Your AI agent just spent $47 calling three different APIs. The LLM hallucinated a function call, the payment went through, and now you're staring at logs trying to figure out what happened.
Sound familiar?
As autonomous agents move from demos to production, one question keeps surfacing: who proves what the agent actually did?
Logs are mutable. Timestamps are forgeable. API responses vanish. When something goes wrong — a double charge, a compliance audit, a disputed transaction — you have nothing cryptographically binding to show for it.
We built Trust Layer to solve this. Here's how.
The Problem: Agent Accountability Has No Standard
Consider a typical agentic workflow:
- Agent decides to call a third-party API
- Agent sends a payment via Stripe
- Agent receives a response and acts on it
At every step, there is zero cryptographic proof that the request was actually sent as described, the response wasn't tampered with, the payment matches the service delivered, or that any of this happened at the claimed time.
Traditional logging doesn't solve this. Logs sit on your infrastructure — you control them. In a dispute, the other party has no reason to trust your records. And regulators (hello, EU AI Act Article 14) increasingly want more than "here's our database."
This is especially acute for:
- Agent-to-agent commerce — Agent A pays Agent B, but who arbitrates when things go wrong?
- Compliance-sensitive sectors — Finance, healthcare, legal, where "the agent did it" isn't an acceptable answer
- Multi-tenant agent platforms — You need to prove to your customer what their agent did on your watch
The Architecture: Three Independent Witnesses
Trust Layer acts as a certifying proxy. Your agent sends API calls through it. For each call, we produce a proof backed by three independent cryptographic witnesses.
Witness 1: Ed25519 Digital Signature
We compute SHA-256 hashes of the exact request and response payloads (canonical JSON — sorted keys, no whitespace), then chain them into a single binding hash:
chain_hash = SHA256(
request_hash + response_hash +
payment_id + timestamp +
buyer_fingerprint + seller_domain
)
This chain hash is signed with our Ed25519 private key. Any modification to any component — one changed byte in the request, a different timestamp, a swapped response — invalidates the entire signature.
Witness 2: RFC 3161 Timestamp Authority
The chain hash is submitted to an independent Timestamp Authority (we use a pool: DigiCert, Sectigo, FreeTSA). The TSA returns a signed timestamp token proving the proof existed at that exact moment. We don't control the TSA — nobody can backdate a proof.
Witness 3: Sigstore Rekor Transparency Log
The proof is anchored in Sigstore's Rekor — the same append-only transparency log the Linux Foundation uses for software supply chain security. Once an entry is written, it cannot be modified or deleted. Anyone can query it independently.
The result: three parties that don't trust each other all agree on what happened and when. To forge a proof, you'd need to compromise ArkForge's signing key, a WebTrust-certified timestamp authority, and the Sigstore public log simultaneously.
Demo: Three Curl Commands to a Verified Proof
Step 1 — Get a free API key
curl -X POST https://arkforge.fr/trust/v1/keys/free-signup \
-H "Content-Type: application/json" \
-d '{"email": "dev@yourcompany.com"}'
{
"api_key": "mcp_free_abc123...",
"plan": "free",
"limit": "500 proofs/month"
}
No credit card required. 500 proofs/month on the free tier.
Step 2 — Make a certified API call
curl -X POST https://arkforge.fr/trust/v1/proxy \
-H "X-Api-Key: mcp_free_abc123..." \
-H "Content-Type: application/json" \
-d '{
"target": "https://httpbin.org/post",
"payload": {"task": "sentiment", "text": "quarterly results"},
"description": "Sentiment analysis for Q1 report"
}'
Trust Layer forwards the call to the target API, captures the exact response, and wraps everything in a cryptographic proof:
{
"proof": {
"proof_id": "prf_20260306_143021_a7b3c1",
"hashes": {
"request": "sha256:18d7c97a...",
"response": "sha256:67b6c0ce...",
"chain": "sha256:a000c264..."
