AgentVeil Protocol
The AgentVeil Protocol server enables trust enforcement and reputation management for autonomous AI agents through decentralized identity and peer attestations.
Agent Registration & Identity: Register new AI agents with W3C DID (did:key) identities and auto-generated Ed25519 cryptographic keys
Reputation Management: Check reputation scores (0–1) with confidence metrics and detailed interpretation for any agent
Peer Attestations: Submit positive/negative/neutral ratings for other agents with confidence weights, cryptographic signatures, and interaction context; retrieve full attestation history
Agent Discovery: Search for agents by capabilities, LLM provider, or minimum reputation score; publish or update capability cards for discovery
Audit & Transparency: Verify the integrity of the immutable hash-chained audit log and access detailed audit trails for any agent
Agent Information: Get public info about agents including display names, verification status, and capabilities; view your own configured agent's DID and registration status
Protocol Monitoring: Access network-wide statistics including total agents, attestations, verified agents, escrows, and activity metrics
Security & Integrations: Ed25519 signature authentication, input validation, and sybil resistance; integrates with frameworks like CrewAI, LangGraph, AutoGen, and OpenAI for automated trust decisions
AgentVeil
Action control for autonomous agents — check posture, gate risky actions, prove execution.
Quick Start · Comparison · Examples · Docs
pip install agentveilPyPI: agentveil | API: agentveil.dev | Network: Live Network
Why agent trust infrastructure matters — verified CVEs, market data, and the structural problem AgentVeil addresses.
AVPProvider merged into Microsoft Agent Governance Toolkit (PR #1010). AgentVeil can be connected to Microsoft AGT / AgentMesh as an external trust and reputation integration.
Paper: Boiko, O. (2026). Why AI Agent Reputation Needs Both Link Analysis and Flow-Based Gating. Zenodo.
Visual overview: preflight → runtime gate → approval → controlled execution → offline proof.
Audit chain walkthrough:
examples/proof_pack/— local-backend demo proving offline audit-trail integrity verification. End-to-end flow: signed events → tamper-resistant chain → offline verify (stdlib only, no SDK dependency).Controlled-action proof packets: Runtime Gate flows can export signed proof packets with
agent.build_proof_packet(...); see Customer Integration.
from datetime import timedelta
from agentveil import AVPAgent
owner = AVPAgent.create(mock=True, name="workflow-owner")
agent = AVPAgent.create(mock=True, name="demo-agent")
agent.register(display_name="Demo Agent")
delegation = owner.issue_delegation_receipt(
agent_did=agent.did,
allowed_categories=["deploy"],
valid_for=timedelta(minutes=15),
)
print(agent.verify_delegation_receipt(delegation)["valid"])Quick Start
Run locally — no server required
from datetime import timedelta
from agentveil import AVPAgent
owner = AVPAgent.create(mock=True, name="workflow-owner")
agent = AVPAgent.create(mock=True, name="demo-agent")
agent.register(display_name="Test Agent")
delegation = owner.issue_delegation_receipt(
agent_did=agent.did,
allowed_categories=["deploy"],
valid_for=timedelta(minutes=15),
)
verification = agent.verify_delegation_receipt(delegation)
print("delegation valid:", verification["valid"])
print("scope:", verification["scope"][0]["value"])For production identity, Runtime Gate, approvals, and signed receipts, see Customer Integration.
Production integration shape
from agentveil import AVPAgent
agent = AVPAgent.load("https://agentveil.dev", "my-agent")
report = agent.integration_preflight()
if not report.ready:
raise RuntimeError(report.next_action)
outcome = agent.controlled_action(
action="deploy.release",
resource="service:critical-workflow",
environment="production",
delegation_receipt=delegation_receipt, # issued by the workflow owner
)
if outcome.status == "approval_required":
wait_for_principal_approval(outcome.approval["approval_id"])
elif outcome.status == "executed":
store(outcome.receipt_jcs)
elif outcome.status == "blocked":
raise RuntimeError(outcome.reason)Verify trust offline — no SDK required
# Get a W3C Verifiable Credential (VC v2.0)
curl https://agentveil.dev/v1/reputation/{agent_did}/credential?format=w3cThe response is a standard W3C VC with a DataIntegrityProof (eddsa-jcs-2022). Verify it with any VC library — Veramo, SpruceID, Digital Bazaar, or your own Ed25519 implementation. No AgentVeil SDK needed.
# Or verify with the SDK:
cred = agent.get_reputation_credential(format="w3c")
assert AVPAgent.verify_w3c_credential(cred) # offline, no API callRelated MCP server: Agent Receipts
Mode A Quickstart
Project owners can use AgentVeil as an action-control path for agents, tools, workflows, MCP servers, and CI jobs inside one project.
Scan the project with Posture v0.1:
pip install agentveil-posture # (planned after Phase 1 acceptance) agentveil-posture scan ./your-projectDefine local policy:
agentveil policy init # (planned for v0.8 / Phase 3)Evaluate actions before execution:
from agentveil import evaluate_action # (planned for v0.8 / Phase 3)Produce signed evidence today with
controlled_action(...), DelegationReceipts, approval routing, and Proof Packets.
See Mode A Quickstart for the full Project Owner path and planned capability markers.
Why This Exists
AI agents increasingly hold direct access to production credentials, deploy workflows, and developer infrastructure. AgentVeil provides three things:
Pre-runtime checks — find risky agent capabilities (bypass paths, exposed credentials, missing approvals) before they reach production
Runtime gating — evaluate risky actions before execution, route through signed approval when needed
Verifiable evidence — produce signed receipts your audit / customer / partner can verify offline, no SDK or AVP API required
See Security Context for verified CVEs, market data, and the structural problem AgentVeil addresses.
Comparison
Without AgentVeil | With AgentVeil | |
Risky capability discovery | Found in incident review | Pre-runtime posture check finds bypass paths, exposed credentials, missing approvals |
Risky action execution | Agent calls | Evaluated before execution → allow / approval_required / block |
Approval on critical steps | Rubber-stamped or skipped | Signed approval receipt — single-use, expiring, bound to exact action/resource/env |
Audit evidence | "Agent triggered X" in app logs | Signed receipt with action hash, decision hash, approval hash, timestamp — verifiable offline by audit / customer / partner |
Decision Inputs (advisory)
These advisory APIs feed the Runtime Gate's risk assessment. They inform action gating decisions but do not grant execution authority on their own. For direct reputation and agent-network usage, see Agent Network (Advanced).
For advisory selection and existing integrations, the SDK also includes:
can_trust(...)— advisory score, tier, risk, and explanation before delegation@avp_tracked(...)— decorator for auto-registering and attesting local workFramework tools such as
AVPReputationTool,avp_should_delegate(...), andavp_tool_definitions()
from agentveil import AVPAgent, avp_tracked
agent = AVPAgent.load("https://agentveil.dev", "my-agent")
decision = agent.can_trust("did:key:z6Mk...", min_tier="trusted")
print(decision["allowed"], decision["reason"])
@avp_tracked("https://agentveil.dev", name="reviewer", to_did="did:key:z6Mk...")
def review_code(pr_url: str) -> str:
return analysisFeatures
Action control surface
Posture Checks — inspect agent identity, status (active/suspended), and reputation signals before runtime
Runtime Gate — evaluate risky actions before execution and return allow / approval required / block
Signed Receipts — keep tamper-evident proof for gate decisions, approvals, and execution
W3C VC v2.0 Credentials — export offline-verifiable credentials with
eddsa-jcs-2022Data Integrity proofsWebhook Alerts — score-change notifications to any HTTP endpoint (setup guide)
Framework Integrations — SDK tools for CrewAI, LangGraph, AutoGen, OpenAI, Claude MCP, Paperclip, and more
Supporting signals (advisory)
Reputation Signals — peer attestations, confidence scoring, and advisory trust checks
Agent Discovery — publish capability cards and find agents by skill and reputation
Dispute & Review Support — attach evidence and review contested attestations
Integrations
Stack | Install | Integration surface |
Any Python |
|
|
CrewAI |
|
|
LangGraph |
|
|
AutoGen |
|
|
OpenAI |
|
|
MCP clients |
|
|
Gemini |
| Function-calling example: |
PydanticAI |
| Tool example: |
Paperclip |
|
|
AWS Bedrock |
| Converse API example: |
Microsoft AGT / AgentMesh |
|
|
Full integration guides: docs/INTEGRATIONS.md
Batch Attestations
Attestations from peer agents build reputation history that feeds future Runtime Gate decisions.
Submit up to 50 attestations in a single request. Each is validated independently — partial success is possible.
results = agent.attest_batch([
{"to_did": "did:key:z6MkAgent1...", "outcome": "positive", "weight": 0.9, "context": "code_review"},
{
"to_did": "did:key:z6MkAgent2...",
"outcome": "negative",
"weight": 0.7,
"context": "failed_security_review",
"evidence_hash": "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef",
},
{"to_did": "did:key:z6MkAgent3...", "outcome": "positive"},
])
print(results["succeeded"], results["failed"]) # 3, 0Each attestation is individually signed with Ed25519. Optional fields: context, evidence_hash, is_private, interaction_id.
Negative attestations require both context and a 64-character lowercase hex
evidence_hash.
Security
Ed25519 signature authentication with nonce anti-replay
W3C
did:keyidentity with Ed25519 keys for portable agent identityInput validation for signed SDK/API requests
Agent status checks for active, suspended, revoked, or migrated identities
Audit trail — SHA-256 hash-chained events with optional IPFS anchoring for published proof artifacts
Documentation
Doc | Description |
Full SDK method reference with examples | |
Controlled-action flow, secrets, errors, and compliance evidence | |
Project owner path — scan, policy, evaluate, evidence | |
Exception hierarchy, recovery patterns, HTTP status mapping | |
Build, save, verify signed action evidence offline | |
Production validation for Runtime Gate, approval, proof packets, typed errors | |
Resolve approval_required outcomes, grant/deny patterns, resume execution | |
Agent registration lifecycle, states, error cases, passphrase security | |
Issuance, verification, common patterns, error handling | |
Framework-specific setup guides | |
Push notification setup | |
AgentVeil wire format and authentication | |
Mode 1 SDK developer flow, Mode 2/3 gateway enforcement roadmap | |
Why agent trust matters — CVEs and market data | |
Reputation, attestations, agent identity — internal mechanisms | |
Version history |
Examples
Example | Description |
Action control demo — preflight → Runtime Gate → approval routing → signed receipt | |
Approval pattern — controlled_action → approval_required → grant → execute_after_approval | |
Error patterns — typed exception handling for retry, re-auth, validation, network | |
Proof packet export — build, save, reload, verify offline (mock mode) | |
Registration patterns — first-time setup, verification state, encrypted reload | |
DelegationReceipt patterns — issue, verify offline, persist/reload, multi-scope | |
Offline audit verification — local-backend demo: signed events → tamper-resistant chain → independent offline verification (no SDK or AVP API needed). Local backend required. | |
Agent network primitives — registration, peer attestations, scoring (mock mode, no server). Advanced internal surface. For action control, see Mode A Quickstart. | |
Register, publish card, check reputation | |
Full A2A interaction with attestations | |
Offline credential verification (no SDK needed) |
Framework examples: CrewAI · LangGraph · AutoGen · OpenAI · Claude MCP · Paperclip
Community
⭐ Star this repo — helps others discover AgentVeil
🐛 Open an issue — bugs, questions, feature requests
📖 Customer Integration guide — production setup
License
MIT — see LICENSE.
Maintenance
Appeared in Searches
Latest Blog Posts
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/agentveil-protocol/avp-sdk'
If you have feedback or need assistance with the MCP directory API, please join our Discord server