|
| 1 | +--- |
| 2 | +title: "One Signature, Six Languages: Verifiable AI Agent Credentials Everywhere" |
| 3 | +publishedAt: "2026-05-30" |
| 4 | +summary: Attestix 0.4.0 ships with offline credential verifiers in Python, JavaScript, Go, Rust, Java, and R — six independent implementations that agree on one signature, validated against a single public conformance suite. Issue once, verify anywhere, trust no vendor. |
| 5 | +author: "Pavan Kumar Dubasi" |
| 6 | +--- |
| 7 | + |
| 8 | +An AI agent just made a decision on someone's loan application. A credential says which agent did it, under whose authority, against which compliance profile, signed with a key only that agent controls. Now a regulator wants to check that credential is real and unaltered. |
| 9 | + |
| 10 | +The regulator runs Java. The fintech that issued it runs Python. The auditor lives in R. The agent platform is written in Go. |
| 11 | + |
| 12 | +If verification only works in the language the credential was *issued* in, that credential isn't verifiable — it's a vendor lock-in dressed up as trust. |
| 13 | + |
| 14 | +Today, with **Attestix 0.4.0**, that's solved. An Attestix credential is verifiable offline in **six independent language implementations** — Python, JavaScript/TypeScript, Go, Rust, Java, and R — and all six are proven to agree against **one public conformance suite**. |
| 15 | + |
| 16 | +## Issue once. Verify anywhere. |
| 17 | + |
| 18 | +The design decision underneath this matters more than the package count. |
| 19 | + |
| 20 | +We did **not** reimplement the entire Attestix framework — the compliance engine, the 47 MCP tools, the storage layer, the issuance pipeline — six times. That would be six chances to get the cryptography subtly wrong and a maintenance burden that guarantees drift. |
| 21 | + |
| 22 | +Instead, the architecture splits cleanly: |
| 23 | + |
| 24 | +- **Issuance** — the heavy, stateful work of minting a credential, running the EU AI Act conformity checks, anchoring to Base L2, persisting the audit chain — stays single-source in the Python core (and the hosted Cloud). |
| 25 | +- **Verification** — confirming a credential is authentic, untampered, unexpired, and that its delegation chain holds — is the part that has to run *everywhere*. So that's what we port. |
| 26 | + |
| 27 | +> **Issue once. Verify anywhere — offline, no Python runtime, nothing uploaded.** |
| 28 | +
|
| 29 | +A verifier is small: Ed25519 signature checking, the canonical serialization, a `did:key` decoder, and delegation-chain attenuation logic. Small enough to ship in every language. Trust-critical enough that it *must* be. |
| 30 | + |
| 31 | +## The hard part: one canonical form, six times, byte-for-byte |
| 32 | + |
| 33 | +Verifying an Ed25519 signature is easy. Reproducing the **exact bytes** that were signed, in six languages, is where projects quietly fail. |
| 34 | + |
| 35 | +Attestix signs over a JCS-*style* canonical form — and the emphasis on *style* is the whole game. It is **not** strict RFC 8785. The rules are specific: keys sorted by Unicode code point, `(",", ":")` separators with no whitespace, NFC normalization, raw UTF-8 with no `\u` escapes, whole-number floats serialized as integers, base64url signatures **with** padding, and a credential signs every field *except* its own `proof` and `credentialStatus`. |
| 36 | + |
| 37 | +Get any one of those wrong and your verifier produces different bytes, computes a different hash, and rejects a perfectly valid credential — or worse, accepts a tampered one. |
| 38 | + |
| 39 | +So before writing a single port, we published the contract: **`spec/verify/v1`** — a set of machine-readable test vectors generated from the real Attestix 0.4.0 crypto, plus the canonical-form specification documented down to the byte. Each vector carries the input, the expected verdict, and where relevant the canonical bytes as hex, the signature, and the decoded public key. |
| 40 | + |
| 41 | +Every language implementation asserts against those vectors. A failing vector doesn't mean the vector is wrong — it means the port is wrong, usually in the canonicalizer. They all pass now. That's not a claim; it's a CI gate in six repositories. |
| 42 | + |
| 43 | +## What "six independent engines" actually buys you |
| 44 | + |
| 45 | +This is the part that's hard for a competitor to match. |
| 46 | + |
| 47 | +Most agent-governance and AI-compliance tools — including the well-funded ones — are a **single implementation**. Their credential is only as trustworthy as their one codebase, and verifying it means running their tool and trusting it got the crypto right. |
| 48 | + |
| 49 | +Six independent engines agreeing on one vector suite is a different category of claim: |
| 50 | + |
| 51 | +- **No single-implementation risk.** A bug in one verifier is caught by the other five disagreeing. |
| 52 | +- **No vendor in the loop.** A regulator verifies in their own Java stack. The credential never touches our servers. There's nothing to phone home to. |
| 53 | +- **Genuine interoperability.** This is the same standard the cross-engine identity community has been building toward — independent engines verifying each other's signatures. Attestix now brings several engines to that table at once. |
| 54 | + |
| 55 | +In plain terms: an Attestix credential is meant to be as universally checkable as a passport — not locked to one company's app. |
| 56 | + |
| 57 | +## Available today |
| 58 | + |
| 59 | +The verifiers are real, public, and CI-green: |
| 60 | + |
| 61 | +| Language | Verify a credential with | |
| 62 | +|---|---| |
| 63 | +| **Python** | `pip install attestix` (the full library) | |
| 64 | +| **Go** | `go get github.com/VibeTensor/attestix-go` | |
| 65 | +| **JavaScript / TypeScript** | `npm install @vibetensor/attestix` (bare `attestix` rolling out) | |
| 66 | +| **Rust** | `attestix-rs` (crates.io publish imminent) | |
| 67 | +| **Java** | `attestix-java` (Maven Central publish in progress) | |
| 68 | +| **R** | `attestix-r` (CRAN submission in progress) | |
| 69 | + |
| 70 | +And if you never want to install anything at all, paste a credential into [attestix.io/verify](https://attestix.io/verify) — it verifies in your browser, locally, with nothing uploaded. |
| 71 | + |
| 72 | +The full conformance matrix, the canonical-form spec, and the test vectors are open. The point of attestation infrastructure is that you don't have to take our word for any of it. |
| 73 | + |
| 74 | +Issue once. Verify anywhere. Trust the math, not the vendor. |
| 75 | + |
| 76 | +--- |
| 77 | + |
| 78 | +*Attestix is built by VibeTensor Private Limited, India-incorporated, as open-source attestation infrastructure for AI agents. It is evidence tooling, not a guarantor of compliance — providers and deployers remain liable under EU AI Act Articles 16–22. Base L2 anchoring is on Sepolia testnet.* |
0 commit comments