VDA Witness SDK — seal your AI agent's decisions into tamper-evident, Ed25519-signed, independently-verifiable evidence (EU AI Act Art. 12). Fail-open, zero-config. Part of the Verified Digital Agents (VDA) platform.
Reason this release was yanked:
Superseded by 1.0.0 — offline verification; 0.1.x verify() requires the Witness server.
Project description
vda-witness (Python SDK)
Seal your AI agent's decisions into tamper-evident, Ed25519-signed, independently-verifiable evidence — the records EU AI Act Article 12 requires. Part of the Verified Digital Agents (VDA) platform; VDA Witness is its evidence layer.
- Fail-open: sealing never raises and never blocks your agent.
- Zero-config, zero-dependency: one import, set
WITNESS_API_KEY, standard library only. - Independently verifiable: anyone can verify a record offline, without trusting VDA.
⚠️ Read this first — what you get out of the box (custody)
Out of the box, sealing goes to the hosted Witness service on the custodial / ephemeral (test) tier: records are signed by the Witness service, not by a key you control. Every such record honestly carries custody: "custodial" and says so in plain text.
This is for building and testing. It is NOT customer-controlled signing and is NOT compliance-grade EU AI Act Article-12 evidence — do not present ephemeral custodial records to an auditor as your own controlled evidence.
For compliance-grade evidence, use customer-managed signing — you control the private key, records carry custody: "customer-managed" ("customer-controlled signing"), and Witness never sees your key. That is the tier you put in front of an auditor.
| Tier | Who holds the key | Record label | Use for |
|---|---|---|---|
| Custodial (default/ephemeral) | Witness service | custodial |
build & test |
| Customer-managed | You | customer-managed |
compliance-grade evidence |
Install
pip install vda-witness
First seal (copy-paste — works as-is)
from vda_witness import Witness
witness = Witness() # reads WITNESS_API_KEY
witness.seal(
decision={"agent": "Refund Agent", "inputs": {"amount_eur": 150},
"verdict": "PASS", "reasoning": "<= 200 and account in good standing"},
governing_rule={"ruleId": "refund.auto",
"ruleText": "Agents MAY auto-approve refunds up to EUR200 where the account is in good standing."},
)
Decorate an existing agent (code unchanged beyond the decorator)
@witness.witnessed(
to_decision=lambda args, kwargs, result: {
"agent": "Refund Agent", "inputs": kwargs,
"verdict": result["verdict"], "reasoning": result["why"],
},
rule={"ruleId": "refund.auto", "ruleText": "Agents MAY auto-approve refunds up to EUR200 ..."},
)
def decide(**request):
... # your agent, untouched — sealed automatically after it returns (fail-open, bounded)
Framework adapters
from vda_witness import witness_openai
witness_openai(client, witness, {"ruleId": "assistant.sop", "ruleText": "..."}) # seals each chat.completions.create
Anthropic, LangChain, CrewAI, and the Vercel AI SDK use the same wrap-and-seal pattern (witness.witnessed(...)); typed adapters ship per release.
Verify (no auth — the trust proposition)
witness.verify(record=my_record) # {"ok": True} — and False if anything changed
Options
Witness(api_key=None, base_url="https://witness.getvda.ai", timeout=3.0, fire_and_forget=False, on_error=None). Set fire_and_forget=True for zero added latency (seal on a background thread).
Honest scope: Witness produces the evidence (Art. 12 record-keeping), not a compliance certificate. The Article 12 Evidence Report is generated from your sealed trail; Compliance Officer attestation makes it a regulatory artefact.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file vda_witness-0.1.0.tar.gz.
File metadata
- Download URL: vda_witness-0.1.0.tar.gz
- Upload date:
- Size: 4.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.10
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
cab31e3e480eedd6aa2022e9eb534ca2cc34f005ad19a2e5a358768e931c733b
|
|
| MD5 |
dbc63b6a1329184fea18ea02f5b7c983
|
|
| BLAKE2b-256 |
4292fd9dd37445ffed50880850e31bddcd384ffefaebfeef5a9e789658758c92
|
File details
Details for the file vda_witness-0.1.0-py3-none-any.whl.
File metadata
- Download URL: vda_witness-0.1.0-py3-none-any.whl
- Upload date:
- Size: 5.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.10
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
3362cf009917b9030f18c3735b6e3efc3e542a925ff0628865abcc5bb7adcf16
|
|
| MD5 |
82cd86a13857c64741747fe14e4fac1e
|
|
| BLAKE2b-256 |
d32db2cf201ec9238141d86e61900359235840e78249555a82c8dbf61b51ffce
|