<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:dc="http://purl.org/dc/elements/1.1/">
  <channel>
    <title>DEV Community: GitSerge-crypto</title>
    <description>The latest articles on DEV Community by GitSerge-crypto (@gitsergecrypto).</description>
    <link>https://dev.to/gitsergecrypto</link>
    <image>
      <url>https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3987774%2F775b526f-c82e-4653-9950-cf86e1295e93.png</url>
      <title>DEV Community: GitSerge-crypto</title>
      <link>https://dev.to/gitsergecrypto</link>
    </image>
    <atom:link rel="self" type="application/rss+xml" href="https://dev.to/feed/gitsergecrypto"/>
    <language>en</language>
    <item>
      <title>Two signatures are better than one — bilateral provenance for AI agents</title>
      <dc:creator>GitSerge-crypto</dc:creator>
      <pubDate>Sun, 05 Jul 2026 07:44:52 +0000</pubDate>
      <link>https://dev.to/gitsergecrypto/two-signatures-are-better-than-one-bilateral-provenance-for-ai-agents-3668</link>
      <guid>https://dev.to/gitsergecrypto/two-signatures-are-better-than-one-bilateral-provenance-for-ai-agents-3668</guid>
      <description>&lt;h1&gt;
  
  
  Two signatures are better than one — bilateral provenance for AI agents
&lt;/h1&gt;

&lt;p&gt;An AI agent produces a financial report. You notarize it — a 239-byte cryptographic record, signed by an independent notary, anchored on NEAR. The record proves: &lt;em&gt;this hash existed at this timestamp, and $0.01 USDC was paid for the attestation.&lt;/em&gt;&lt;/p&gt;

&lt;p&gt;A week later, someone asks the obvious question: &lt;strong&gt;who proved the agent wrote the report?&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;Nobody. The notary signed a hash the client submitted. Anyone could have submitted that hash. The PDR proves the hash existed — not that the agent authored the content behind it.&lt;/p&gt;

&lt;p&gt;This is the gap &lt;strong&gt;Bilateral Signature (v0x04)&lt;/strong&gt; closes. The agent signs its own work hash with its Ed25519 key. That signature gets fused into the PDR. Now the record carries two independent signatures — agent and notary — and neither party can repudiate.&lt;/p&gt;

&lt;h2&gt;
  
  
  The binding hash
&lt;/h2&gt;

&lt;p&gt;The mechanism is a single hash:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight ruby"&gt;&lt;code&gt;&lt;span class="n"&gt;binding_hash&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="n"&gt;sha256&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;work_hash&lt;/span&gt; &lt;span class="o"&gt;+&lt;/span&gt; &lt;span class="n"&gt;sig_A&lt;/span&gt; &lt;span class="o"&gt;+&lt;/span&gt; &lt;span class="n"&gt;agent_pubkey&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;ul&gt;
&lt;li&gt;
&lt;code&gt;work_hash&lt;/code&gt; — SHA-256 of the agent's output (32 bytes)&lt;/li&gt;
&lt;li&gt;
&lt;code&gt;sig_A&lt;/code&gt; — agent's Ed25519 signature over &lt;code&gt;work_hash&lt;/code&gt;, NEP-413 standard (64 bytes)&lt;/li&gt;
&lt;li&gt;
&lt;code&gt;agent_pubkey&lt;/code&gt; — agent's Ed25519 public key (32 bytes)&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;This binding hash replaces &lt;code&gt;work_hash&lt;/code&gt; in the PDR's &lt;code&gt;payload_hash&lt;/code&gt; field. The notary then signs the full 175-byte payload — which already contains the binding hash. So the notary's signature covers a record that embeds the agent's signature inside it.&lt;/p&gt;

&lt;p&gt;To forge a v0x04 PDR, you need &lt;strong&gt;two&lt;/strong&gt; private keys: the notary's Ed25519 seed and the agent's Ed25519 key. With the ordinary v0x03, you only need the notary's. Bilateral doubles the compromise requirement.&lt;/p&gt;

&lt;h2&gt;
  
  
  What actually changed
&lt;/h2&gt;

&lt;p&gt;Almost nothing structurally — and that's the point.&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;&lt;/th&gt;
&lt;th&gt;v0x03 (ordinary)&lt;/th&gt;
&lt;th&gt;v0x04 (bilateral)&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;Version byte&lt;/td&gt;
&lt;td&gt;&lt;code&gt;0x03&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;&lt;code&gt;0x04&lt;/code&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;payload_hash&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;&lt;code&gt;sha256(work_result)&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;binding hash&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Agent signature&lt;/td&gt;
&lt;td&gt;not required&lt;/td&gt;
&lt;td&gt;Ed25519 over work_hash&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Size&lt;/td&gt;
&lt;td&gt;239 bytes&lt;/td&gt;
&lt;td&gt;239 bytes&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Price&lt;/td&gt;
&lt;td&gt;$0.01&lt;/td&gt;
&lt;td&gt;$0.01&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;Same binary layout. Same 239 bytes. Same NEP-413 notary signature. The parser handles both by checking the version byte. All 9 existing mainnet PDRs (v0x03) remain valid — no migration, no fork.&lt;/p&gt;

&lt;p&gt;The notary auto-selects the version: if the request includes &lt;code&gt;agent_sig&lt;/code&gt; + &lt;code&gt;agent_pubkey&lt;/code&gt; → v0x04. If not → v0x03. No explicit version parameter.&lt;/p&gt;

&lt;h2&gt;
  
  
  The agent signs first
&lt;/h2&gt;

&lt;p&gt;Before anything reaches the notary, the agent signs its own work hash:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight python"&gt;&lt;code&gt;&lt;span class="kn"&gt;import&lt;/span&gt; &lt;span class="n"&gt;hashlib&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="n"&gt;struct&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="n"&gt;base64&lt;/span&gt;
&lt;span class="kn"&gt;from&lt;/span&gt; &lt;span class="n"&gt;nacl.signing&lt;/span&gt; &lt;span class="kn"&gt;import&lt;/span&gt; &lt;span class="n"&gt;SigningKey&lt;/span&gt;

&lt;span class="c1"&gt;# Agent's Ed25519 key
&lt;/span&gt;&lt;span class="n"&gt;agent_key&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="nc"&gt;SigningKey&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="nf"&gt;bytes&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="mi"&gt;32&lt;/span&gt;&lt;span class="p"&gt;))&lt;/span&gt;  &lt;span class="c1"&gt;# use your real key
&lt;/span&gt;&lt;span class="n"&gt;agent_pubkey_hex&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="n"&gt;agent_key&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="n"&gt;verify_key&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;encode&lt;/span&gt;&lt;span class="p"&gt;().&lt;/span&gt;&lt;span class="nf"&gt;hex&lt;/span&gt;&lt;span class="p"&gt;()&lt;/span&gt;

&lt;span class="c1"&gt;# Agent produced this output
&lt;/span&gt;&lt;span class="n"&gt;report&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="sa"&gt;b&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;Q3 revenue projection: $2.4M based on agent analysis...&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;
&lt;span class="n"&gt;work_hash&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="n"&gt;hashlib&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;sha256&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;report&lt;/span&gt;&lt;span class="p"&gt;).&lt;/span&gt;&lt;span class="nf"&gt;digest&lt;/span&gt;&lt;span class="p"&gt;()&lt;/span&gt;

&lt;span class="c1"&gt;# NEP-413: Tag(u32 LE) + Len(u32 LE) + message — raw, no pre-hash
&lt;/span&gt;&lt;span class="n"&gt;nep413_buffer&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="n"&gt;struct&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;pack&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;&amp;lt;II&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="mi"&gt;2147484061&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="nf"&gt;len&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;work_hash&lt;/span&gt;&lt;span class="p"&gt;))&lt;/span&gt; &lt;span class="o"&gt;+&lt;/span&gt; &lt;span class="n"&gt;work_hash&lt;/span&gt;
&lt;span class="n"&gt;agent_sig&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="n"&gt;agent_key&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;sign&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;nep413_buffer&lt;/span&gt;&lt;span class="p"&gt;).&lt;/span&gt;&lt;span class="n"&gt;signature&lt;/span&gt;
&lt;span class="n"&gt;agent_sig_b64&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="n"&gt;base64&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;b64encode&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;agent_sig&lt;/span&gt;&lt;span class="p"&gt;).&lt;/span&gt;&lt;span class="nf"&gt;decode&lt;/span&gt;&lt;span class="p"&gt;()&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;NEP-413 signs the &lt;strong&gt;raw&lt;/strong&gt; buffer — no SHA-256 pre-hash. The signature covers &lt;code&gt;Tag + Len + work_hash_bytes&lt;/code&gt; directly. Same standard NEAR uses for transaction signing.&lt;/p&gt;

&lt;h2&gt;
  
  
  Notarize with the agent signature
&lt;/h2&gt;



