My autonomous agent calls Claude, Mistral, and a payment API in the same workflow. Three providers, three different trust models, zero shared audit trail.
That was the starting point. We needed a proof format that works across any provider, any model, any infrastructure. Not locked to one cloud vendor's attestation system. Not dependent on ArkForge to verify.
So we wrote an open spec. It's CC BY 4.0, anyone can implement it, and verification requires nothing but sha256sum and jq.
The core idea
Every API call through Trust Layer produces a JSON proof. The proof binds six components into a single SHA-256 chain hash:
chain_hash = SHA256(
request_hash
+ response_hash
+ transaction_id
+ timestamp
+ buyer_fingerprint
+ seller
)
If any component changes after the fact, the chain hash breaks. No special tooling needed to check it.
What a proof looks like
{
"proof_id": "prf_20260303_193401_2e94f5",
"timestamp": "2026-03-03T19:34:01Z",
"hashes": {
"request": "sha256:a1b2c3...",
"response": "sha256:d4e5f6...",
"chain": "sha256:7g8h9i..."
},
"parties": {
"buyer_fingerprint": "sha256_of_api_key",
"seller": "api.example.com"
},
"verification_url": "https://arkforge.tech/trust/v1/proof/prf_20260303_193401_2e94f5"
}
The verification_url is a convenience. You don't need it. You can recompute the chain hash yourself.
Verify in one line
printf '%s' "${REQUEST_HASH}${RESPONSE_HASH}${PAYMENT_ID}${TIMESTAMP}${BUYER}${SELLER}" \
| sha256sum | cut -d' ' -f1
Compare the output to hashes.chain. Match = intact. Mismatch = tampered.
No ArkForge account needed. No SDK. No API call. Just standard crypto primitives.
Why provider-agnostic matters
AWS builds attestation for AWS agents. Anthropic builds it for Claude agents. OpenAI for GPT agents. Each creates a trust silo.
Real production systems don't live in one silo. My agent calls Claude for reasoning, Mistral for translation, a payment API for billing, and an internal service for storage. Four providers, one workflow.
No single vendor can certify that entire chain. The proof format doesn't care who the provider is. It hashes the request and response as opaque JSON. The upstream service doesn't even know it's being certified.
That's the point. Trust shouldn't depend on which model you picked.
Three independent witnesses
The chain hash is the foundation. On top of it, each proof can carry up to three independent witnesses:
- Ed25519 signature -- proves ArkForge issued the proof (origin, not just integrity)
- RFC 3161 timestamp -- independent authority confirms when the proof existed
- Sigstore Rekor entry -- public append-only log, operated by the Linux Foundation
Free tier gets all three. No payment required to get a verifiable proof.
Test vectors included
The spec ships with 7 test vectors covering edge cases: empty payloads, unicode, upstream timestamps, receipt hashes. Any conformant implementation must pass all of them.
# Clone and verify locally
git clone https://github.com/ark-forge/proof-spec
cd proof-spec
cat test-vectors.json | python3 -c "
import json, hashlib, sys
vectors = json.load(sys.stdin)
for v in vectors['vectors']:
computed = hashlib.sha256(v['input'].encode()).hexdigest()
status = 'PASS' if computed == v['expected'] else 'FAIL'
print(f'{status}: {v[\"name\"]}')"
Try it
curl -X POST https://arkforge.tech/trust/v1/proxy \
-H "X-Api-Key: YOUR_FREE_KEY" \
-H "Content-Type: application/json" \
-d '{"target": "https://api.example.com/data"}'
The response includes the upstream result plus a full proof JSON. Get a free API key -- 500 proofs/month, no credit card.
What's next
The spec is v2.0.0 and we're looking for co-implementers. If you're building agent infrastructure and want interoperable proofs, the format is yours to use.
Full spec: github.com/ark-forge/proof-spec
Reference implementation: github.com/ark-forge/trust-layer
Top comments (0)