Skip to content

independent · signed · witnessed · offline

Proof your agents' code passed

When an AI agent ships code, "it passed" comes from the same system that wrote it. auths-curve is the neutral referee: it re-runs the correctness checks RED-first, signs an independent verdict, and emits an attestation anyone can re-verify — offline, with no server, CA, or account to trust.

Quickstart    How it works


See it prove itself

bash demo.sh

One command runs the whole chain and ends with the line that matters:

● integration: 16 receipt(s), chain holds, signatures verify
✓ every chain holds and every signature verifies
           ↳ bound to OTEL trace 4bf92f3577b3… span 00f067aa0ba9…
ALL VERIFIED (offline)
merge-gate: ALLOW — HEAD is backed by a valid, re-verified attestation

Every green check above was re-computed from the repository, not read from a dashboard. That is the whole idea: evidence, not assurances.


What you get

  • An independent verdict


    A gate re-runs each correctness check RED-first — every check is proven able to fail against a kept counterexample before it is allowed to pass. The verdict is the gate's, not the agent's.

  • Signed by a machine identity


    Every verdict is signed by an agent identity (did:keri:, carrying a capability attestation) — a machine actor, never a borrowed developer key.

  • Counter-signed by a witness


    A second, independent agent cosigns every verdict. Structural neutrality: the referee cannot mark its own homework.

  • Anchored, tamper-evident


    Each verdict is a DSSE in-toto attestation, and the receipt chain is anchored in a transparency log with an offline inclusion proof. Edit the evidence and it stops verifying.

  • Verifiable offline


    Verification needs only the public key and the repository — no network, no CA, no server. The repository is the root of trust; anyone can check it from a clone.

  • Enforced at the merge


    A CI merge-gate blocks a merge unless a valid, re-verified attestation exists for the change — proof becomes policy, not a suggestion.


Explore

  • Overview


    The problem with agent-written code, and what a re-verifiable proof changes.

    Why it matters →

  • Quickstart


    Run the whole chain in one command and watch it verify itself, offline.

    Get going →

  • The evidence bundle


    What is produced per verdict — signed, witnessed, anchored — and why each layer.

    See the anatomy →

  • Verify it yourself


    Re-verify every signature and proof from a fresh clone. Don't trust — check.

    Re-verify →

View on GitHub