Cryptographic proof-of-existence for AI agent outputs — $0.01 per record
The problem
AI agents generate code, reports, analyses, and decisions. When a dispute arises — "did the agent produce this output at this time, or was it retroactively edited?" — there is no answer. Logs can be tampered with. Timestamps can be changed. Hallucinations go undetected because there is no cryptographic binding between what was generated and when it was generated.
Existing oracle solutions cost $0.25–$1.00+ per call and require complex smart contract integrations. That is too expensive for per-output notarization of autonomous agents running thousands of tasks.
What I built
AOTrust — a notarization service that issues a PDR (Provenance Data Record) for exactly $0.01 USDC on Base L2, using the HTTP 402 protocol.
A PDR is a 239-byte binary record containing:
| Field | Size | Content |
|---|---|---|
| version | 1B | 0x03 |
| sig_scheme | 1B | Ed25519 |
| payment_anchor_type | 1B | 0x05 (X402_BASE) |
| timestamp | 8B | Unix seconds |
| issuer_id | 36B | notary-node.near (NUL-padded) |
| subject_hash | 32B | SHA-256 of agent account |
| payload_hash | 32B | SHA-256 of work artifact |
| merkle_root | 32B | Merkle root (batch anchor) |
| payment_hash | 32B | EVM tx hash (Base) |
| signature | 64B | Ed25519 (NEP-413) |
The entire payload (175 bytes) is signed with the notary's Ed25519 key. The signature covers the payment anchor type — so the PDR is self-verifying without external metadata.
How it works (architecture)
Agent AOTrust API NEAR Mainnet
| | |
|--- 1. POST /quote ------>| |
|<--- 2. 402 + x402 -------| |
|--- 3. EIP-3009 sign ---->| |
|--- 4. POST + payment --->| |
| |--- 5. verify payment -->| (Base L2)
| |--- 6. build PDR ------->|
| |--- 7. Ed25519 sign ---->|
|<--- 8. PDR (239B) -------| |
| | |
| |--- 9. Merkle anchor ---->| (NEAR tx)
| | |
|--- 10. GET /verify ------>| |
|<--- 11. valid + anchor ---| |
Steps 1–8 happen synchronously (~2-5 seconds). Step 9 (Merkle anchoring) happens in batches every ~16 minutes — multiple PDRs are combined into a Merkle tree, and the root is anchored on NEAR mainnet via the merkle_anchor contract on notary-node.near.
Working example (curl)
1. Get a quote
curl -s https://api.aotrust.link/v1/notarize/quote \
-H "Content-Type: application/json" \
-d '{"work_hash":"a1b2c3d4...your_sha256_hash..."}'
Response (HTTP 402 — payment required):
{
"x402Version": 1,
"accepts": [{
"scheme": "exact",
"network": "base",
"maxAmountRequired": "10000",
"asset": "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA5fE48",
"resource": "https://api.aotrust.link/v1/notarize"
}]
}
maxAmountRequired: 10000 = 10,000 micro-USDC = $0.01.
2. Pay via x402 (EIP-3009 transferWithAuthorization)
Sign an EIP-3009 message with your Base wallet, then:
curl -s https://api.aotrust.link/v1/notarize \
-H "Content-Type: application/json" \
-H "X-Payment: <base64-encoded EIP-3009 payload>" \
-d '{
"work_hash": "<sha256 of your work artifact>",
"agent_account": "your-agent.near",
"tx_hash": "<evm tx hash of the USDC transfer>"
}'
3. Receive PDR
Response (HTTP 200):
{
"job_id": "a1b2c3d4-e5f6-...",
"status": "notarized",
"network": "base",
"pdr_b64": "AwE...base64-encoded 239-byte PDR..."
}
4. Verify any PDR (public, no auth)
curl -s https://api.aotrust.link/v1/pdr/verify/<pdr_b64>
Response:
{
"valid": true,
"version": 3,
"sig_scheme": 1,
"payment_anchor_type": 5,
"timestamp_utc": 1718900000,
"issuer_id": "notary-node.near",
"subject_hash": "a1b2...",
"payload_hash": "b3c4...",
"merkle_root": "d5e6...",
"payment_hash": "f7a8...",
"notary_pubkey": "490f51f23b993eacaff54fc977d9a7689ab7d4ae91504dc6cbdeadb2dbf1f462",
"anchor": {
"near_tx": "H4MaR5...",
"confirmed": true
}
}
You can verify the PDR offline — the Ed25519 signature is self-contained. The on-chain anchor is a bonus: it proves the Merkle root was published on NEAR at a specific block height.