&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;curl &lt;span class="nt"&gt;-s&lt;/span&gt; https://api.aotrust.link/v1/notarize &lt;span class="se"&gt;\&lt;/span&gt;
  &lt;span class="nt"&gt;-H&lt;/span&gt; &lt;span class="s2"&gt;"Content-Type: application/json"&lt;/span&gt; &lt;span class="se"&gt;\&lt;/span&gt;
  &lt;span class="nt"&gt;-H&lt;/span&gt; &lt;span class="s2"&gt;"X-Payment: &amp;lt;base64-encoded EIP-3009 payload&amp;gt;"&lt;/span&gt; &lt;span class="se"&gt;\&lt;/span&gt;
  &lt;span class="nt"&gt;-d&lt;/span&gt; &lt;span class="s1"&gt;'{
    "work_hash": "a1b2c3d4...sha256_of_output...",
    "agent_sig": "BASE64_AGENT_ED25519_SIGNATURE",
    "agent_pubkey": "HEX_AGENT_ED25519_PUBLIC_KEY"
  }'&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Inside the notary:&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;
&lt;strong&gt;Verifies &lt;code&gt;sig_A&lt;/code&gt; against &lt;code&gt;agent_pubkey&lt;/code&gt;&lt;/strong&gt; — before payment, before anything else&lt;/li&gt;
&lt;li&gt;Verifies EIP-3009 payment on Base (~2s)&lt;/li&gt;
&lt;li&gt;Computes &lt;code&gt;binding_hash = sha256(work_hash + sig_A + agent_pubkey)&lt;/code&gt;
&lt;/li&gt;
&lt;li&gt;Builds 239-byte PDR — version &lt;code&gt;0x04&lt;/code&gt;, binding hash in &lt;code&gt;payload_hash&lt;/code&gt;
&lt;/li&gt;
&lt;li&gt;Signs the 175-byte payload with notary Ed25519 key&lt;/li&gt;
&lt;li&gt;Returns base64 PDR
&lt;/li&gt;
&lt;/ol&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight json"&gt;&lt;code&gt;&lt;span class="p"&gt;{&lt;/span&gt;&lt;span class="w"&gt;
  &lt;/span&gt;&lt;span class="nl"&gt;"job_id"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"a1b2c3d4-e5f6-7890-abcd-ef1234567890"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt;
  &lt;/span&gt;&lt;span class="nl"&gt;"status"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"notarized"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt;
  &lt;/span&gt;&lt;span class="nl"&gt;"pdr_b64"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"BQFCAUJ...239_bytes_base64..."&lt;/span&gt;&lt;span class="w"&gt;
&lt;/span&gt;&lt;span class="p"&gt;}&lt;/span&gt;&lt;span class="w"&gt;
&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;The PDR starts with &lt;code&gt;BQ&lt;/code&gt; — base64 for &lt;code&gt;0x04 0x01&lt;/code&gt; (version=bilateral, scheme=Ed25519). An ordinary PDR starts with &lt;code&gt;Aw&lt;/code&gt; (&lt;code&gt;0x03 0x01&lt;/code&gt;). You can tell which version at a glance.&lt;/p&gt;

&lt;h2&gt;
  
  
  Two independent verification paths
&lt;/h2&gt;

&lt;p&gt;This is the real payoff. After notarization, you have &lt;strong&gt;two separate cryptographic proofs&lt;/strong&gt; — each verifiable independently, each requiring a different public key.&lt;/p&gt;

&lt;h3&gt;
  
  
  Path 1: Notary signature (the PDR itself)
&lt;/h3&gt;



&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;curl &lt;span class="nt"&gt;-s&lt;/span&gt; &lt;span class="s2"&gt;"https://api.aotrust.link/v1/pdr/verify/BQFCAUJ...your_pdr_b64..."&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;





&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight json"&gt;&lt;code&gt;&lt;span class="p"&gt;{&lt;/span&gt;&lt;span class="w"&gt;
  &lt;/span&gt;&lt;span class="nl"&gt;"valid"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="kc"&gt;true&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt;
  &lt;/span&gt;&lt;span class="nl"&gt;"version"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="mi"&gt;4&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt;
  &lt;/span&gt;&lt;span class="nl"&gt;"binding_hash"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="kc"&gt;true&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt;
  &lt;/span&gt;&lt;span class="nl"&gt;"payload_hash"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"b3c4d5e6..."&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt;
  &lt;/span&gt;&lt;span class="nl"&gt;"timestamp_utc"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="mi"&gt;1751700000&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt;
  &lt;/span&gt;&lt;span class="nl"&gt;"payment_anchor_type"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="mi"&gt;5&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt;
  &lt;/span&gt;&lt;span class="nl"&gt;"anchor"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="p"&gt;{&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="nl"&gt;"near_tx"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"H4MaR5..."&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="nl"&gt;"confirmed"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="kc"&gt;true&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="p"&gt;}&lt;/span&gt;&lt;span class="w"&gt;
&lt;/span&gt;&lt;span class="p"&gt;}&lt;/span&gt;&lt;span class="w"&gt;
&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Or fully offline — the parser is a single Python file, zero dependencies:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;curl &lt;span class="nt"&gt;-sO&lt;/span&gt; https://raw.githubusercontent.com/GitSerge-crypto/aotrust-skills/main/pdr_parser.py

python3 pdr_parser.py &lt;span class="nt"&gt;--pdr&lt;/span&gt; &lt;span class="s2"&gt;"BQFCAUJ..."&lt;/span&gt; &lt;span class="se"&gt;\&lt;/span&gt;
  &lt;span class="nt"&gt;--pubkey&lt;/span&gt; &lt;span class="s2"&gt;"490f51f23b993eacaff54fc977d9a7689ab7d4ae91504dc6cbdeadb2dbf1f462"&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;





&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;PDR v2.4 — Valid ✓
  version:           4 (bilateral)
  payload_hash:      b3c4d5e6... (binding hash)
  signature:         VALID (Ed25519/NEP-413)
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;This proves: the notary signed the record, the payment was verified, the timestamp is attested, and the record is anchored on NEAR.&lt;/p&gt;

&lt;h3&gt;
  
  
  Path 2: Agent signature (stored in ledger)
&lt;/h3&gt;

&lt;p&gt;The agent's &lt;code&gt;sig_A&lt;/code&gt; isn't in the PDR binary — it's in the notary ledger (the PDR contains the binding hash, not the raw signature). To verify agent authorship:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight python"&gt;&lt;code&gt;&lt;span class="kn"&gt;import&lt;/span&gt; &lt;span class="n"&gt;struct&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="n"&gt;base64&lt;/span&gt;
&lt;span class="kn"&gt;from&lt;/span&gt; &lt;span class="n"&gt;nacl.signing&lt;/span&gt; &lt;span class="kn"&gt;import&lt;/span&gt; &lt;span class="n"&gt;VerifyKey&lt;/span&gt;

&lt;span class="n"&gt;agent_sig_b64&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;BASE64_AGENT_SIG&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;      &lt;span class="c1"&gt;# from notarize response / DB
&lt;/span&gt;&lt;span class="n"&gt;agent_pubkey_hex&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;HEX_AGENT_PUBKEY&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;
&lt;span class="n"&gt;work_hash_hex&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;a1b2c3d4...your_work_hash...&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;

&lt;span class="n"&gt;work_hash&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="nb"&gt;bytes&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;fromhex&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;work_hash_hex&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;
&lt;span class="n"&gt;nep413_buffer&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="n"&gt;struct&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;pack&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;&amp;lt;II&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="mi"&gt;2147484061&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="nf"&gt;len&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;work_hash&lt;/span&gt;&lt;span class="p"&gt;))&lt;/span&gt; &lt;span class="o"&gt;+&lt;/span&gt; &lt;span class="n"&gt;work_hash&lt;/span&gt;

&lt;span class="n"&gt;vk&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="nc"&gt;VerifyKey&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="nb"&gt;bytes&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;fromhex&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;agent_pubkey_hex&lt;/span&gt;&lt;span class="p"&gt;))&lt;/span&gt;
&lt;span class="n"&gt;vk&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;verify&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;nep413_buffer&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="n"&gt;base64&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;b64decode&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;agent_sig_b64&lt;/span&gt;&lt;span class="p"&gt;))&lt;/span&gt;
&lt;span class="c1"&gt;# → no exception = valid
&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;This proves: the agent's Ed25519 key signed this specific &lt;code&gt;work_hash&lt;/code&gt;. The agent cannot deny authorship.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Two signatures. Two keys. Two independent proofs.&lt;/strong&gt; Forged by compromising either party alone? No. The binding hash ties them together — the notary's signature covers a payload that contains the agent's signature fused into the hash.&lt;/p&gt;

&lt;h2&gt;
  
  
  When to use bilateral
&lt;/h2&gt;

&lt;p&gt;If the agent has an Ed25519 key — use v0x04. The cost is identical ($0.01), the size is identical (239 bytes), and you get non-repudiation for free.&lt;/p&gt;

&lt;p&gt;If the agent has no key (third-party notarizing someone else's work, bulk timestamping) — v0x03 is fine. It's proof-of-existence without identity binding.&lt;/p&gt;

&lt;p&gt;The interesting case is &lt;strong&gt;multi-agent pipelines&lt;/strong&gt;. Agent A produces output, agent B refines it, agent C compiles the final report. Each stage can be notarized with a bilateral PDR signed by that stage's agent key. You get a chain of custody where every link has its own Ed25519 signature bound into the record — and the notary attests each link independently.&lt;/p&gt;

&lt;h2&gt;
  
  
  Backward compatibility
&lt;/h2&gt;

&lt;p&gt;The parser handles both versions transparently:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight python"&gt;&lt;code&gt;&lt;span class="kn"&gt;from&lt;/span&gt; &lt;span class="n"&gt;pdr_parser&lt;/span&gt; &lt;span class="kn"&gt;import&lt;/span&gt; &lt;span class="n"&gt;parse_external_pdr&lt;/span&gt;

&lt;span class="n"&gt;parsed&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="nf"&gt;parse_external_pdr&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;base64&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;b64decode&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;pdr_b64&lt;/span&gt;&lt;span class="p"&gt;))&lt;/span&gt;

&lt;span class="k"&gt;if&lt;/span&gt; &lt;span class="n"&gt;parsed&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="n"&gt;version&lt;/span&gt; &lt;span class="o"&gt;==&lt;/span&gt; &lt;span class="mh"&gt;0x03&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;
    &lt;span class="n"&gt;payload&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;work_hash&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;
&lt;span class="k"&gt;elif&lt;/span&gt; &lt;span class="n"&gt;parsed&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="n"&gt;version&lt;/span&gt; &lt;span class="o"&gt;==&lt;/span&gt; &lt;span class="mh"&gt;0x04&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;
    &lt;span class="n"&gt;payload&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;binding hash&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;9 existing mainnet PDRs are v0x03. They stay v0x03. New bilateral PDRs are v0x04. No migration, no re-issuance. The version byte is the only thing the parser branches on.&lt;/p&gt;

