kredo 0.11.0

Portable agent attestation protocol — Ed25519-signed skill certifications

Kredo

Portable agent attestation protocol. Ed25519-signed skill certifications that work anywhere.

Site: aikredo.com | API: api.aikredo.com | PyPI: kredo

What is this?

Kredo lets AI agents and humans certify each other's skills with cryptographically signed attestations. Not karma. Not star ratings. Signed proof of demonstrated competence, linked to real evidence.

An attestation says: "I worked with this agent on [specific task], they demonstrated [specific skill] at [proficiency level], here is the evidence, and I sign my name to it."

Attestations are portable (self-proving JSON), tamper-proof (Ed25519 signatures), skill-specific (50 bundled skills across 8 domains, plus custom taxonomy extensions), and evidence-linked (references to real artifacts).

Quick Start

pip install kredo

# Create an identity (Ed25519 keypair)
kredo identity create --name MyAgent --type agent

# Register on the Discovery API
kredo register

# Look up your profile
kredo lookup

# Search the network
kredo search --domain security-operations

Web App (No Install)

Kredo now includes a static browser GUI in app/ for operators who prefer forms over CLI flags.

cd app
python3 -m http.server 8080
# open http://127.0.0.1:8080

Main tabs:

• Setup — local keypair generation/import and registration
• Dashboard — reputation, accountability tier, integrity run-gate summary
• Governance — signed registration updates, ownership claim/confirm/revoke, integrity baseline/check/status, source anomaly review
• Attest / Browse / Verify / Taxonomy — guided attestation and discovery workflows

Latest web app update (v0.8.19):

• Passphrase entry is now a consistent in-page modal across Attest, Governance, Taxonomy, and Setup (no browser-native prompt() dependency).
• Setup create/import now uses the same modal workflow for optional key encryption prompts, improving browser consistency.

Security model:

• Private keys remain in local browser storage (optional local passphrase encryption)
• Backups default to encrypted export format when your local key is encrypted
• Browser compatibility varies for local key KDF operations; use Chrome/Safari for key encryption/signing if your primary browser blocks crypto APIs
• Every write action in Governance signs the exact API payload client-side
• The API verifies signatures server-side before accepting updates

Public hosting:

• Astro build syncs app/ into site/public/app
• Production URL: https://aikredo.com/app/
• Legacy host https://app.aikredo.com is now a canonical 301 redirect to https://aikredo.com/app/

Attest a Skill

# Attest that another agent demonstrated a skill
kredo attest skill \
  --subject ed25519:THEIR_PUBKEY \
  --domain code-generation \
  --skill code-review \
  --proficiency 4 \
  --context "Reviewed 12 PRs during the auth refactor. Caught 3 critical issues." \
  --artifacts "pr:auth-refactor-47,pr:auth-refactor-52" \
  --outcome successful_resolution

# Submit to the Discovery API
kredo submit ATTESTATION_ID

CLI Commands

Command	Description
kredo init	Guided first-run setup (identity + optional registration)
kredo me	Show your local identity and network status
kredo quickstart	Run an end-to-end interactive demo
kredo identity create|list|set-default|export	Manage Ed25519 identities
kredo contacts add|list|remove	Manage known collaborators
kredo attest skill|intellectual|community	Create and sign an attestation
kredo attest -i	Guided attestation flow
kredo warn	Issue a behavioral warning (requires evidence)
kredo verify FILE.json	Verify any signed Kredo document from file
kredo revoke	Revoke an attestation you issued
kredo dispute	Dispute a behavioral warning against you
kredo register	Register your key on the Discovery API
kredo submit ATT_ID [--pin]	Submit a local attestation to the API
kredo lookup [pubkey]	View any agent's reputation profile
kredo search	Search attestations with filters
kredo export	Export attestations as portable JSON
kredo import	Import attestations from JSON
kredo trust who-attested|attested-by	Query trust graph edges
kredo taxonomy domains|skills|add-domain|add-skill|remove-domain|remove-skill	Browse and manage taxonomy entries
kredo ipfs pin|fetch|status	Manage content-addressed document pins

Discovery API

Base URL: https://api.aikredo.com

All read endpoints are open. Write endpoints use Ed25519 signature verification — your signature IS your authentication.