},
"arkforge_signature": "ed25519:EAjlMGb8g...",
"timestamp_authority": {
"status": "verified",
"provider": "digicert.com"
},
"transparency_log": {
"provider": "sigstore-rekor",
"log_index": 1042954398,
"verify_url": "https://search.sigstore.dev/?logIndex=1042954398"
},
"verification_url": "https://arkforge.fr/trust/v1/proof/prf_20260306_143021_a7b3c1"
},
"service_response": {
"status": 200,
"body": { "sentiment": "positive", "confidence": 0.87 }
}
}
Your agent gets the original API response plus a proof object. The response headers also carry the proof link via X-ArkForge-Proof, so even if your code doesn't parse the proof JSON, the evidence is there.
Step 3 — Verify independently
curl https://arkforge.fr/trust/v1/proof/prf_20260303_161853_4d0904
Anyone with the proof ID can verify it — no account, no API key. The proof page shows the full chain hash, Ed25519 signature status, RFC 3161 timestamp with TSA identity, and a direct link to the Sigstore Rekor entry in the public log.
Or verify it yourself from scratch:
# Recompute the chain hash from its components
echo -n "${REQUEST_HASH}${RESPONSE_HASH}${PAYMENT_ID}${TIMESTAMP}${UPSTREAM_TIMESTAMP}${BUYER}${SELLER}" \
| sha256sum | cut -d' ' -f1
# Compare with proof.hashes.chain — match means untampered
No SDK. No trust assumption. Just SHA-256 and a public key.
Three Levels of Proof Injection
Every certified call carries proof at three levels simultaneously:
Level 1 — JSON body (for your agent's code):
"_arkforge_attestation": {
"id": "prf_...",
"seal": "https://arkforge.fr/trust/v1/proof/prf_...",
"status": "VERIFIED_TRANSACTION"
}
Level 2 — HTTP headers (for middleware and observability):
X-ArkForge-Proof-ID: prf_20260306_143021_a7b3c1
X-ArkForge-Verified: true
Level 3 — HTML verification page (for humans and auditors):
A public page with a color-coded badge — green (fully verified), orange (timestamp pending), red (integrity check failed).
Why Not Just Hash Everything Yourself?
You could compute SHA-256 hashes of your API calls. But self-signed proofs prove nothing in a dispute — you need independent third parties. Trust Layer coordinates three of them in a single API call.
RFC 3161 is a binary ASN.1 protocol. Sigstore Rekor requires ECDSA signing and specific payload formats. We handle the protocol complexity so you don't have to.
And consistency matters. Every proof follows the same chain hash formula, the same signature scheme, the same verification flow. An auditor can verify thousands of proofs programmatically with a single script.
Pricing
| Plan | Cost | Proofs/month |
|---|---|---|
| Free | $0 | 500 |
| Pro | EUR 29/mo | 5,000 |
| Enterprise | EUR 149/mo | 50,000 |
All tiers include all three witnesses (Ed25519 + RFC 3161 + Sigstore Rekor). Free tier — no credit card, no trial period, no catch.
When Does This Make Sense?
This isn't meant for every API call. It's for transactions where you need evidence:
- Agent spending — Prove your agent received the service it paid for
- Regulatory compliance — EU AI Act traceability, financial audit trails
- Client-facing agents — Show clients exactly what their agent did, with proof they can verify themselves
- Agent-to-agent workflows — Replace trust assumptions with cryptographic verification
- Dispute resolution — Timestamped, triple-signed evidence instead of "check the logs"
Try It
Free tier, no credit card, 500 proofs/month:
curl -X POST https://arkforge.fr/trust/v1/keys/free-signup \
-H "Content-Type: application/json" \
-d '{"email": "you@example.com"}'
Docs: arkforge.fr/trust | Source: github.com/ark-forge/trust-layer | Questions: contact@arkforge.fr
Top comments (0)