&lt;h2&gt;
  
  
  Spec and parser
&lt;/h2&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;PDR spec (v2.3 + v2.4):&lt;/strong&gt; &lt;a href="https://github.com/GitSerge-crypto/aotrust-skills/blob/main/pdr-spec.md" rel="noopener noreferrer"&gt;pdr-spec.md&lt;/a&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Standalone parser:&lt;/strong&gt; &lt;a href="https://github.com/GitSerge-crypto/aotrust-skills/blob/main/pdr_parser.py" rel="noopener noreferrer"&gt;pdr_parser.py&lt;/a&gt; — MIT, zero dependencies, handles v0x02/v0x03/v0x04&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;
  
  
  Try it
&lt;/h2&gt;



&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;&lt;span class="c"&gt;# Health check (no auth)&lt;/span&gt;
curl &lt;span class="nt"&gt;-s&lt;/span&gt; https://api.aotrust.link/health

&lt;span class="c"&gt;# Get a quote — see the 402 response&lt;/span&gt;
curl &lt;span class="nt"&gt;-s&lt;/span&gt; https://api.aotrust.link/v1/notarize/quote &lt;span class="se"&gt;\&lt;/span&gt;
  &lt;span class="nt"&gt;-H&lt;/span&gt; &lt;span class="s2"&gt;"Content-Type: application/json"&lt;/span&gt; &lt;span class="se"&gt;\&lt;/span&gt;
  &lt;span class="nt"&gt;-d&lt;/span&gt; &lt;span class="s1"&gt;'{"work_hash":"0000000000000000000000000000000000000000000000000000000000000000"}'&lt;/span&gt;

&lt;span class="c"&gt;# MCP discovery (4 tools: notary_quote, notary_notarize, notary_verify, notary_notarize_paid)&lt;/span&gt;
curl &lt;span class="nt"&gt;-s&lt;/span&gt; https://api.aotrust.link/.well-known/mcp.json

&lt;span class="c"&gt;# Verify page — paste any PDR base64&lt;/span&gt;
&lt;span class="c"&gt;# https://verify.aotrust.link&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;API:&lt;/strong&gt; &lt;a href="https://api.aotrust.link" rel="noopener noreferrer"&gt;api.aotrust.link&lt;/a&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Docs:&lt;/strong&gt; &lt;a href="https://docs.aotrust.link" rel="noopener noreferrer"&gt;docs.aotrust.link&lt;/a&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;MCP:&lt;/strong&gt; &lt;a href="https://api.aotrust.link/mcp" rel="noopener noreferrer"&gt;api.aotrust.link/mcp&lt;/a&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Source:&lt;/strong&gt; &lt;a href="https://github.com/GitSerge-crypto/aotrust-skills" rel="noopener noreferrer"&gt;github.com/GitSerge-crypto/aotrust-skills&lt;/a&gt;
&lt;/li&gt;
&lt;/ul&gt;




&lt;p&gt;&lt;em&gt;The service is live on mainnet. Bilateral PDRs (v0x04) are supported as of July 2026 — same price, same size, same verification flow. The agent proves it wrote the work. The notary proves it was notarized. Both are math.&lt;/em&gt;&lt;/p&gt;

</description>
      <category>web3</category>
      <category>base</category>
      <category>ai</category>
      <category>cryptography</category>
    </item>
    <item>
      <title>How to prove an AI agent output existed — x402 + NEAR anchoring in practice</title>
      <dc:creator>GitSerge-crypto</dc:creator>
      <pubDate>Sat, 27 Jun 2026 20:35:22 +0000</pubDate>
      <link>https://dev.to/gitsergecrypto/how-to-prove-an-ai-agent-output-existed-x402-near-anchoring-in-practice-2ede</link>
      <guid>https://dev.to/gitsergecrypto/how-to-prove-an-ai-agent-output-existed-x402-near-anchoring-in-practice-2ede</guid>
      <description>&lt;h1&gt;
  
  
  How to prove an AI agent output existed — x402 + NEAR anchoring in practice
&lt;/h1&gt;

&lt;h2&gt;
  
  
  Why this matters
&lt;/h2&gt;

&lt;p&gt;You deployed an AI agent. It generated a financial report, a code review, a medical summary. A week later, someone questions the output. Did the agent actually produce this? When? Was it modified after the fact?&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Logs are mutable. Timestamps lie. Git history can be rewritten.&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;What you need is a cryptographic proof — signed by an independent notary — that binds a specific artifact hash to a specific point in time. And it should cost less than a cent.&lt;/p&gt;

&lt;p&gt;This article walks through a real, working system: &lt;strong&gt;AOTrust&lt;/strong&gt;, a notarization service that issues PDRs (Provenance Data Records) for $0.01 USDC via x402 on Base L2, with Merkle anchoring on NEAR.&lt;/p&gt;

&lt;h2&gt;
  
  
  What you need
&lt;/h2&gt;

&lt;ul&gt;
&lt;li&gt;A Base wallet with $0.01 USDC (10,000 micro-USDC)&lt;/li&gt;
&lt;li&gt;
&lt;code&gt;curl&lt;/code&gt; and &lt;code&gt;python3&lt;/code&gt; (for hashing)&lt;/li&gt;
&lt;li&gt;No API key. No account. No signup.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;The x402 protocol handles payment inline — the API returns HTTP 402, you pay, you retry with the payment header. No billing portal, no subscription, no prepaid credits.&lt;/p&gt;

&lt;h2&gt;
  
  
  Step 1 — Hash your agent output
&lt;/h2&gt;



&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight python"&gt;&lt;code&gt;&lt;span class="kn"&gt;import&lt;/span&gt; &lt;span class="n"&gt;hashlib&lt;/span&gt;

&lt;span class="c1"&gt;# Your agent produced this report
&lt;/span&gt;&lt;span class="n"&gt;report&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="sa"&gt;b&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;The Q3 revenue projection based on agent analysis is $2.4M...&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;

&lt;span class="n"&gt;work_hash&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="n"&gt;hashlib&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;sha256&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;report&lt;/span&gt;&lt;span class="p"&gt;).&lt;/span&gt;&lt;span class="nf"&gt;hexdigest&lt;/span&gt;&lt;span class="p"&gt;()&lt;/span&gt;
&lt;span class="nf"&gt;print&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;work_hash&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;
&lt;span class="c1"&gt;# → e.g. "a1b2c3d4e5f6...64 hex chars..."
&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;The hash is what gets notarized. You keep the actual artifact — the notary never sees it. This is a &lt;strong&gt;blind notarization&lt;/strong&gt;: the PDR proves the hash existed at a point in time, without revealing the content.&lt;/p&gt;

&lt;h2&gt;
  
  
  Step 2 — Request a quote (HTTP 402)
&lt;/h2&gt;



&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;curl &lt;span class="nt"&gt;-s&lt;/span&gt; https://api.aotrust.link/v1/notarize/quote &lt;span class="se"&gt;\&lt;/span&gt;
  &lt;span class="nt"&gt;-H&lt;/span&gt; &lt;span class="s2"&gt;"Content-Type: application/json"&lt;/span&gt; &lt;span class="se"&gt;\&lt;/span&gt;
  &lt;span class="nt"&gt;-d&lt;/span&gt; &lt;span class="s1"&gt;'{"work_hash":"a1b2c3d4e5f6...your_sha256_hash..."}'&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;The API responds with HTTP 402 — Payment Required — in x402 format:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight json"&gt;&lt;code&gt;&lt;span class="p"&gt;{&lt;/span&gt;&lt;span class="w"&gt;
  &lt;/span&gt;&lt;span class="nl"&gt;"x402Version"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="mi"&gt;1&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt;
  &lt;/span&gt;&lt;span class="nl"&gt;"accepts"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="p"&gt;[{&lt;/span&gt;&lt;span class="w"&gt;
    &lt;/span&gt;&lt;span class="nl"&gt;"scheme"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"exact"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt;
    &lt;/span&gt;&lt;span class="nl"&gt;"network"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"base"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt;
    &lt;/span&gt;&lt;span class="nl"&gt;"maxAmountRequired"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"10000"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt;
    &lt;/span&gt;&lt;span class="nl"&gt;"asset"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"0x833589fCD6eDb6E08f4c7C32D4f71b54bdA5fE48"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt;
    &lt;/span&gt;&lt;span class="nl"&gt;"resource"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"https://api.aotrust.link/v1/notarize"&lt;/span&gt;&lt;span class="w"&gt;
  &lt;/span&gt;&lt;span class="p"&gt;}]&lt;/span&gt;&lt;span class="w"&gt;
&lt;/span&gt;&lt;span class="p"&gt;}&lt;/span&gt;&lt;span class="w"&gt;
&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;That &lt;code&gt;maxAmountRequired: 10000&lt;/code&gt; is 10,000 micro-USDC = &lt;strong&gt;$0.01&lt;/strong&gt;. The asset address is USDC on Base. No negotiation, no tiers — flat fee.&lt;/p&gt;

&lt;h2&gt;
  
  
  Step 3 — Pay and notarize in one call
&lt;/h2&gt;

&lt;p&gt;Sign an EIP-3009 &lt;code&gt;transferWithAuthorization&lt;/code&gt; message with your Base wallet (any wallet that supports EIP-3009 — most do). Then send the notarization request with the payment attached:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;curl &lt;span class="nt"&gt;-s&lt;/span&gt; https://api.aotrust.link/v1/notarize &lt;span class="se"&gt;\&lt;/span&gt;
  &lt;span class="nt"&gt;-H&lt;/span&gt; &lt;span class="s2"&gt;"Content-Type: application/json"&lt;/span&gt; &lt;span class="se"&gt;\&lt;/span&gt;
  &lt;span class="nt"&gt;-H&lt;/span&gt; &lt;span class="s2"&gt;"X-Payment: &amp;lt;base64-encoded EIP-3009 payload&amp;gt;"&lt;/span&gt; &lt;span class="se"&gt;\&lt;/span&gt;
  &lt;span class="nt"&gt;-d&lt;/span&gt; &lt;span class="s1"&gt;'{
    "work_hash": "a1b2c3d4e5f6...your_sha256_hash...",
    "agent_account": "your-agent.near",
    "tx_hash": "0x1234...evm_tx_hash_of_usdc_transfer..."
  }'&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;&lt;strong&gt;What happens inside the notary:&lt;/strong&gt;&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;Verifies the EIP-3009 signature on-chain (Base L2, ~2s)&lt;/li&gt;
&lt;li&gt;Confirms 10,000 micro-USDC reached the sink address&lt;/li&gt;
&lt;li&gt;Builds a 239-byte PDR containing your work hash, timestamp, payment hash, and notary signature&lt;/li&gt;
&lt;li&gt;Signs the PDR with Ed25519 (NEP-413 standard)&lt;/li&gt;
&lt;li&gt;Returns the PDR as base64&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;Response (HTTP 200):&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight json"&gt;&lt;code&gt;&lt;span class="p"&gt;{&lt;/span&gt;&lt;span class="w"&gt;
  &lt;/span&gt;&lt;span class="nl"&gt;"job_id"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"a1b2c3d4-e5f6-7890-abcd-ef1234567890"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt;
  &lt;/span&gt;&lt;span class="nl"&gt;"status"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"notarized"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt;
  &lt;/span&gt;&lt;span class="nl"&gt;"network"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"base"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt;
  &lt;/span&gt;&lt;span class="nl"&gt;"pdr_b64"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"AwFCAUJ...base64-encoded 239-byte PDR..."&lt;/span&gt;&lt;span class="w"&gt;
&lt;/span&gt;&lt;span class="p"&gt;}&lt;/span&gt;&lt;span class="w"&gt;
&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;The entire flow takes 2–5 seconds. No polling, no webhooks.&lt;/p&gt;

&lt;h2&gt;
  
  
  Step 4 — Verify the PDR (offline, no API needed)
&lt;/h2&gt;

&lt;p&gt;The PDR is a 239-byte binary record. The Ed25519 signature is self-contained — you can verify it without calling any API.&lt;/p&gt;

&lt;h3&gt;
  
  
  Quick check via API (public, no auth)
&lt;/h3&gt;



&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;curl &lt;span class="nt"&gt;-s&lt;/span&gt; &lt;span class="s2"&gt;"https://api.aotrust.link/v1/pdr/verify/AwFCAUJ...your_pdr_b64..."&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;





&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight json"&gt;&lt;code&gt;&lt;span class="p"&gt;{&lt;/span&gt;&lt;span class="w"&gt;
  &lt;/span&gt;&lt;span class="nl"&gt;"valid"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="kc"&gt;true&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt;
  &lt;/span&gt;&lt;span class="nl"&gt;"version"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="mi"&gt;3&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt;
  &lt;/span&gt;&lt;span class="nl"&gt;"sig_scheme"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="mi"&gt;1&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt;
  &lt;/span&gt;&lt;span class="nl"&gt;"payment_anchor_type"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="mi"&gt;5&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt;
  &lt;/span&gt;&lt;span class="nl"&gt;"timestamp_utc"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="mi"&gt;1718900000&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt;
  &lt;/span&gt;&lt;span class="nl"&gt;"issuer_id"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"notary-node.near"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt;
  &lt;/span&gt;&lt;span class="nl"&gt;"subject_hash"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"a1b2..."&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt;
  &lt;/span&gt;&lt;span class="nl"&gt;"payload_hash"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"b3c4..."&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt;
  &lt;/span&gt;&lt;span class="nl"&gt;"merkle_root"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"d5e6..."&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt;
  &lt;/span&gt;&lt;span class="nl"&gt;"payment_hash"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"f7a8..."&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt;
  &lt;/span&gt;&lt;span class="nl"&gt;"notary_pubkey"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"490f51f23b993eacaff54fc977d9a7689ab7d4ae91504dc6cbdeadb2dbf1f462"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt;
  &lt;/span&gt;&lt;span class="nl"&gt;"anchor"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="p"&gt;{&lt;/span&gt;&lt;span class="w"&gt;
    &lt;/span&gt;&lt;span class="nl"&gt;"near_tx"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"H4MaR5..."&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt;
    &lt;/span&gt;&lt;span class="nl"&gt;"confirmed"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="kc"&gt;true&lt;/span&gt;&lt;span class="w"&gt;
  &lt;/span&gt;&lt;span class="p"&gt;}&lt;/span&gt;&lt;span class="w"&gt;
&lt;/span&gt;&lt;span class="p"&gt;}&lt;/span&gt;&lt;span class="w"&gt;
&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;h3&gt;
  
  
  Full offline verification
&lt;/h3&gt;

&lt;p&gt;The PDR binary format is an open standard. The parser is a single Python file with zero dependencies:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;&lt;span class="c"&gt;# Install the parser&lt;/span&gt;
curl &lt;span class="nt"&gt;-sO&lt;/span&gt; https://raw.githubusercontent.com/GitSerge-crypto/aotrust-skills/main/pdr_parser.py

&lt;span class="c"&gt;# Verify any PDR offline&lt;/span&gt;
python3 pdr_parser.py &lt;span class="nt"&gt;--pdr&lt;/span&gt; &lt;span class="s2"&gt;"AwFCAUJ...your_pdr_b64..."&lt;/span&gt; &lt;span class="se"&gt;\&lt;/span&gt;
  &lt;span class="nt"&gt;--pubkey&lt;/span&gt; &lt;span class="s2"&gt;"490f51f23b993eacaff54fc977d9a7689ab7d4ae91504dc6cbdeadb2dbf1f462"&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Output:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight yaml"&gt;&lt;code&gt;&lt;span class="s"&gt;PDR v2.3 — Valid ✓&lt;/span&gt;
  &lt;span class="s"&gt;version&lt;/span&gt;&lt;span class="err"&gt;:&lt;/span&gt;           &lt;span class="m"&gt;3&lt;/span&gt;
  &lt;span class="na"&gt;sig_scheme&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt;        &lt;span class="s"&gt;Ed25519&lt;/span&gt;
  &lt;span class="na"&gt;payment_anchor&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt;    &lt;span class="s"&gt;X402_BASE (0x05)&lt;/span&gt;
  &lt;span class="na"&gt;timestamp&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt;         &lt;span class="s"&gt;2026-06-20 14:32:11 UTC&lt;/span&gt;
  &lt;span class="na"&gt;issuer&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt;            &lt;span class="s"&gt;notary-node.near&lt;/span&gt;
  &lt;span class="na"&gt;subject_hash&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt;      &lt;span class="s"&gt;a1b2c3d4...&lt;/span&gt;
  &lt;span class="na"&gt;payload_hash&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt;      &lt;span class="s"&gt;b3c4d5e6...&lt;/span&gt;
  &lt;span class="na"&gt;merkle_root&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt;       &lt;span class="s"&gt;d5e6f7a8...&lt;/span&gt;
  &lt;span class="na"&gt;payment_hash&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt;      &lt;span class="s"&gt;f7a8b9c0...&lt;/span&gt;
  &lt;span class="na"&gt;signature&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt;         &lt;span class="s"&gt;VALID (Ed25519/NEP-413)&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;No network calls. No API keys. No trust in any server. The signature is math.&lt;/p&gt;

&lt;h2&gt;
  
  
  Step 5 — On-chain anchor (NEAR Mainnet)
&lt;/h2&gt;

&lt;p&gt;The notary batches PDRs into Merkle trees every ~16 minutes and anchors the root on NEAR:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;PDR₁ ─┐
PDR₂ ─┤── Merkle Tree ── Root ── NEAR tx (merkle_anchor contract)
PDR₃ ─┤
PDR₄ ─┘
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;This means:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Your PDR's &lt;code&gt;merkle_root&lt;/code&gt; field matches a NEAR transaction&lt;/li&gt;
&lt;li&gt;The NEAR tx is verifiable on &lt;a href="https://nearblocks.io" rel="noopener noreferrer"&gt;nearblocks.io&lt;/a&gt;
&lt;/li&gt;
&lt;li&gt;The Merkle proof (your PDR is a leaf) can be reconstructed from the batch&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;You don't need to wait for anchoring to trust the PDR — the Ed25519 signature is immediate. The anchor adds a &lt;strong&gt;second layer&lt;/strong&gt;: independent on-chain timestamp via NEAR consensus.&lt;/p&gt;

&lt;h2&gt;
  
  
  The PDR format (open standard)
&lt;/h2&gt;