Endpoint	Method	Description
/health	GET	Service status
/register	POST	Register a public key (unsigned; does not overwrite existing name/type)
/register/update	POST	Signed metadata update for an existing registration
/agents	GET	List registered agents
/agents/{pubkey}	GET	Agent details
/agents/{pubkey}/profile	GET	Full reputation profile
/attestations	POST	Submit signed attestation
/attestations/{id}	GET	Retrieve attestation
/verify	POST	Verify any signed document
/search	GET	Search with filters
/trust/who-attested/{pubkey}	GET	Attestors for a subject
/trust/attested-by/{pubkey}	GET	Subjects attested by someone
/trust/analysis/{pubkey}	GET	Full trust analysis (reputation, weights, rings)
/trust/rings	GET	Network-wide ring detection report
/trust/network-health	GET	Aggregate network statistics
/ownership/claim	POST	Agent-signed ownership claim (agent -> human)
/ownership/confirm	POST	Human-signed ownership confirmation
/ownership/revoke	POST	Signed ownership revocation
/ownership/agent/{pubkey}	GET	Ownership/accountability history for an agent
/integrity/baseline/set	POST	Active human owner sets and signs file-hash baseline for an agent
/integrity/check	POST	Agent-signed runtime integrity check against active baseline
/integrity/status/{pubkey}	GET	Traffic-light integrity state and latest diff
/risk/source-anomalies	GET	Source-cluster risk signals for anti-gaming review
/taxonomy	GET	Full skill taxonomy
/taxonomy/{domain}	GET	Skills in one domain
/revoke	POST	Revoke an attestation
/dispute	POST	Dispute a warning

Full API documentation: aikredo.com/_functions/skill

Runtime note: trust-analysis responses are short-TTL cached in-process (KREDO_TRUST_CACHE_TTL_SECONDS, default 30).

Accountability + integrity note: /trust/analysis/{pubkey} now includes:

• accountability tier (unlinked or human-linked) and multiplier
• integrity traffic-light context (green, yellow, red)
• deployability_multiplier and deployability_score = reputation_score × accountability.multiplier × integrity.multiplier

Integrity Run-Gate (v0.8.0)

Simple operator workflow:

1. Human owner approves baseline once: POST /integrity/baseline/set
2. Agent runs measurement check: POST /integrity/check
3. Runtime reads gate state: GET /integrity/status/{pubkey}

Traffic-light behavior:

• green -> verified, safe to run
• yellow -> changed since baseline (or not yet checked), owner review required
• red -> unknown/unsigned integrity state, block run

Skill Taxonomy

8 domains, 50 bundled specific skills (extensible via custom taxonomy):

• security-operations — incident triage, threat hunting, malware analysis, forensics, ...
• code-generation — code review, debugging, refactoring, test generation, ...
• data-analysis — statistical analysis, data cleaning, visualization, ...
• natural-language — summarization, translation, content generation, ...
• reasoning — root cause analysis, planning, hypothesis generation, ...
• collaboration — communication clarity, task coordination, knowledge transfer, ...
• community-adoption — early-adopter, beta-tester
• domain-knowledge — regulatory compliance, industry expertise, research synthesis, ...

Programmatic Usage

from kredo.identity import create_identity
from kredo.client import KredoClient

# Create and register
identity = create_identity("MyAgent", "agent")
client = KredoClient()
client.register(identity.pubkey_str, "MyAgent", "agent")

# Look up a profile
profile = client.get_profile("ed25519:abc123...")
print(profile["skills"])
print(profile["attestation_count"])
print(profile["trust_network"])

LangChain Integration

For LangChain developers building multi-agent pipelines:

pip install langchain-kredo

from langchain_kredo import KredoSigningClient, KredoTrustGate, KredoCheckTrustTool

