cd packages/py && python -m pytest -q && cd -Generate and verify a proof:
node --input-type=module -e "
import {generateKeyPairSync} from 'node:crypto';
import fs from 'node:fs';
import {generate} from './packages/js/dist/index.js';
const c = JSON.parse(fs.readFileSync('./spec/examples/allow.json','utf8'));
const {privateKey, publicKey} = generateKeyPairSync('ed25519');
const priv = privateKey.export({format:'pem',type:'pkcs8'}).toString();
const pub = publicKey.export({format:'pem',type:'spki'}).toString();
const jwt = await generate(c, priv);
fs.writeFileSync('/tmp/tp.jwt', jwt);
fs.writeFileSync('/tmp/tp.pub.pem', pub);"
node packages/js/dist/cli.js inspect "$(cat /tmp/tp.jwt)"
node packages/js/dist/cli.js verify "$(cat /tmp/tp.jwt)" --pubkey /tmp/tp.pub.pemRun generate/verify/chain in-browser — no install required:
What it is:
- Stable claims envelope (JSON Schema)
- Deterministic canonicalization + hashing
- Tamper-evident chain rule
- Golden vectors to prevent SDK drift
- SDKs + CLI to generate/verify/inspect
What it isn't:
- Not KYC/KYB
- Not an IdP or auth provider
- Not hosted verification (that's Verdicto)
# TypeScript
node packages/js/dist/cli.js inspect "<jwt>"
node packages/js/dist/cli.js verify "<jwt>" --pubkey "<pem|b64|path>"
# Python
cd packages/py && python -m trustproof inspect "<jwt>"
cd packages/py && python -m trustproof verify "<jwt>" --pubkey "<pem|b64|path>"| Suite | Tests | Status |
|---|---|---|
| TrustProof JS SDK | 43 | ✅ Pass |
| TrustProof Python SDK | 29 | ✅ Pass |
| Total | 72 | ✅ All Pass |
Spec validation (separate from unit tests):
PASS schema: spec/examples/allow.json
PASS schema: spec/examples/deny.json
PASS schema: spec/examples/step_up.json
PASS vector: spec/vectors/v001_allow_basic.json
PASS vector: spec/vectors/v002_deny_basic.json
PASS vector: spec/vectors/v003_stepup_basic.json
PASS vector: spec/vectors/v004_chain_linking.json
PASS vector: spec/vectors/v005_canonicalization_edge.json
PASS vector: spec/vectors/v006_vc_profile.json
| Scope | Includes |
|---|---|
| Protocol (OSS) | Schema, canonicalization rules, hash rules, chain rules, golden vectors, JS/Python SDKs, CLI verify/inspect |
| Enterprise (Verdicto) | Key management at scale, hosted verification, dashboards/logs, policy engine, webhooks, step-up UX, multi-tenant operations, SLA/compliance workflows |
Enterprise capabilities map to protocol primitives and are out of scope for the protocol definition.
├── packages/
│ ├── js/ # @trustproof/sdk (TypeScript — generate/verify/chain + CLI)
│ └── py/ # trustproof (Python — generate/verify/chain + CLI)
├── spec/
│ ├── trustproof.schema.json
│ ├── examples/ # allow.json, deny.json, step_up.json
│ └── vectors/ # v001–v006 golden test vectors
├── integrations/ # LangChain, OpenClaw/NemoClaw, MCP, Autoresearch, OpenAI Agents
├── examples/ # Integration demos, StackBlitz playground
├── docs/ # Spec notes, security, demo runbook, decisions
└── .github/workflows/ # CI for JS, Python, and vector validation
- Schema:
spec/trustproof.schema.json - Examples:
spec/examples/ - Vectors:
spec/vectors/
- Protocol spec
- Security notes
- Demo runbook
- Why now
- LangChain integration
- OpenAI Agents integration
- Adoption guide
- Docs site
pnpm spec:validateenforces schema and golden vector consistency on every commit- Mutate one byte in a signed JWT → verification fails (
INVALID_SIGNATURE/INVALID_PROOF) - Golden vectors lock canonicalization/hashing/chain behavior across both language SDKs
- Timing-safe hash comparison throughout the Python SDK (
hmac.compare_digest) - Protocol proofs use hashes/digests — raw PII payload storage is not required
Issues and PRs welcome. See CONTRIBUTING.md.
Priority areas:
- New agent framework integrations (CrewAI, AutoGen, etc.)
- Additional
protocol_refsbridge implementations - W3C Verifiable Credentials interop testing
- Golden vector contributions
Apache-2.0. Part of the Ataraxia Labs open-source ecosystem.
Ataraxia Labs · San Juan, Puerto Rico · verdicto.dev · W3C AI Agent Protocol CG · Docs