Live PDR
A real PDR issued on Base Mainnet, already anchored to NEAR:
- Verify page: https://verify.aotrust.link/?pdr=AwFCA... (paste any PDR from the API)
- Notary public key:
490f51f23b993eacaff54fc977d9a7689ab7d4ae91504dc6cbdeadb2dbf1f462 - NEAR anchor TXs:
H4MaR5...,G9yzNh...,DEAhnxo...(3 batches, 9 PDRs total)
MCP integration (for AI agents)
AOTrust also exposes an MCP (Model Context Protocol) endpoint at https://api.aotrust.link/mcp. Agents can discover and call 4 tools:
| Tool | Description |
|---|---|
notary_quote |
Get quote (amount, payment details) |
notary_notarize_paid |
Notarize with x402 payment on Base |
notary_verify |
Verify any PDR (signature + on-chain anchor) |
notary_notarize |
Notarize without payment (testnet only) |
MCP transport: Streamable HTTP (SSE). Auth: OAuth 2.1 + x402 payment.
The flow for an autonomous agent:
- Agent calls
notary_quote→ gets amount ($0.01) and payment details - Agent signs EIP-3009 transfer on Base (via wallet integration)
- Agent calls
notary_notarize_paidwith payment + work_hash - Agent receives PDR (239 bytes, base64)
- Agent (or any third party) calls
notary_verifyto confirm
What makes this different
| Approach | Cost | On-chain proof | Self-verifying |
|---|---|---|---|
| Chainlink oracle | $0.25–$1.00+ | Yes | No (requires oracle network) |
| Manual timestamp tx | gas cost | Yes | No (just a timestamp) |
| IPFS pin | free | No | No (mutable) |
| AOTrust PDR | $0.01 | Yes (NEAR anchor) | Yes (Ed25519 in PDR) |
The key insight: the payment anchor type (0x05 = X402_BASE) is inside the signed binary payload. This means the PDR itself proves how it was paid for, not just that it was paid. No external metadata channel required.
Open standard
The PDR v2.3 binary format is published as an open standard:
- Spec: https://github.com/GitSerge-crypto/aotrust-skills/blob/main/pdr-spec.md
- Parser: https://github.com/GitSerge-crypto/aotrust-skills/blob/main/pdr_parser.py (standalone, zero dependencies, CLI)
- Skill: https://github.com/GitSerge-crypto/aotrust-skills/blob/main/aotrust-notarize/SKILL.md (agent-ready)
- License: MIT
Anyone can build a PDR-compatible notary. The format supports multiple payment rails: NEAR direct, x402 on Base, x402 on Polygon, Agent Market escrow (provisional → settled), and reserved slots for future chains.
Current status
- Mainnet live since June 9, 2026
- 9 PDRs issued, all X402_BASE, all anchored to NEAR (3 anchor transactions)
- 4 services running: API (8741), MCP (8746), testnet API (8743), testnet MCP (8745)
- MCP listed on Glama.ai: https://glama.ai/mcp/servers/GitSerge-crypto/aotrust-skills
- Price: flat $0.01 USDC per PDR, no API key required for x402 flow
- 0 customers, 0 revenue — this is a new product looking for early adopters
Try it
# Health check
curl -s https://api.aotrust.link/health
# Get a quote (no auth needed)
curl -s https://api.aotrust.link/v1/notarize/quote \
-H "Content-Type: application/json" \
-d '{"work_hash":"0000000000000000000000000000000000000000000000000000000000000000"}'
# MCP discovery
curl -s https://api.aotrust.link/.well-known/mcp.json
If you are building autonomous AI agents and need cryptographic proof of output integrity, I would love to hear your use case. The service is live, the API is stable, and the first 9 PDRs are on mainnet.
Top comments (0)