Portable Agent Reputation Credential — a verifiable, recomputable reputation VC consumed at chapter admission
Project description
PARC — Portable Agent Reputation Credential
A verifiable, recomputable reputation Verifiable Credential consumed at chapter admission
Agent reputation today is siloed: each platform (or chapter) holds its own scores, and
an agent that moves to a new trust domain starts from zero. PARC makes reputation
portable. It wraps a Verifiable Receipts Profile (VRP)
Receipts Ledger's commitment + scores — a behavioral_merkle_root plus the reproducible,
corroborated nanda-rep/0.2 reputation_score / validity_rate / corroboration_rate —
as a W3C Verifiable Credential, signed by the originating chapter or a credentialed
auditor. A new chapter consumes it at admission: it verifies the signature and
recomputes the ledger itself, so it never has to trust the issuing chapter's live server.
The one thing PARC owns: the credential envelope + the admission gate. The commitment and scoring are VRP's; PARC makes them carriable and checkable across trust domains.
See it live
▶︎ demoparc.stellarminds.ai — an interactive viewer that re-verifies every signature and Merkle proof in your browser (no server trusted). Switch between the Admission and Three-city journey tabs; click any credential, agent, or receipt to inspect it.
A full picture-by-picture tour is in docs/WALKTHROUGH.md.
What this package secures (parc/0.1)
- Verifiable. A reputation credential is a W3C VC with an Ed25519 proof over the JCS-canonical credential — the same signing path as Agency Receipt Protocol (ARP) receipts and Delegated Authority Tokens (DATs).
- Recomputable, not asserted. The admission gate recomputes the
behavioral_merkle_rootand thenanda-rep/0.2scores from the presented ledger and rejects any divergence — a signed-but-inflated score cannot pass. - Collusion-resistant. The gate admits only on the corroborated
nanda-rep/0.2score: a credential carrying the un-corroboratednanda-rep/0.1score is rejected, and a wash-trading ring's self-dealt receipts are severed to a score of ~0, so it fails the threshold. - Adversarially tested. Hostile-path tests for: tampered credential, untrusted issuer, tampered ledger (root mismatch), issuer-inflated-and-re-signed score (score mismatch), 0.1-facet rejection, un-corroborated/severed score, below-threshold, stale, revoked, wrong-mode, and refs-only (non-recomputable).
A valid signature is not admission — the gate trusts the issuer's key, then recomputes the score and applies its own threshold, so a genuinely-signed wash credential is still rejected:
Two admission modes
- Inline (
admit) — the credential carries the subject's own receipts; the gate recomputes them fully offline. Catches self-dealing, but a single-subject graph is a star, so it cannot show an N-party collusion ring. - Pointer (
admit_over_published_ledger) — the credential names a published community ledger (credentialSubject.ledger_uri); the gate fetches it, checks it against the signed root, and re-runs the collusion severance itself, deriving the subject's severed score over the full graph. This catches N-party Sybil rings — at the cost of fetching the issuer's whole ledger (privacy + availability), and a residual that moves to ledger completeness. Seeexamples/published_ledger_admission.pyandTHREATMODEL.md.
One passport, three worlds
A single agent earns reputation transacting across a community, a marketplace, and an enterprise, carrying one PARC. Its corroborated score compounds as it goes — and that accumulated reputation is what opens the high-bar enterprise gate (shown cold, the same agent is rejected). Transactions, portability, and security in one picture:
And when the ledger grows too large to hand over, the agent reveals only the receipts worth showing plus a Merkle inclusion proof for each — confirmed under the signed root without exposing the rest:
Runnable: examples/three_city_economy.py.
What this package does NOT (yet) do
- Run the auditor. PARC verifies an auditor's attestation; who computes and signs it is deployment policy — the consumer's responsibility.
- Catch a curated ledger. Pointer mode re-severs only what the issuer published; a colluding issuer that omits the honest anchor defeats it. Closing that needs an independent receipt source (cross-attestation), not the published ledger.
- Unlinkable disclosure. Selective disclosure of which receipts happened ships today
via Merkle inclusion proofs (below); an unlinkable / BBS+ variant and a zero-knowledge
score proof are future properties; see
SPEC.md.
Features
build_reputation_credential(...)/verify_credential_proof(...)— issue + verify the VC.AdmissionPolicy+admit(...)— the inline chapter-admission gate (signature → trusted issuer → revocation/freshness → recompute root + scores → thresholds).admit_over_published_ledger(...)+subject_severed_score(...)— the pointer-mode gate: fetch the named ledger, re-verify the root, and derive the subject's collusion-severed score over the full community graph.inclusion_proof(...)+verify_inclusion(...)— selective disclosure: reveal a few receipts of a large ledger plus a Merkle inclusion proof for each, confirmed under the credential's signed root without exposing the rest.
