{"id":46459186,"url":"https://github.com/provnai/attest","last_synced_at":"2026-03-11T08:01:02.427Z","repository":{"id":342396284,"uuid":"1173309661","full_name":"provnai/attest","owner":"provnai","description":"Attest Protocol Silicon-rooted trust and zero-knowledge provenance for AI agents. Features hardware-sealed identity (TPM/CNG), Plonky3 ZK-STARK audit trails, and Quantum Undo (Reversible Execution) in Go \u0026 Rust.","archived":false,"fork":false,"pushed_at":"2026-03-10T08:54:20.000Z","size":12618,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"master","last_synced_at":"2026-03-10T12:59:44.428Z","etag":null,"topics":["ai-agents","artificial-intelligence","audit-log","cryptography","cybersecurity","golang","hardware-security","plonky3","provenance","rust","sqlite","state-management","tpm","undo","zk-starks"],"latest_commit_sha":null,"homepage":"https://provnai.com/links","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/provnai.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-03-05T08:19:47.000Z","updated_at":"2026-03-10T08:54:24.000Z","dependencies_parsed_at":"2026-03-10T07:17:10.722Z","dependency_job_id":null,"html_url":"https://github.com/provnai/attest","commit_stats":null,"previous_names":["provnai/attest"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/provnai/attest","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/provnai%2Fattest","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/provnai%2Fattest/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/provnai%2Fattest/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/provnai%2Fattest/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/provnai","download_url":"https://codeload.github.com/provnai/attest/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/provnai%2Fattest/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30375451,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-11T06:09:32.197Z","status":"ssl_error","status_checked_at":"2026-03-11T06:09:17.086Z","response_time":84,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ai-agents","artificial-intelligence","audit-log","cryptography","cybersecurity","golang","hardware-security","plonky3","provenance","rust","sqlite","state-management","tpm","undo","zk-starks"],"created_at":"2026-03-06T03:01:45.824Z","updated_at":"2026-03-11T08:01:02.382Z","avatar_url":"https://github.com/provnai.png","language":"Go","readme":"# Attest Protocol\n\n**The hardware-rooted identity and zero-trust provenance protocol for AI agents.**\n\nHardware identity • ZK-STARK audit trails • Glassbox Provenance • Production-ready FFI — all in Rust.\n\n[![GitHub Stars](https://img.shields.io/github/stars/provnai/attest?style=flat-square\u0026color=gold)](https://github.com/provnai/attest/stargazers)\n[![License](https://img.shields.io/badge/License-Apache_2.0-blue.svg?style=flat-square)](https://opensource.org/licenses/Apache-2.0)\n[![CI](https://github.com/provnai/attest/actions/workflows/ci.yml/badge.svg)](https://github.com/provnai/attest/actions)\n[![Go Reference](https://img.shields.io/badge/go.dev-reference-007d9c?logo=go\u0026logoColor=white\u0026style=flat-square)](https://pkg.go.dev/github.com/provnai/attest)\n\n\n[📚 Documentation](https://provnai.dev/docs) | [🔧 Rustdocs](https://provnai.dev/rustdoc) | [💬 Discord](https://discord.gg/provnai)\n\n---\n\n## Prerequisites\n\n*   **Rust 1.75+** with Cargo package manager (for `attest-rs` and `vex-hardware`).\n*   **Go 1.21+** with the standard Cobra/Viper toolchain (for the main CLI).\n*   **TPM 2.0** (Linux via `tss-esapi`) or **Microsoft CNG** (Windows via `windows-sys`) for hardware-rooted identity.\n*   **SQLite 3.35+** (handled automatically via the pure-Go `modernc.org/sqlite` bridge — no CGO required).\n\n---\n\n## Why Attest?\n\n| Problem | Attest Solution |\n| :--- | :--- |\n| **Spoofed Identity** | Keys are sealed to the silicon (TPM/CNG). The `aid:\u003csha256-prefix\u003e` ID is deterministically derived from the hardware-bound public key. |\n| **Silent Failures** | ZK-STARK proofs (Plonky3 + Goldilocks) mathematically compress entire audit trails into verifiable artifacts. |\n| **Unauditable Logic** | Every declared `intent` is cryptographically linked to every `exec` that follows it, forming a tamper-evident chain. |\n| **Dangerous Actions** | The policy engine evaluates agent actions in real-time, blocking harmful commands before they execute. |\n| **Irreversible Mistakes** | The `quantum` system creates verifiable state checkpoints so execution can be safely rewound. |\n\n---\n\n## ✨ What's New in v0.1.0\n\n*   🧬 **Hardened ZK-STARK Prover**: Full Plonky3 integration using Goldilocks fields and Two-Adic FRI. Hardened against public input forgery and serialization corruption.\n*   🛡️ **VEX-Hardware Isolation**: Independent `vex-hardware` crate for high-assurance TEE key management with strict `Zeroize` memory hygiene.\n*   🚦 **VEX Cognitive Binding**: Native `with_identity()` support for the VEX Orchestrator, enabling hardware-anchored evolutionary mutation trails.\n*   📦 **CGO-Free Storage**: Migrated to `modernc.org/sqlite` for 100% portable, zero-warning cross-compilation on all platforms.\n*   ⚛️ **Quantum Undo System**: Time-travel checkpointing with `diff`, `timeline`, `undo`, and `branch` support.\n\n---\n\n## Quick Start\n\n```bash\n# 1. Build the Rust security core, then the Go CLI\nmake build\n\n# 2. Run the full test suite (Go + Rust)\nmake test\n\n# 3. Initialize Attest in your project\nattest init\n\n# 4. Create a hardware-sealed agent identity\nattest agent create --name \"my-agent\" --type langchain\n```\n\n---\n\n## 🛠️ CLI Reference\n\n### Top-Level Commands\n\n| Command | Description |\n| :--- | :--- |\n| `attest init` | Initialize the `.attest` security directory and SQLite database. |\n| `attest agent` | Manage cryptographic agent identities (Ed25519 keypairs). |\n| `attest intent` | Declare the goal (\"the why\") before an agent executes anything. |\n| `attest exec` | Execute a reversible command with automatic state backup. |\n| `attest verify` | Verify a cryptographic signature or run a full ZK-STARK verification. |\n| `attest policy` | Define and enforce safety rules (allow, warn, block). |\n| `attest query` | Query the attestation audit log. |\n| `attest git` | Integrate Attest into Git via pre-commit hooks. |\n| `attest identity` | View the current hardware identity bound to this machine. |\n| `attest hardware` | Seal/Unseal data via TPM/CNG hardware security directly. |\n| `attest quantum` | Time-travel checkpoint system for rollback and state diffing. |\n\n### `attest agent` Subcommands\n\n```bash\nattest agent create --name \"my-agent\" --type langchain   # Types: generic, langchain, autogen, crewai, custom\nattest agent list                                         # Lists all agents (active + revoked)\nattest agent show aid:12345678                            # Show full agent details\nattest agent export aid:12345678                          # Export public key\nattest agent import /path/to/agent-backup.json           # Restore from export\nattest agent delete aid:12345678                          # Revoke an agent permanently\n```\n\n### `attest quantum` Subcommands\n\n```bash\nattest quantum timeline                          # Visual timeline of all checkpoints\nattest quantum diff chk:abc123                   # Compare checkpoint to current state\nattest quantum undo chk:abc123                   # Revert filesystem to checkpoint state\nattest quantum undo --dry-run chk:abc123         # Preview changes without applying\nattest quantum branch chk:abc123 experiment-v1  # Fork a parallel state from a checkpoint\n```\n\n### `attest verify` — ZK-STARK Proof\n\n```bash\n# Verify a standard Ed25519 signature\nattest verify \u003cattestation-id\u003e\n\n# Deep mathematical verification via Plonky3 ZK-STARK\nattest verify --zk \u003cattestation-id\u003e\n```\n\n---\n\n## ⚙️ Environment Variables\n\nAll environment variables use the `ATTEST_` prefix (set automatically via Viper).\n\n| Variable | Default | Description |\n| :--- | :--- | :--- |\n| `ATTEST_DATA_DIR` | `~/.attest` | Path to the local security and SQLite storage directory. |\n| `ATTEST_LOG_LEVEL` | `info` | Logging verbosity: `debug`, `info`, `warn`, `error`. |\n| `DATABASE_URL` | `~/.attest/attest.db` | Override the DB path (SQLite or Postgres URI). |\n\n---\n\n## 🧬 **Glassbox Provenance** (VEX Binding)\n\nThe primary way to use Attest is by anchoring a VEX agent to a hardware-root identity. This creates a mathematically bulletproof audit trail for every cognitive cycle.\n\n```rust\nuse std::sync::Arc;\nuse vex_hardware::{HardwareKeystore, AgentIdentity};\nuse vex_runtime::Orchestrator;\nuse vex_persist::AuditStore;\n\n#[tokio::main]\nasync fn main() -\u003e Result\u003c(), Box\u003cdyn std::error::Error\u003e\u003e {\n    // 1. Initialize connection to the hardware (TPM2 on Linux, CNG on Windows).\n    //    Falls back to software if VEX_HARDWARE_ATTESTATION != \"true\".\n    let keystore = HardwareKeystore::new().await?;\n\n    // 2. Seal your agent's Ed25519 seed to the hardware chip once.\n    //    Store `sealed_blob` in your persistence layer (e.g. AuditStore).\n    let seed: [u8; 32] = /* load or generate your seed */ [0u8; 32];\n    let sealed_blob = keystore.seal_identity(\u0026seed).await?;\n\n    // 3. Unseal the identity for real-time signing from the stored blob.\n    let identity: Arc\u003cAgentIdentity\u003e = Arc::new(\n        keystore.get_identity(\u0026sealed_blob).await?\n    );\n    // identity.agent_id = \"\u003cuuid derived from ed25519 pubkey via SHA-256\u003e\"\n\n    // 4. Bind identity to the VEX Orchestrator.\n    //    Every action and evolution is now hardware-signed and ZK-provable.\n    let orchestrator = Orchestrator::new(llm_provider, memory, None)\n        .with_identity(identity, Arc::new(AuditStore::new(backend)));\n\n    Ok(())\n}\n```\n\n\n---\n\n## Testing \u0026 Quality\n\n```bash\n# Full test suite (Go with race detection + Rust)\nmake test\n\n# Rust ZK-STARK unit tests in release mode\ncd attest-rs \u0026\u0026 cargo test --release\n\n# Clippy — zero warnings enforced\ncd attest-rs \u0026\u0026 cargo clippy --all-targets -- -D warnings\n```\n\n---\n\n## 📐 Architecture\n\n```text\n┌─────────────────────────────────────────────────────────────────┐\n│  Attest CLI    │ System-level management (Go + Cobra)           │\n│                │ agent, intent, exec, policy, quantum, git...   │\n├────────────────┼────────────────────────────────────────────────┤\n│  pkg/bridge    │ FFI Layer — CGO-free SQLite bridge             │\n│  pkg/storage   │ SQLite DB migrations, audit log storage        │\n│  pkg/guardrails│ Checkpoint management (quantum undo system)    │\n├────────────────┼────────────────────────────────────────────────┤\n│  attest-rs     │ Plonky3 ZK-STARK Prover, AuditAir constraints  │\n│                │ FRI hardening, forgery-proof verification.     │\n├────────────────┼────────────────────────────────────────────────┤\n│  vex-hardware  │ TPM2 (Linux) and CNG (Windows) key synthesis,  │\n│                │ Ed25519 signing, Zeroize memory hygiene.       │\n├────────────────┼────────────────────────────────────────────────┤\n│  sdk/python    │ Native Python client + LangChain callbacks     │\n│  sdk/js        │ TypeScript-first Node.js client                │\n└────────────────┴────────────────────────────────────────────────┘\n```\n\n[📐 Full Architecture Document →](docs/architecture.md)\n\n---\n\n## 🛡️ Production Features\n\n### 🔐 Security \u0026 Isolation\n*   **TPM2/CNG Binding**: Private keys are hardware-sealed and never exposed to the host OS in plaintext.\n*   **Memory Zeroization**: Strict use of the `Zeroize` trait for all cryptographic material at drop.\n*   **JCS Deterministic Signing**: RFC 8785 serialization ensures identical signatures across heterogeneous systems.\n*   **Ed25519 Identities**: Agent IDs are derived as `aid:ed25519:\u003chex_pubkey\u003e` — uniquely and deterministically addressable, with a 1:1 mapping to VEX agent UUIDs via SHA-256.\n\n### ⚡ Performance\n*   **Async-First**: Non-blocking I/O for all hardware and database operations (Tokio runtime).\n*   **Optimized STARKs**: Goldilocks-based field arithmetic for millisecond-range proof verification.\n*   **FFI Efficiency**: Direct memory mapping between Go CLI and Rust backend with minimal overhead.\n\n### 🚀 Resilience\n*   **CGO-Free Storage**: Absolute portability via `modernc.org/sqlite` — no C compiler required.\n*   **Graceful Fallback**: Automatic software-signing fallback if TEE hardware is absent.\n*   **Reversible Execution**: Automatic state snapshots before every `exec` with hash-verified restoration.\n\n---\n\n## 🔗 The ProvnAI Ecosystem\n\nAttest is the foundational anchor of a multi-layered trust stack designed for the agentic era:\n\n- **1. Identity** (Attest Protocol - This repo): Hardware identity + ZK-STARK audit trails.\n- **2. Cognition** ([VEX Protocol](https://github.com/provnai/vex)): Adversarial verification and temporal memory.\n- **3. Safety Brake** ([Vex-Halt](https://github.com/provnai/vex-halt)): Emergency circuit breaker and verification benchmark.\n- **4. Governance** ([McpVanguard](https://github.com/provnai/mcp-vanguard)): Distributed security proxy and guardrail enforcement.\n- **5. Demonstration** ([VexEvolve](https://www.vexevolve.com)): Production AI newsroom swarm (Live).\n- **6. Developer** ([provnai.dev](https://provnai.dev)): Documentation \u0026 Rustdoc portal.\n\n---\n\n## License\n\nApache-2.0 — See [LICENSE](LICENSE)\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fprovnai%2Fattest","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fprovnai%2Fattest","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fprovnai%2Fattest/lists"}