Skip to main content

VDA Witness SDK — seal your AI agent's decisions into tamper-evident, Ed25519-signed, independently-verifiable evidence (EU AI Act Art. 12). Fail-open, zero-config. Part of the Verified Digital Agents (VDA) platform.

Reason this release was yanked:

Superseded by 1.0.0 — offline verification; 0.1.x verify() requires the Witness server.

Project description

vda-witness (Python SDK)

Seal your AI agent's decisions into tamper-evident, Ed25519-signed, independently-verifiable evidence — the records EU AI Act Article 12 requires. Part of the Verified Digital Agents (VDA) platform; VDA Witness is its evidence layer.

  • Fail-open: sealing never raises and never blocks your agent.
  • Zero-config, zero-dependency: one import, set WITNESS_API_KEY, standard library only.
  • Independently verifiable: anyone can verify a record offline, without trusting VDA.

⚠️ Read this first — what you get out of the box (custody)

Out of the box, sealing goes to the hosted Witness service on the custodial / ephemeral (test) tier: records are signed by the Witness service, not by a key you control. Every such record honestly carries custody: "custodial" and says so in plain text.

This is for building and testing. It is NOT customer-controlled signing and is NOT compliance-grade EU AI Act Article-12 evidence — do not present ephemeral custodial records to an auditor as your own controlled evidence.

For compliance-grade evidence, use customer-managed signing — you control the private key, records carry custody: "customer-managed" ("customer-controlled signing"), and Witness never sees your key. That is the tier you put in front of an auditor.

Tier Who holds the key Record label Use for
Custodial (default/ephemeral) Witness service custodial build & test
Customer-managed You customer-managed compliance-grade evidence

Install

pip install vda-witness

First seal (copy-paste — works as-is)

from vda_witness import Witness

witness = Witness()  # reads WITNESS_API_KEY

witness.seal(
    decision={"agent": "Refund Agent", "inputs": {"amount_eur": 150},
              "verdict": "PASS", "reasoning": "<= 200 and account in good standing"},
    governing_rule={"ruleId": "refund.auto",
                    "ruleText": "Agents MAY auto-approve refunds up to EUR200 where the account is in good standing."},
)

Decorate an existing agent (code unchanged beyond the decorator)

@witness.witnessed(
    to_decision=lambda args, kwargs, result: {
        "agent": "Refund Agent", "inputs": kwargs,
        "verdict": result["verdict"], "reasoning": result["why"],
    },
    rule={"ruleId": "refund.auto", "ruleText": "Agents MAY auto-approve refunds up to EUR200 ..."},
)
def decide(**request):
    ...  # your agent, untouched — sealed automatically after it returns (fail-open, bounded)

Framework adapters

from vda_witness import witness_openai
witness_openai(client, witness, {"ruleId": "assistant.sop", "ruleText": "..."})  # seals each chat.completions.create

Anthropic, LangChain, CrewAI, and the Vercel AI SDK use the same wrap-and-seal pattern (witness.witnessed(...)); typed adapters ship per release.

Verify (no auth — the trust proposition)

witness.verify(record=my_record)   # {"ok": True} — and False if anything changed

Options

Witness(api_key=None, base_url="https://witness.getvda.ai", timeout=3.0, fire_and_forget=False, on_error=None). Set fire_and_forget=True for zero added latency (seal on a background thread).

Honest scope: Witness produces the evidence (Art. 12 record-keeping), not a compliance certificate. The Article 12 Evidence Report is generated from your sealed trail; Compliance Officer attestation makes it a regulatory artefact.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

vda_witness-0.1.0.tar.gz (4.3 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

vda_witness-0.1.0-py3-none-any.whl (5.0 kB view details)

Uploaded Python 3

File details

Details for the file vda_witness-0.1.0.tar.gz.

File metadata

  • Download URL: vda_witness-0.1.0.tar.gz
  • Upload date:
  • Size: 4.3 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.12.10

File hashes

Hashes for vda_witness-0.1.0.tar.gz
Algorithm Hash digest
SHA256 cab31e3e480eedd6aa2022e9eb534ca2cc34f005ad19a2e5a358768e931c733b
MD5 dbc63b6a1329184fea18ea02f5b7c983
BLAKE2b-256 4292fd9dd37445ffed50880850e31bddcd384ffefaebfeef5a9e789658758c92

See more details on using hashes here.

File details

Details for the file vda_witness-0.1.0-py3-none-any.whl.

File metadata

  • Download URL: vda_witness-0.1.0-py3-none-any.whl
  • Upload date:
  • Size: 5.0 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.12.10

File hashes

Hashes for vda_witness-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 3362cf009917b9030f18c3735b6e3efc3e542a925ff0628865abcc5bb7adcf16
MD5 82cd86a13857c64741747fe14e4fac1e
BLAKE2b-256 d32db2cf201ec9238141d86e61900359235840e78249555a82c8dbf61b51ffce

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page