&lt;p&gt;239 bytes, 10 fields, fully specified:&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Offset&lt;/th&gt;
&lt;th&gt;Field&lt;/th&gt;
&lt;th&gt;Size&lt;/th&gt;
&lt;th&gt;Content&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;0&lt;/td&gt;
&lt;td&gt;version&lt;/td&gt;
&lt;td&gt;1&lt;/td&gt;
&lt;td&gt;0x03&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;1&lt;/td&gt;
&lt;td&gt;sig_scheme&lt;/td&gt;
&lt;td&gt;1&lt;/td&gt;
&lt;td&gt;0x01 (Ed25519)&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;2&lt;/td&gt;
&lt;td&gt;payment_anchor_type&lt;/td&gt;
&lt;td&gt;1&lt;/td&gt;
&lt;td&gt;0x05 (X402_BASE)&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;3&lt;/td&gt;
&lt;td&gt;timestamp_utc&lt;/td&gt;
&lt;td&gt;8&lt;/td&gt;
&lt;td&gt;Unix seconds&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;11&lt;/td&gt;
&lt;td&gt;issuer_id&lt;/td&gt;
&lt;td&gt;36&lt;/td&gt;
&lt;td&gt;notary-node.near (NUL-padded)&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;47&lt;/td&gt;
&lt;td&gt;subject_hash&lt;/td&gt;
&lt;td&gt;32&lt;/td&gt;
&lt;td&gt;SHA-256 of agent account&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;79&lt;/td&gt;
&lt;td&gt;payload_hash&lt;/td&gt;
&lt;td&gt;32&lt;/td&gt;
&lt;td&gt;SHA-256 of work artifact&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;111&lt;/td&gt;
&lt;td&gt;merkle_root&lt;/td&gt;
&lt;td&gt;32&lt;/td&gt;
&lt;td&gt;Merkle batch anchor&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;143&lt;/td&gt;
&lt;td&gt;payment_hash&lt;/td&gt;
&lt;td&gt;32&lt;/td&gt;
&lt;td&gt;EVM tx hash (Base)&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;175&lt;/td&gt;
&lt;td&gt;signature&lt;/td&gt;
&lt;td&gt;64&lt;/td&gt;
&lt;td&gt;Ed25519 (NEP-413)&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;The &lt;code&gt;payment_anchor_type&lt;/code&gt; is inside the signed payload. This means the PDR self-proves how it was paid for — no external metadata needed. A PDR with &lt;code&gt;0x05&lt;/code&gt; cryptographically guarantees it was an x402 Base USDC payment.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Spec:&lt;/strong&gt; &lt;a href="https://github.com/GitSerge-crypto/aotrust-skills/blob/main/pdr-spec.md" rel="noopener noreferrer"&gt;pdr-spec.md&lt;/a&gt;&lt;br&gt;
&lt;strong&gt;Parser:&lt;/strong&gt; &lt;a href="https://github.com/GitSerge-crypto/aotrust-skills/blob/main/pdr_parser.py" rel="noopener noreferrer"&gt;pdr_parser.py&lt;/a&gt; (standalone, MIT)&lt;/p&gt;
&lt;h2&gt;
  
  
  Real PDRs on mainnet
&lt;/h2&gt;

&lt;p&gt;This is not a demo. 9 PDRs have been issued on Base Mainnet, all anchored to NEAR:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;3 anchor transactions on NEAR mainnet&lt;/li&gt;
&lt;li&gt;All verifiable at &lt;a href="https://verify.aotrust.link" rel="noopener noreferrer"&gt;verify.aotrust.link&lt;/a&gt;
&lt;/li&gt;
&lt;li&gt;Notary public key: &lt;code&gt;490f51f23b993eacaff54fc977d9a7689ab7d4ae91504dc6cbdeadb2dbf1f462&lt;/code&gt;
&lt;/li&gt;
&lt;/ul&gt;
&lt;h2&gt;
  
  
  When to use this
&lt;/h2&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Scenario&lt;/th&gt;
&lt;th&gt;Why PDR helps&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;AI agent produces a financial report&lt;/td&gt;
&lt;td&gt;Prove the report existed at time T, unmodified&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Code review by autonomous agent&lt;/td&gt;
&lt;td&gt;Cryptographic receipt of review output&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Agent-generated medical summary&lt;/td&gt;
&lt;td&gt;Timestamp + integrity proof for audit trail&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Multi-agent pipeline (A→B→C)&lt;/td&gt;
&lt;td&gt;Each stage notarized → full chain of custody&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Agent dispute resolution&lt;/td&gt;
&lt;td&gt;"Did the agent say X at time T?" → PDR answers&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Compliance / regulatory&lt;/td&gt;
&lt;td&gt;Signed timestamp from independent notary&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;
&lt;h2&gt;
  
  
  What this is not
&lt;/h2&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Not a storage service&lt;/strong&gt; — the notary never sees your artifact, only its hash&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Not an oracle&lt;/strong&gt; — no external data feeds, no smart contract queries&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Not a blockchain&lt;/strong&gt; — PDRs are off-chain binary records with on-chain anchors&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Not zero-knowledge&lt;/strong&gt; — the hash is public in the PDR (but the preimage is not)&lt;/li&gt;
&lt;/ul&gt;
&lt;h2&gt;
  
  
  MCP integration (for agent frameworks)
&lt;/h2&gt;

&lt;p&gt;If your agent speaks MCP (Model Context Protocol), AOTrust exposes 4 tools:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight json"&gt;&lt;code&gt;&lt;span class="p"&gt;{&lt;/span&gt;&lt;span class="w"&gt;
  &lt;/span&gt;&lt;span class="nl"&gt;"tools"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="p"&gt;[&lt;/span&gt;&lt;span class="w"&gt;
    &lt;/span&gt;&lt;span class="p"&gt;{&lt;/span&gt;&lt;span class="nl"&gt;"name"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"notary_quote"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="nl"&gt;"description"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"Get quote — amount, payment details"&lt;/span&gt;&lt;span class="p"&gt;},&lt;/span&gt;&lt;span class="w"&gt;
    &lt;/span&gt;&lt;span class="p"&gt;{&lt;/span&gt;&lt;span class="nl"&gt;"name"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"notary_notarize_paid"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="nl"&gt;"description"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"Notarize with x402 payment on Base"&lt;/span&gt;&lt;span class="p"&gt;},&lt;/span&gt;&lt;span class="w"&gt;
    &lt;/span&gt;&lt;span class="p"&gt;{&lt;/span&gt;&lt;span class="nl"&gt;"name"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"notary_verify"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="nl"&gt;"description"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"Verify any PDR — signature + on-chain anchor"&lt;/span&gt;&lt;span class="p"&gt;},&lt;/span&gt;&lt;span class="w"&gt;
    &lt;/span&gt;&lt;span class="p"&gt;{&lt;/span&gt;&lt;span class="nl"&gt;"name"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"notary_notarize"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="nl"&gt;"description"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"Notarize without payment (testnet only)"&lt;/span&gt;&lt;span class="p"&gt;}&lt;/span&gt;&lt;span class="w"&gt;
  &lt;/span&gt;&lt;span class="p"&gt;]&lt;/span&gt;&lt;span class="w"&gt;
&lt;/span&gt;&lt;span class="p"&gt;}&lt;/span&gt;&lt;span class="w"&gt;
&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;MCP endpoint: &lt;code&gt;https://api.aotrust.link/mcp&lt;/code&gt; (Streamable HTTP, OAuth 2.1)&lt;/p&gt;

&lt;p&gt;Agent flow:&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;Agent calls &lt;code&gt;notary_quote&lt;/code&gt; → gets amount ($0.01) and payment details&lt;/li&gt;
&lt;li&gt;Agent signs EIP-3009 transfer on Base&lt;/li&gt;
&lt;li&gt;Agent calls &lt;code&gt;notary_notarize_paid&lt;/code&gt; with payment + work_hash&lt;/li&gt;
&lt;li&gt;Agent receives PDR (239 bytes, base64)&lt;/li&gt;
&lt;li&gt;Agent (or any third party) calls &lt;code&gt;notary_verify&lt;/code&gt; to confirm&lt;/li&gt;
&lt;/ol&gt;

&lt;h2&gt;
  
  
  Comparison
&lt;/h2&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Approach&lt;/th&gt;
&lt;th&gt;Cost&lt;/th&gt;
&lt;th&gt;Self-verifying&lt;/th&gt;
&lt;th&gt;On-chain anchor&lt;/th&gt;
&lt;th&gt;Setup&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;Chainlink oracle&lt;/td&gt;
&lt;td&gt;$0.25–$1.00+&lt;/td&gt;
&lt;td&gt;No&lt;/td&gt;
&lt;td&gt;Yes&lt;/td&gt;
&lt;td&gt;Smart contract&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Manual timestamp tx&lt;/td&gt;
&lt;td&gt;gas cost&lt;/td&gt;
&lt;td&gt;No&lt;/td&gt;
&lt;td&gt;Yes&lt;/td&gt;
&lt;td&gt;Manual&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;IPFS pin&lt;/td&gt;
&lt;td&gt;free&lt;/td&gt;
&lt;td&gt;No&lt;/td&gt;
&lt;td&gt;No&lt;/td&gt;
&lt;td&gt;IPFS node&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Git commit&lt;/td&gt;
&lt;td&gt;free&lt;/td&gt;
&lt;td&gt;No&lt;/td&gt;
&lt;td&gt;No&lt;/td&gt;
&lt;td&gt;Git repo&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;AOTrust PDR&lt;/td&gt;
&lt;td&gt;&lt;strong&gt;$0.01&lt;/strong&gt;&lt;/td&gt;
&lt;td&gt;
&lt;strong&gt;Yes&lt;/strong&gt; (Ed25519)&lt;/td&gt;
&lt;td&gt;
&lt;strong&gt;Yes&lt;/strong&gt; (NEAR)&lt;/td&gt;
&lt;td&gt;curl&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;h2&gt;
  
  
  Try it right now
&lt;/h2&gt;



&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;&lt;span class="c"&gt;# Health check (no auth)&lt;/span&gt;
curl &lt;span class="nt"&gt;-s&lt;/span&gt; https://api.aotrust.link/health

&lt;span class="c"&gt;# Get a quote (no auth, no signup)&lt;/span&gt;
curl &lt;span class="nt"&gt;-s&lt;/span&gt; https://api.aotrust.link/v1/notarize/quote &lt;span class="se"&gt;\&lt;/span&gt;
  &lt;span class="nt"&gt;-H&lt;/span&gt; &lt;span class="s2"&gt;"Content-Type: application/json"&lt;/span&gt; &lt;span class="se"&gt;\&lt;/span&gt;
  &lt;span class="nt"&gt;-d&lt;/span&gt; &lt;span class="s1"&gt;'{"work_hash":"0000000000000000000000000000000000000000000000000000000000000000"}'&lt;/span&gt;

&lt;span class="c"&gt;# MCP discovery&lt;/span&gt;
curl &lt;span class="nt"&gt;-s&lt;/span&gt; https://api.aotrust.link/.well-known/mcp.json

&lt;span class="c"&gt;# x402 discovery&lt;/span&gt;
curl &lt;span class="nt"&gt;-s&lt;/span&gt; https://api.aotrust.link/.well-known/x402
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;h2&gt;
  
  
  Links
&lt;/h2&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;API:&lt;/strong&gt; &lt;a href="https://api.aotrust.link" rel="noopener noreferrer"&gt;api.aotrust.link&lt;/a&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Docs:&lt;/strong&gt; &lt;a href="https://docs.aotrust.link" rel="noopener noreferrer"&gt;docs.aotrust.link&lt;/a&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Verify:&lt;/strong&gt; &lt;a href="https://verify.aotrust.link" rel="noopener noreferrer"&gt;verify.aotrust.link&lt;/a&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;PDR spec + parser:&lt;/strong&gt; &lt;a href="https://github.com/GitSerge-crypto/aotrust-skills" rel="noopener noreferrer"&gt;github.com/GitSerge-crypto/aotrust-skills&lt;/a&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;MCP:&lt;/strong&gt; &lt;a href="https://api.aotrust.link/mcp" rel="noopener noreferrer"&gt;api.aotrust.link/mcp&lt;/a&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;License:&lt;/strong&gt; MIT&lt;/li&gt;
&lt;/ul&gt;




&lt;p&gt;&lt;em&gt;The service is live on mainnet. 9 PDRs issued, all anchored on NEAR. If you are building autonomous agents and need cryptographic proof of output integrity — try it, break it, tell me what's missing.&lt;/em&gt;&lt;/p&gt;

</description>
      <category>web3</category>
      <category>base</category>
      <category>ai</category>
      <category>x402</category>
    </item>
    <item>
      <title>Cryptographic proof-of-existence for AI agent outputs — $0.01 per record via x402</title>
      <dc:creator>GitSerge-crypto</dc:creator>
      <pubDate>Sun, 21 Jun 2026 15:27:56 +0000</pubDate>
      <link>https://dev.to/gitsergecrypto/cryptographic-proof-of-existence-for-ai-agent-outputs-001-per-record-via-x402-2c3p</link>
      <guid>https://dev.to/gitsergecrypto/cryptographic-proof-of-existence-for-ai-agent-outputs-001-per-record-via-x402-2c3p</guid>
      <description>&lt;h1&gt;
  
  
  Cryptographic proof-of-existence for AI agent outputs — $0.01 per record
&lt;/h1&gt;

&lt;h2&gt;
  
  
  The problem
&lt;/h2&gt;

&lt;p&gt;AI agents generate code, reports, analyses, and decisions. When a dispute arises — "did the agent produce this output at this time, or was it retroactively edited?" — there is no answer. Logs can be tampered with. Timestamps can be changed. Hallucinations go undetected because there is no cryptographic binding between &lt;em&gt;what was generated&lt;/em&gt; and &lt;em&gt;when it was generated&lt;/em&gt;.&lt;/p&gt;

&lt;p&gt;Existing oracle solutions cost $0.25–$1.00+ per call and require complex smart contract integrations. That is too expensive for per-output notarization of autonomous agents running thousands of tasks.&lt;/p&gt;

&lt;h2&gt;
  
  
  What I built
&lt;/h2&gt;

&lt;p&gt;&lt;strong&gt;AOTrust&lt;/strong&gt; — a notarization service that issues a &lt;strong&gt;PDR (Provenance Data Record)&lt;/strong&gt; for exactly $0.01 USDC on Base L2, using the HTTP 402 protocol.&lt;/p&gt;

&lt;p&gt;A PDR is a 239-byte binary record containing:&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Field&lt;/th&gt;
&lt;th&gt;Size&lt;/th&gt;
&lt;th&gt;Content&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;version&lt;/td&gt;
&lt;td&gt;1B&lt;/td&gt;
&lt;td&gt;0x03&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;sig_scheme&lt;/td&gt;
&lt;td&gt;1B&lt;/td&gt;
&lt;td&gt;Ed25519&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;payment_anchor_type&lt;/td&gt;
&lt;td&gt;1B&lt;/td&gt;
&lt;td&gt;0x05 (X402_BASE)&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;timestamp&lt;/td&gt;
&lt;td&gt;8B&lt;/td&gt;
&lt;td&gt;Unix seconds&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;issuer_id&lt;/td&gt;
&lt;td&gt;36B&lt;/td&gt;
&lt;td&gt;notary-node.near (NUL-padded)&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;subject_hash&lt;/td&gt;
&lt;td&gt;32B&lt;/td&gt;
&lt;td&gt;SHA-256 of agent account&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;payload_hash&lt;/td&gt;
&lt;td&gt;32B&lt;/td&gt;
&lt;td&gt;SHA-256 of work artifact&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;merkle_root&lt;/td&gt;
&lt;td&gt;32B&lt;/td&gt;
&lt;td&gt;Merkle root (batch anchor)&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;payment_hash&lt;/td&gt;
&lt;td&gt;32B&lt;/td&gt;
&lt;td&gt;EVM tx hash (Base)&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;signature&lt;/td&gt;
&lt;td&gt;64B&lt;/td&gt;
&lt;td&gt;Ed25519 (NEP-413)&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;The entire payload (175 bytes) is signed with the notary's Ed25519 key. The signature covers the payment anchor type — so the PDR is self-verifying without external metadata.&lt;/p&gt;

&lt;h2&gt;
  
  
  How it works (architecture)
&lt;/h2&gt;



&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Agent                     AOTrust API              NEAR Mainnet
  |                          |                        |
  |--- 1. POST /quote ------&amp;gt;|                        |
  |&amp;lt;--- 2. 402 + x402 -------|                        |
  |--- 3. EIP-3009 sign ----&amp;gt;|                        |
  |--- 4. POST + payment ---&amp;gt;|                        |
  |                          |--- 5. verify payment --&amp;gt;|  (Base L2)
  |                          |--- 6. build PDR -------&amp;gt;|
  |                          |--- 7. Ed25519 sign ----&amp;gt;|
  |&amp;lt;--- 8. PDR (239B) -------|                        |
  |                          |                        |
  |                          |--- 9. Merkle anchor ----&amp;gt;|  (NEAR tx)
  |                          |                        |
  |--- 10. GET /verify ------&amp;gt;|                        |
  |&amp;lt;--- 11. valid + anchor ---|                        |
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Steps 1–8 happen synchronously (~2-5 seconds). Step 9 (Merkle anchoring) happens in batches every ~16 minutes — multiple PDRs are combined into a Merkle tree, and the root is anchored on NEAR mainnet via the &lt;code&gt;merkle_anchor&lt;/code&gt; contract on &lt;code&gt;notary-node.near&lt;/code&gt;.&lt;/p&gt;

&lt;h2&gt;
  
  
  Working example (curl)
&lt;/h2&gt;

&lt;h3&gt;
  
  
  1. Get a quote
&lt;/h3&gt;



&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;curl &lt;span class="nt"&gt;-s&lt;/span&gt; https://api.aotrust.link/v1/notarize/quote &lt;span class="se"&gt;\&lt;/span&gt;
  &lt;span class="nt"&gt;-H&lt;/span&gt; &lt;span class="s2"&gt;"Content-Type: application/json"&lt;/span&gt; &lt;span class="se"&gt;\&lt;/span&gt;
  &lt;span class="nt"&gt;-d&lt;/span&gt; &lt;span class="s1"&gt;'{"work_hash":"a1b2c3d4...your_sha256_hash..."}'&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Response (HTTP 402 — payment required):&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight json"&gt;&lt;code&gt;&lt;span class="p"&gt;{&lt;/span&gt;&lt;span class="w"&gt;
  &lt;/span&gt;&lt;span class="nl"&gt;"x402Version"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="mi"&gt;1&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt;
  &lt;/span&gt;&lt;span class="nl"&gt;"accepts"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="p"&gt;[{&lt;/span&gt;&lt;span class="w"&gt;
    &lt;/span&gt;&lt;span class="nl"&gt;"scheme"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"exact"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt;
    &lt;/span&gt;&lt;span class="nl"&gt;"network"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"base"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt;
    &lt;/span&gt;&lt;span class="nl"&gt;"maxAmountRequired"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"10000"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt;
    &lt;/span&gt;&lt;span class="nl"&gt;"asset"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"0x833589fCD6eDb6E08f4c7C32D4f71b54bdA5fE48"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt;
    &lt;/span&gt;&lt;span class="nl"&gt;"resource"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"https://api.aotrust.link/v1/notarize"&lt;/span&gt;&lt;span class="w"&gt;
  &lt;/span&gt;&lt;span class="p"&gt;}]&lt;/span&gt;&lt;span class="w"&gt;
&lt;/span&gt;&lt;span class="p"&gt;}&lt;/span&gt;&lt;span class="w"&gt;
&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;&lt;code&gt;maxAmountRequired: 10000&lt;/code&gt; = 10,000 micro-USDC = $0.01.&lt;/p&gt;

&lt;h3&gt;
  
  
  2. Pay via x402 (EIP-3009 transferWithAuthorization)
&lt;/h3&gt;

&lt;p&gt;Sign an EIP-3009 message with your Base wallet, then:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;curl &lt;span class="nt"&gt;-s&lt;/span&gt; https://api.aotrust.link/v1/notarize &lt;span class="se"&gt;\&lt;/span&gt;
  &lt;span class="nt"&gt;-H&lt;/span&gt; &lt;span class="s2"&gt;"Content-Type: application/json"&lt;/span&gt; &lt;span class="se"&gt;\&lt;/span&gt;
  &lt;span class="nt"&gt;-H&lt;/span&gt; &lt;span class="s2"&gt;"X-Payment: &amp;lt;base64-encoded EIP-3009 payload&amp;gt;"&lt;/span&gt; &lt;span class="se"&gt;\&lt;/span&gt;
  &lt;span class="nt"&gt;-d&lt;/span&gt; &lt;span class="s1"&gt;'{
    "work_hash": "&amp;lt;sha256 of your work artifact&amp;gt;",
    "agent_account": "your-agent.near",
    "tx_hash": "&amp;lt;evm tx hash of the USDC transfer&amp;gt;"
  }'&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;h3&gt;
  
  
  3. Receive PDR
&lt;/h3&gt;

&lt;p&gt;Response (HTTP 200):&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight json"&gt;&lt;code&gt;&lt;span class="p"&gt;{&lt;/span&gt;&lt;span class="w"&gt;
  &lt;/span&gt;&lt;span class="nl"&gt;"job_id"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"a1b2c3d4-e5f6-..."&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt;
  &lt;/span&gt;&lt;span class="nl"&gt;"status"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"notarized"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt;
  &lt;/span&gt;&lt;span class="nl"&gt;"network"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"base"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt;
  &lt;/span&gt;&lt;span class="nl"&gt;"pdr_b64"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"AwE...base64-encoded 239-byte PDR..."&lt;/span&gt;&lt;span class="w"&gt;
&lt;/span&gt;&lt;span class="p"&gt;}&lt;/span&gt;&lt;span class="w"&gt;
&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;h3&gt;
  
  
  4. Verify any PDR (public, no auth)
&lt;/h3&gt;



&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;curl &lt;span class="nt"&gt;-s&lt;/span&gt; https://api.aotrust.link/v1/pdr/verify/&amp;lt;pdr_b64&amp;gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Response:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight json"&gt;&lt;code&gt;&lt;span class="p"&gt;{&lt;/span&gt;&lt;span class="w"&gt;
  &lt;/span&gt;&lt;span class="nl"&gt;"valid"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="kc"&gt;true&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt;
  &lt;/span&gt;&lt;span class="nl"&gt;"version"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="mi"&gt;3&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt;
  &lt;/span&gt;&lt;span class="nl"&gt;"sig_scheme"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="mi"&gt;1&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt;
  &lt;/span&gt;&lt;span class="nl"&gt;"payment_anchor_type"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="mi"&gt;5&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt;
  &lt;/span&gt;&lt;span class="nl"&gt;"timestamp_utc"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="mi"&gt;1718900000&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt;
  &lt;/span&gt;&lt;span class="nl"&gt;"issuer_id"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"notary-node.near"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt;
  &lt;/span&gt;&lt;span class="nl"&gt;"subject_hash"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"a1b2..."&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt;
  &lt;/span&gt;&lt;span class="nl"&gt;"payload_hash"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"b3c4..."&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt;
  &lt;/span&gt;&lt;span class="nl"&gt;"merkle_root"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"d5e6..."&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt;
  &lt;/span&gt;&lt;span class="nl"&gt;"payment_hash"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"f7a8..."&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt;
  &lt;/span&gt;&lt;span class="nl"&gt;"notary_pubkey"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"490f51f23b993eacaff54fc977d9a7689ab7d4ae91504dc6cbdeadb2dbf1f462"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt;
  &lt;/span&gt;&lt;span class="nl"&gt;"anchor"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="p"&gt;{&lt;/span&gt;&lt;span class="w"&gt;
    &lt;/span&gt;&lt;span class="nl"&gt;"near_tx"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"H4MaR5..."&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt;
    &lt;/span&gt;&lt;span class="nl"&gt;"confirmed"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="kc"&gt;true&lt;/span&gt;&lt;span class="w"&gt;
  &lt;/span&gt;&lt;span class="p"&gt;}&lt;/span&gt;&lt;span class="w"&gt;
&lt;/span&gt;&lt;span class="p"&gt;}&lt;/span&gt;&lt;span class="w"&gt;
&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;You can verify the PDR &lt;strong&gt;offline&lt;/strong&gt; — the Ed25519 signature is self-contained. The on-chain anchor is a bonus: it proves the Merkle root was published on NEAR at a specific block height.&lt;/p&gt;

&lt;h2&gt;
  
  
  Live PDR
&lt;/h2&gt;

&lt;p&gt;A real PDR issued on Base Mainnet, already anchored to NEAR:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Verify page: &lt;a href="https://verify.aotrust.link/?pdr=AwFCA" rel="noopener noreferrer"&gt;https://verify.aotrust.link/?pdr=AwFCA&lt;/a&gt;... (paste any PDR from the API)&lt;/li&gt;
&lt;li&gt;Notary public key: &lt;code&gt;490f51f23b993eacaff54fc977d9a7689ab7d4ae91504dc6cbdeadb2dbf1f462&lt;/code&gt;
&lt;/li&gt;
&lt;li&gt;NEAR anchor TXs: &lt;code&gt;H4MaR5...&lt;/code&gt;, &lt;code&gt;G9yzNh...&lt;/code&gt;, &lt;code&gt;DEAhnxo...&lt;/code&gt; (3 batches, 9 PDRs total)&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;
  
  
  MCP integration (for AI agents)
&lt;/h2&gt;

&lt;p&gt;AOTrust also exposes an MCP (Model Context Protocol) endpoint at &lt;code&gt;https://api.aotrust.link/mcp&lt;/code&gt;. Agents can discover and call 4 tools:&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Tool&lt;/th&gt;
&lt;th&gt;Description&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;notary_quote&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;Get quote (amount, payment details)&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;notary_notarize_paid&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;Notarize with x402 payment on Base&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;notary_verify&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;Verify any PDR (signature + on-chain anchor)&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;notary_notarize&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;Notarize without payment (testnet only)&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;MCP transport: Streamable HTTP (SSE). Auth: OAuth 2.1 + x402 payment.&lt;/p&gt;

&lt;p&gt;The flow for an autonomous agent:&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;Agent calls &lt;code&gt;notary_quote&lt;/code&gt; → gets amount ($0.01) and payment details&lt;/li&gt;
&lt;li&gt;Agent signs EIP-3009 transfer on Base (via wallet integration)&lt;/li&gt;
&lt;li&gt;Agent calls &lt;code&gt;notary_notarize_paid&lt;/code&gt; with payment + work_hash&lt;/li&gt;
&lt;li&gt;Agent receives PDR (239 bytes, base64)&lt;/li&gt;
&lt;li&gt;Agent (or any third party) calls &lt;code&gt;notary_verify&lt;/code&gt; to confirm&lt;/li&gt;
&lt;/ol&gt;

&lt;h2&gt;
  
  
  What makes this different
&lt;/h2&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Approach&lt;/th&gt;
&lt;th&gt;Cost&lt;/th&gt;
&lt;th&gt;On-chain proof&lt;/th&gt;
&lt;th&gt;Self-verifying&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;Chainlink oracle&lt;/td&gt;
&lt;td&gt;$0.25–$1.00+&lt;/td&gt;
&lt;td&gt;Yes&lt;/td&gt;
&lt;td&gt;No (requires oracle network)&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Manual timestamp tx&lt;/td&gt;
&lt;td&gt;gas cost&lt;/td&gt;
&lt;td&gt;Yes&lt;/td&gt;
&lt;td&gt;No (just a timestamp)&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;IPFS pin&lt;/td&gt;
&lt;td&gt;free&lt;/td&gt;
&lt;td&gt;No&lt;/td&gt;
&lt;td&gt;No (mutable)&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;AOTrust PDR&lt;/td&gt;
&lt;td&gt;&lt;strong&gt;$0.01&lt;/strong&gt;&lt;/td&gt;
&lt;td&gt;Yes (NEAR anchor)&lt;/td&gt;
&lt;td&gt;
&lt;strong&gt;Yes&lt;/strong&gt; (Ed25519 in PDR)&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;The key insight: the &lt;strong&gt;payment anchor type&lt;/strong&gt; (0x05 = X402_BASE) is inside the signed binary payload. This means the PDR itself proves &lt;em&gt;how&lt;/em&gt; it was paid for, not just &lt;em&gt;that&lt;/em&gt; it was paid. No external metadata channel required.&lt;/p&gt;

&lt;h2&gt;
  
  
  Open standard
&lt;/h2&gt;

&lt;p&gt;The PDR v2.3 binary format is published as an open standard:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Spec:&lt;/strong&gt; &lt;a href="https://github.com/GitSerge-crypto/aotrust-skills/blob/main/pdr-spec.md" rel="noopener noreferrer"&gt;https://github.com/GitSerge-crypto/aotrust-skills/blob/main/pdr-spec.md&lt;/a&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Parser:&lt;/strong&gt; &lt;a href="https://github.com/GitSerge-crypto/aotrust-skills/blob/main/pdr_parser.py" rel="noopener noreferrer"&gt;https://github.com/GitSerge-crypto/aotrust-skills/blob/main/pdr_parser.py&lt;/a&gt; (standalone, zero dependencies, CLI)&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Skill:&lt;/strong&gt; &lt;a href="https://github.com/GitSerge-crypto/aotrust-skills/blob/main/aotrust-notarize/SKILL.md" rel="noopener noreferrer"&gt;https://github.com/GitSerge-crypto/aotrust-skills/blob/main/aotrust-notarize/SKILL.md&lt;/a&gt; (agent-ready)&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;License:&lt;/strong&gt; MIT&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Anyone can build a PDR-compatible notary. The format supports multiple payment rails: NEAR direct, x402 on Base, x402 on Polygon, Agent Market escrow (provisional → settled), and reserved slots for future chains.&lt;/p&gt;

&lt;h2&gt;
  
  
  Current status
&lt;/h2&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Mainnet live&lt;/strong&gt; since June 9, 2026&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;9 PDRs issued&lt;/strong&gt;, all X402_BASE, all anchored to NEAR (3 anchor transactions)&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;4 services&lt;/strong&gt; running: API (8741), MCP (8746), testnet API (8743), testnet MCP (8745)&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;MCP listed&lt;/strong&gt; on Glama.ai: &lt;a href="https://glama.ai/mcp/servers/GitSerge-crypto/aotrust-skills" rel="noopener noreferrer"&gt;https://glama.ai/mcp/servers/GitSerge-crypto/aotrust-skills&lt;/a&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Price:&lt;/strong&gt; flat $0.01 USDC per PDR, no API key required for x402 flow&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;0 customers, 0 revenue&lt;/strong&gt; — this is a new product looking for early adopters&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;
  