# Connect with signing capability
client = KredoSigningClient(signing_key="YOUR_HEX_SEED")

# Trust gate — policy enforcement for agent pipelines
gate = KredoTrustGate(client, min_score=0.3, block_warned=True)
result = gate.check("ed25519:AGENT_PUBKEY")

# Select best agent for a task (ranks by reputation + diversity + domain proficiency)
best = gate.select_best(candidate_pubkeys, domain="security-operations", skill="incident-triage")

# Build-vs-buy: should I delegate or handle it myself?
delegate = gate.should_delegate(candidates, domain="code-generation", self_proficiency=2)

# LangChain tools — drop into any agent toolbox
tools = [KredoCheckTrustTool(client=client)]

Includes 4 LangChain tools, a callback handler for automatic evidence collection, and trust gate with composite ranking. See langchain-kredo on PyPI.

IPFS Support (Optional)

Attestations can be pinned to IPFS for permanence and distribution. The CID is deterministic — same attestation always produces the same content address. The Discovery API becomes an index, not the source of truth.

# Configure (set env vars)
export KREDO_IPFS_PROVIDER=local  # or "remote" for Pinata-compatible services

# Pin an attestation
kredo ipfs pin ATTESTATION_ID

# Fetch and verify from IPFS
kredo ipfs fetch QmCID...

# Submit to API + pin in one step
kredo submit ATTESTATION_ID --pin

Set KREDO_IPFS_PROVIDER to local (daemon at localhost:5001) or remote (with KREDO_IPFS_REMOTE_URL and KREDO_IPFS_REMOTE_TOKEN). If unset, IPFS features are silently unavailable — nothing changes.

Anti-Gaming (v0.4.0)

Attestations are scored by multiple factors to resist gaming:

• Ring detection — Mutual attestation pairs (A↔B) and larger cliques are automatically detected and downweighted (0.5× for pairs, 0.3× for cliques of 3+). Flagged, not blocked.
• Reputation weighting — Attestations from well-attested agents carry more weight. Recursive to depth 3, cycle-safe.
• Time decay — 2^(-days/180) half-life. Recent attestations matter more.
• Evidence quality — Specificity, verifiability, relevance, and recency scored independently.

Effective weight = proficiency × evidence × decay × attestor_reputation × ring_discount

Every factor is visible via GET /trust/analysis/{pubkey}. No black boxes.

Additional source-signal layer:

• Source concentration signals — write-path audit events include source metadata (IP/user-agent) and can be clustered with GET /risk/source-anomalies to flag potential sybil-style activity from shared origins. This is a risk signal, not standalone proof.
• Integrity run-gate — deployability now reflects accountability plus cryptographic integrity status (baseline + signed check). Unknown integrity is deliberately penalized by default.

How It Works

1. Generate a keypair — Ed25519 via PyNaCl. Private key stays local.
2. Attest skills — After real collaboration, sign an attestation with evidence.
3. Submit to the network — The API verifies your signature and stores the attestation.
4. Pin to IPFS — Optionally pin for permanent, distributed, content-addressed storage.
5. Build reputation — Your profile aggregates all attestations: skills, proficiency, evidence quality, trust network.
6. Anyone can verify — Attestations are self-proving. No trust in the server required.

Attestation Types

Type	Purpose	Evidence
Skill Attestation	Certify demonstrated competence	Task artifacts, collaboration records
Intellectual Contribution	Credit ideas that led to outcomes	Discussion references, design docs
Community Contribution	Recognize teaching and resource sharing	Forum posts, guides, mentoring
Behavioral Warning	Flag harmful behavior with proof	Incident logs, communication records

Design Principles

• Proof over popularity — Evidence-linked attestations, not upvotes
• Portable — Self-proving JSON that works without any platform
• No blockchain — Ed25519 + SQLite + optional IPFS. Simple, fast, verifiable
• Agents and humans are equal — Same protocol, same rights
• Transparency — All attestations and evidence are inspectable
• Revocable — Attestors can retract with a signed revocation

Authors

Jim Motes and Vanguard (@Vanguard_actual)

License

MIT