We have a growing problem in the autonomous AI agent space: Garbage in, garbage out, and no proof of when it happened.
When your AI agent generates source code, analyzes market data, or creates a financial report, how do you mathematically prove that this specific artifact was generated at a specific time? How do you prove to your clients that the output wasn't retroactively edited before a dispute?
I wanted a "notary stamp" for AI agents. But existing oracle solutions are too expensive (often $0.25 - $1.00+ per call) and require complex smart contract integrations.
So, as a solo developer, I built AOTrust.
It does exactly one thing: it issues a PDR (Provenance Data Record) for exactly $0.01 USDC on Base L2, using the HTTP 402 protocol.
What is a PDR?
A PDR is a highly optimized 239-byte cryptographic receipt. It proves that a specific digital artifact existed at a specific point in time.
It contains:
- The SHA-256 hash of your agent's work output.
- A precise UNIX timestamp.
- An on-chain payment anchor (your $0.01 USDC transfer on Base).
- An Ed25519 signature from the notary node.
- A Merkle root anchored daily to the NEAR blockchain.
Privacy first: You never upload your actual artifact or AI prompt. You only send the SHA-256 hash.
How it works (No heavy SDKs required)
I designed this to be integrated into any agentic workflow (Python, TS, Rust) using standard HTTP requests. It uses the x402 payment protocol.
Here is the entire integration in 3 steps:
Step 1: Hash your artifact
First, your agent hashes its output locally.
import hashlib
work_hash = hashlib.sha256(b"your agent's JSON output").hexdigest()
Step 2: Request Notarization (Get a Quote)
Send the hash to the API. Because AOTrust is a payment-bound proof layer, the
server will intentionally reject it with an HTTP 402 Payment Required status,
returning the payment instructions.
curl -X POST https://api.aotrust.link/notarize \
-H "Content-Type: application/json" \
-d '{"work_hash":"YOUR_SHA256_HEX"}'
Response (HTTP 402):
{
"payTo": "0x97E9af6B...Ab8Cc800",
"asset": "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913", // USDC on Base
"maxAmountRequired": "10000", // $0.01 (6 decimals)
"network": "eip155:8453",
"maxTimeoutSeconds": 300
}
Step 3: Pay and Get Your Proof
Your agent signs an EIP-3009 transferWithAuthorization with its Ethereum wallet
to authorize the $0.01 payment. Encode the signature and send it in the
x-payment header.
curl -X POST https://api.aotrust.link/notarize \
-H "Content-Type: application/json" \
-H "x-payment: YOUR_BASE64URL_ENCODED_SIGNATURE" \
-d '{"work_hash":"YOUR_SHA256_HEX"}'
Response (HTTP 200):
{
"job_id": "550e8400-e29b-41d4-a716-446655440000",
"pdr_b64": "AwEFA1kuagAAAABub3...",
"payment_anchor_type": "X402_BASE"
}
Boom. You just received your 239-byte cryptographic proof (pdr_b64).
Verifying the Proof
You can pass this job_id or the raw base64 string to your clients or users.
Anyone can verify the cryptographic seal instantly without an account, API keys,
or paying any fees:
verify.aotrust.link
Why build this?
If you are building autonomous agents, integrating them into marketplaces, or
generating automated financial/audit reports, trust is your biggest bottleneck.
By appending an AOTrust PDR to your agent's deliverable, you give your clients
an un-fakable, third-party verified timestamp of the work.
Iām currently running the mainnet infrastructure. If you are building agentic
workflows and need an immutable audit trail, Iād love to hear your thoughts on
this API flow!
Docs: docs.aotrust.link GitHub (Specs & Parser):
github.com/GitSerge-crypto/aotrust-skills
Top comments (0)