v0.1 · MIT · self-hosted

Every agent call,
cryptographically proven.

AttestProto is a per-tool-call attestation layer for AI agents. Ed25519-signed, schema-validated, and auto-mapped to the regulations your auditors actually cite.

View on GitHub →See use cases
# attestproto v0.1 — sign one tool call $ attestproto sign --agent gpt-4 --tool db.query \ --input '{"sql":"SELECT * FROM applicants"}' \ --out attestation.json # → Ed25519 signed, schema-validated, mapped to: # FCRA §1681m · ECOA Reg B §1002.9 · NYC LL144 §20-870
use cases

Built for the audiences who actually care.

Same protocol, three landing strategies. Pick yours.

NYC LL144

Bias-audit firms

Skip the data-plumbing. Vendors emit signed evidence in the exact shape your selection-rate and impact-ratio computation needs.

Read more →
FCRA · ECOA · CFPB

AI lending fintech

Per-decision attestation maps to Reg B §1002.9 specific-reasons disclosure + 30-day adverse-action notice automatically.

Read more →
EU AI Act · Aug 2 2026

High-risk AI in the EU

Article 12 logs + Article 19 conformity assessment evidence, signed and exportable. Free tier for SMBs under 250 staff.

Read more →
why this exists

Compliance evidence shouldn't be re-built per engagement.

The status quo

Audit infrastructure is hand-rolled per engagement. 40-60% of an audit fee is engineer time on data plumbing — not the actual statistical analysis customers are paying for.

Compliance VPs at lending fintechs spend 0.5-1 FTE rebuilding adverse-action notice paperwork that should be derivable from the decision itself.

What AttestProto does

Every tool call your agent makes is canonicalised (RFC 8785 JCS), Ed25519-signed, and schema-validated. The attestation JSON is the evidence — auto-mappable to the rule citations your regulator inspects.

MIT licence. Self-hosted. No callhome. Your data never leaves your infrastructure.

Read the spec, run the demo, send a question.

v0.1 is shipping. Reference implementations in Python and Node. 162 tests. Spec under MIT.

GitHub →Email Lex