Installation
pip install sm-parc # depends on sm-arp>=0.2.3,<0.3 (carries sm_arp.vrp)
# working draft: pip install git+https://github.com/Sharathvc23/sm-parc.git
Quick start
from sm_arp.vrp import build_ledger
from sm_parc import build_reputation_credential, AdmissionPolicy, admit
# Issuer (chapter or auditor) builds a corroborated nanda-rep/0.2 ledger from an
# agent's receipts, then a parc/0.1 VC over it.
ledger = build_ledger(subject=agent_did, receipts=receipts, method="nanda-rep/0.2",
is_valid=lambda r: verify_receipt(r).ok, as_of="2026-06-07T00:00:00Z")
vc = build_reputation_credential(ledger=ledger, issuer_sk=chapter_sk,
valid_from="2026-06-07T00:00:00Z",
valid_until="2026-07-07T00:00:00Z")
# A new chapter admits the agent — verifies the signature AND recomputes the ledger.
policy = AdmissionPolicy(trusted_issuers={chapter_did}, min_reputation_score=50.0)
result = admit(vc, policy=policy, ledger=ledger, is_valid=lambda r: verify_receipt(r).ok)
assert result.ok # admitted, without trusting the issuing chapter's server
See examples/mint_and_admit.py for a runnable end-to-end
demo (honest corroborated agent admitted; wash-trade agent rejected).
Reference fixtures
The behavioural suite under tests/ builds ledgers + credentials with deterministic test
keys and exercises every admission outcome. The suite IS the spec (see
GOVERNANCE.md); placeholder keys are test-only.
Documentation
docs/WALKTHROUGH.md— illustrated tour of the viewer + the mechanisms.SPEC.md— normative credential + admission profile (working draft).WHITEPAPER.md— design rationale.THREATMODEL.md— what the gate does and does not defend.GLOSSARY.md— every acronym (ARP, VRP, PARC, DAT, …) expanded.
Related packages
| Package | Role |
|---|---|
sm-arp |
Agency Receipts + the VRP core (sm_arp.vrp) PARC composes |
sm-conformance |
the signed-badge / signing infrastructure pattern |
License
Built at labs.stellarminds.ai.
First published: 2026-06-07 | Last modified: 2026-06-21
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file sm_parc-0.2.2.tar.gz.
File metadata
- Download URL: sm_parc-0.2.2.tar.gz
- Upload date:
- Size: 50.6 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
81247bcbdef4c4877308bd62be6b279a0bd93f5194060a97ca8e9cebabe6669b
|
|
| MD5 |
cd24f58b5ac1967d81ed62f062c61812
|
|
| BLAKE2b-256 |
5bbe08ec22f042d5db5736768b393bc379cf7ca2517fba3725fb74c0c3b2aaa4
|
Provenance
The following attestation bundles were made for sm_parc-0.2.2.tar.gz:
Publisher:
publish.yml on Sharathvc23/sm-parc
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
sm_parc-0.2.2.tar.gz -
Subject digest:
81247bcbdef4c4877308bd62be6b279a0bd93f5194060a97ca8e9cebabe6669b - Sigstore transparency entry: 2064780892
- Sigstore integration time:
-
Permalink:
Sharathvc23/sm-parc@5a6d9ab698fc52ad84d8c2995fcebc2468356b5d -
Branch / Tag:
refs/tags/v0.2.2 - Owner: https://github.com/Sharathvc23
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@5a6d9ab698fc52ad84d8c2995fcebc2468356b5d -
Trigger Event:
push
-
Statement type:
File details
Details for the file sm_parc-0.2.2-py3-none-any.whl.
File metadata
- Download URL: sm_parc-0.2.2-py3-none-any.whl
- Upload date:
- Size: 18.3 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
95776d478000de2b8f4cd56b10f7910ad741f24ee206051c6ddd510d02b8f084
|
|
| MD5 |
3fe00256edb65d94eed9c49425d6b5ee
|
|
| BLAKE2b-256 |
601c4a06dca7492a5f4f6ced86846e61259259acc055737a111ddcfad763453e
|
Provenance
The following attestation bundles were made for sm_parc-0.2.2-py3-none-any.whl:
Publisher:
publish.yml on Sharathvc23/sm-parc
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
sm_parc-0.2.2-py3-none-any.whl -
Subject digest:
95776d478000de2b8f4cd56b10f7910ad741f24ee206051c6ddd510d02b8f084 - Sigstore transparency entry: 2064780905
- Sigstore integration time:
-
Permalink:
Sharathvc23/sm-parc@5a6d9ab698fc52ad84d8c2995fcebc2468356b5d -
Branch / Tag:
refs/tags/v0.2.2 - Owner: https://github.com/Sharathvc23
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@5a6d9ab698fc52ad84d8c2995fcebc2468356b5d -
Trigger Event:
push
-
Statement type: