AttestLayer

Program lane

AGENT-01 — AI agent authority and action evidence

AGENT-01 packets record what an AI agent was authorized to do, what it actually did, and the human or system signal that approved the action. The lane is designed for platform/API rollouts, agentic workflows, and AI-mediated transactions where reviewers need a structured record of agent authority and action.

Evidence profileRecord-onlyVerifier-friendlyNot a certification

A program lane is a packet structure and an evidence-expectation profile. It is not a certification, audit opinion, or legal/regulatory approval.

Where AGENT-01 fits

AI / agent platforms

Platforms running scoped agents that take actions on behalf of users or operators.

Agentic SaaS

SaaS products embedding agent-driven workflows that need an audit-friendly record per action.

Public-sector pilots

Pilots evaluating AI-mediated processes that require structured authority and action evidence.

Insurers and underwriters

Counterparties evaluating AI exposure who want a consistent packet for diligence reviews.

What the AGENT-01 packet records

Authority record

Who authorized the agent, scope of authority, and time window.

Action record

What the agent did, when, against what target, and the action result.

Approval signal

Human or system signal that approved the action, including identity reference.

Verification path

Binder, manifest, signed receipt, hash trail, JWKS, offline verifier.

What AGENT-01 does not do

  • does not certify the underlying compliance, security, or legal state
  • does not promise buyer, regulator, insurer, PSP, or auditor acceptance
  • does not opine on the truthfulness of submitted records
  • does not replace audit, regulatory, legal, or insurance review

Request Program review See illustrative case examples

The AttestLayer trust model

AttestLayer’s trust model is intentionally narrow. It records what was submitted, what was accepted into scope, what was issued, and how the issued kit can be checked.

The model uses

  • SHA-256 artifact hashing
  • manifest-based evidence inventory
  • canonical receipt hashing
  • Ed25519 receipt signatures
  • JWKS public-key discovery
  • offline verification
  • fail-closed verification behavior

What it proves

  • files match the manifest
  • manifest matches the receipt
  • receipt key ID matches a public key
  • receipt signature verifies
  • the kit has not been modified since issuance

What it does not prove

  • company compliance status
  • company security status
  • controls are operating effectively
  • a buyer, auditor, insurer, bank, regulator, or PSP has accepted the packet
  • the evidence content is legally sufficient

Integrity and issuance evidence only. Not audit, certification, or compliance guarantee.