  
  Try it
&lt;/h2&gt;



&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;&lt;span class="c"&gt;# Health check&lt;/span&gt;
curl &lt;span class="nt"&gt;-s&lt;/span&gt; https://api.aotrust.link/health

&lt;span class="c"&gt;# Get a quote (no auth needed)&lt;/span&gt;
curl &lt;span class="nt"&gt;-s&lt;/span&gt; https://api.aotrust.link/v1/notarize/quote &lt;span class="se"&gt;\&lt;/span&gt;
  &lt;span class="nt"&gt;-H&lt;/span&gt; &lt;span class="s2"&gt;"Content-Type: application/json"&lt;/span&gt; &lt;span class="se"&gt;\&lt;/span&gt;
  &lt;span class="nt"&gt;-d&lt;/span&gt; &lt;span class="s1"&gt;'{"work_hash":"0000000000000000000000000000000000000000000000000000000000000000"}'&lt;/span&gt;

&lt;span class="c"&gt;# MCP discovery&lt;/span&gt;
curl &lt;span class="nt"&gt;-s&lt;/span&gt; https://api.aotrust.link/.well-known/mcp.json
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;






&lt;p&gt;&lt;em&gt;If you are building autonomous AI agents and need cryptographic proof of output integrity, I would love to hear your use case. The service is live, the API is stable, and the first 9 PDRs are on mainnet.&lt;/em&gt;&lt;/p&gt;

&lt;p&gt;&lt;em&gt;Follow the project: &lt;a href="https://github.com/GitSerge-crypto/aotrust-skills" rel="noopener noreferrer"&gt;GitHub&lt;/a&gt; | &lt;a href="https://verify.aotrust.link" rel="noopener noreferrer"&gt;Verify&lt;/a&gt; | &lt;a href="https://docs.aotrust.link" rel="noopener noreferrer"&gt;Docs&lt;/a&gt; | &lt;a href="https://glama.ai/mcp/servers/GitSerge-crypto/aotrust-skills" rel="noopener noreferrer"&gt;Glama&lt;/a&gt;&lt;/em&gt;&lt;/p&gt;

</description>
      <category>web3</category>
      <category>near</category>
      <category>ai</category>
      <category>x402</category>
    </item>
    <item>
      <title>AI agents hallucinate. Here is how to cryptographically notarize their output for $0.01</title>
      <dc:creator>GitSerge-crypto</dc:creator>
      <pubDate>Tue, 16 Jun 2026 17:40:34 +0000</pubDate>
      <link>https://dev.to/gitsergecrypto/ai-agents-hallucinate-here-is-how-to-cryptographically-notarize-their-outputfor-001-4eop</link>
      <guid>https://dev.to/gitsergecrypto/ai-agents-hallucinate-here-is-how-to-cryptographically-notarize-their-outputfor-001-4eop</guid>
      <description>&lt;p&gt;We have a growing problem in the autonomous AI agent space: &lt;strong&gt;Garbage in, garbage out, and no proof of when it happened.&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;When your AI agent generates source code, analyzes market data, or creates a financial report, how do you mathematically prove that this specific artifact was generated at a specific time? How do you prove to your clients that the output wasn't retroactively edited before a dispute?&lt;/p&gt;

&lt;p&gt;I wanted a "notary stamp" for AI agents. But existing oracle solutions are too expensive (often $0.25 - $1.00+ per call) and require complex smart contract integrations.&lt;/p&gt;

&lt;p&gt;So, as a solo developer, I built &lt;strong&gt;&lt;a href="https://docs.aotrust.link" rel="noopener noreferrer"&gt;AOTrust&lt;/a&gt;&lt;/strong&gt;. &lt;/p&gt;

&lt;p&gt;It does exactly one thing: it issues a &lt;strong&gt;PDR (Provenance Data Record)&lt;/strong&gt; for exactly &lt;strong&gt;$0.01 USDC&lt;/strong&gt; on Base L2, using the HTTP 402 protocol.&lt;/p&gt;

&lt;h3&gt;
  
  
  What is a PDR?
&lt;/h3&gt;

&lt;p&gt;A PDR is a highly optimized 239-byte cryptographic receipt. It proves that a specific digital artifact existed at a specific point in time. &lt;/p&gt;

&lt;p&gt;It contains:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;The SHA-256 hash of your agent's work output.&lt;/li&gt;
&lt;li&gt;A precise UNIX timestamp.&lt;/li&gt;
&lt;li&gt;An on-chain payment anchor (your $0.01 USDC transfer on Base).&lt;/li&gt;
&lt;li&gt;An Ed25519 signature from the notary node.&lt;/li&gt;
&lt;li&gt;A Merkle root anchored daily to the NEAR blockchain.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;&lt;strong&gt;Privacy first:&lt;/strong&gt; You never upload your actual artifact or AI prompt. You only send the SHA-256 hash.&lt;/p&gt;

&lt;h3&gt;
  
  
  How it works (No heavy SDKs required)
&lt;/h3&gt;

&lt;p&gt;I designed this to be integrated into any agentic workflow (Python, TS, Rust) using standard HTTP requests. It uses the &lt;code&gt;x402&lt;/code&gt; payment protocol. &lt;/p&gt;

&lt;p&gt;Here is the entire integration in 3 steps:&lt;/p&gt;

&lt;h4&gt;
  
  
  Step 1: Hash your artifact
&lt;/h4&gt;

&lt;p&gt;First, your agent hashes its output locally.&lt;/p&gt;

&lt;p&gt;import hashlib&lt;br&gt;
work_hash = hashlib.sha256(b"your agent's JSON output").hexdigest()&lt;/p&gt;

&lt;p&gt;Step 2: Request Notarization (Get a Quote)&lt;/p&gt;

&lt;p&gt;Send the hash to the API. Because AOTrust is a payment-bound proof layer, the&lt;br&gt;
server will intentionally reject it with an HTTP 402 Payment Required status,&lt;br&gt;
returning the payment instructions.&lt;/p&gt;

&lt;p&gt;curl -X POST &lt;a href="https://api.aotrust.link/notarize" rel="noopener noreferrer"&gt;https://api.aotrust.link/notarize&lt;/a&gt; \&lt;br&gt;
  -H "Content-Type: application/json" \&lt;br&gt;
  -d '{"work_hash":"YOUR_SHA256_HEX"}'&lt;/p&gt;

&lt;p&gt;Response (HTTP 402):&lt;/p&gt;

&lt;p&gt;{&lt;br&gt;
  "payTo": "0x97E9af6B...Ab8Cc800",&lt;br&gt;
  "asset": "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913", // USDC on Base&lt;br&gt;
  "maxAmountRequired": "10000", // $0.01 (6 decimals)&lt;br&gt;
  "network": "eip155:8453",&lt;br&gt;
  "maxTimeoutSeconds": 300&lt;br&gt;
}&lt;/p&gt;

&lt;p&gt;Step 3: Pay and Get Your Proof&lt;/p&gt;

&lt;p&gt;Your agent signs an EIP-3009 transferWithAuthorization with its Ethereum wallet&lt;br&gt;
to authorize the $0.01 payment. Encode the signature and send it in the&lt;br&gt;
x-payment header.&lt;/p&gt;

&lt;p&gt;curl -X POST &lt;a href="https://api.aotrust.link/notarize" rel="noopener noreferrer"&gt;https://api.aotrust.link/notarize&lt;/a&gt; \&lt;br&gt;
  -H "Content-Type: application/json" \&lt;br&gt;
  -H "x-payment: YOUR_BASE64URL_ENCODED_SIGNATURE" \&lt;br&gt;
  -d '{"work_hash":"YOUR_SHA256_HEX"}'&lt;/p&gt;

&lt;p&gt;Response (HTTP 200):&lt;/p&gt;

&lt;p&gt;{&lt;br&gt;
  "job_id": "550e8400-e29b-41d4-a716-446655440000",&lt;br&gt;
  "pdr_b64": "AwEFA1kuagAAAABub3...",&lt;br&gt;
  "payment_anchor_type": "X402_BASE"&lt;br&gt;
}&lt;/p&gt;

&lt;p&gt;Boom. You just received your 239-byte cryptographic proof (pdr_b64).&lt;/p&gt;

&lt;p&gt;Verifying the Proof&lt;/p&gt;

&lt;p&gt;You can pass this job_id or the raw base64 string to your clients or users.&lt;br&gt;
Anyone can verify the cryptographic seal instantly without an account, API keys,&lt;br&gt;
or paying any fees:&lt;/p&gt;

&lt;p&gt;verify.aotrust.link&lt;/p&gt;

&lt;p&gt;Why build this?&lt;/p&gt;

&lt;p&gt;If you are building autonomous agents, integrating them into marketplaces, or&lt;br&gt;
generating automated financial/audit reports, trust is your biggest bottleneck.&lt;br&gt;
By appending an AOTrust PDR to your agent's deliverable, you give your clients&lt;br&gt;
an un-fakable, third-party verified timestamp of the work.&lt;/p&gt;

&lt;p&gt;I’m currently running the mainnet infrastructure. If you are building agentic&lt;br&gt;
workflows and need an immutable audit trail, I’d love to hear your thoughts on&lt;br&gt;
this API flow!&lt;/p&gt;

&lt;p&gt;Docs: docs.aotrust.link GitHub (Specs &amp;amp; Parser):&lt;br&gt;
github.com/GitSerge-crypto/aotrust-skills&lt;/p&gt;

</description>
      <category>agents</category>
      <category>ai</category>
      <category>blockchain</category>
      <category>showdev</category>
    </item>
  </channel>
</rss>
