Skip to main content

VDA Witness SDK — seal your AI agent's decisions into tamper-evident, Ed25519-signed, independently-verifiable evidence (EU AI Act Art. 12). Fail-open, zero-config. Part of the Verified Digital Agents (VDA) platform.

Reason this release was yanked:

Superseded by 1.0.0 — offline verification; 0.1.x verify() requires the Witness server.

Project description

vda-witness (Python SDK)

Seal your AI agent's decisions into tamper-evident, Ed25519-signed, independently-verifiable evidence — the records EU AI Act Article 12 requires. Part of the Verified Digital Agents (VDA) platform; VDA Witness is its evidence layer.

  • Fail-open: sealing never raises and never blocks your agent.
  • Zero-config, zero-dependency: one import, set WITNESS_API_KEY, standard library only.
  • Independently verifiable: anyone can verify a record offline, without trusting VDA.

⚠️ Read this first — what you get out of the box (custody)

Out of the box, sealing goes to the hosted Witness service on the custodial / ephemeral (test) tier: records are signed by the Witness service, not by a key you control. Every such record honestly carries custody: "custodial" and says so in plain text.

This is for building and testing. It is NOT customer-controlled signing and is NOT compliance-grade EU AI Act Article-12 evidence — do not present ephemeral custodial records to an auditor as your own controlled evidence.

For compliance-grade evidence, use customer-managed signing — you control the private key, records carry custody: "customer-managed" ("customer-controlled signing"), and Witness never sees your key. That is the tier you put in front of an auditor.

Tier Who holds the key Record label Use for
Custodial (default/ephemeral) Witness service custodial build & test
Customer-managed You customer-managed compliance-grade evidence

Install

pip install vda-witness

First seal (copy-paste — works as-is)

from vda_witness import Witness

witness = Witness()  # reads WITNESS_API_KEY

witness.seal(
    decision={"agent": "Refund Agent", "inputs": {"amount_eur": 150},
              "verdict": "PASS", "reasoning": "<= 200 and account in good standing"},
    governing_rule={"ruleId": "refund.auto",
                    "ruleText": "Agents MAY auto-approve refunds up to EUR200 where the account is in good standing."},
)

Decorate an existing agent (code unchanged beyond the decorator)

@witness.witnessed(
    to_decision=lambda args, kwargs, result: {
        "agent": "Refund Agent", "inputs": kwargs,
        "verdict": result["verdict"], "reasoning": result["why"],
    },
    rule={"ruleId": "refund.auto", "ruleText": "Agents MAY auto-approve refunds up to EUR200 ..."},
)
def decide(**request):
    ...  # your agent, untouched — sealed automatically after it returns (fail-open, bounded)

Framework adapters

from vda_witness import witness_openai
witness_openai(client, witness, {"ruleId": "assistant.sop", "ruleText": "..."})  # seals each chat.completions.create

Anthropic, LangChain, CrewAI, and the Vercel AI SDK use the same wrap-and-seal pattern (witness.witnessed(...)); typed adapters ship per release.

Verify (no auth — the trust proposition)

witness.verify(record=my_record)   # {"ok": True} — and False if anything changed

Options

Witness(api_key=None, base_url="https://witness.getvda.ai", timeout=3.0, fire_and_forget=False, on_error=None). Set fire_and_forget=True for zero added latency (seal on a background thread).

Honest scope: Witness produces the evidence (Art. 12 record-keeping), not a compliance certificate. The Article 12 Evidence Report is generated from your sealed trail; Compliance Officer attestation makes it a regulatory artefact.

License

Apache-2.0 licensed — see LICENSE.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

vda_witness-0.1.1.tar.gz (8.3 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

vda_witness-0.1.1-py3-none-any.whl (9.2 kB view details)

Uploaded Python 3

File details

Details for the file vda_witness-0.1.1.tar.gz.

File metadata

  • Download URL: vda_witness-0.1.1.tar.gz
  • Upload date:
  • Size: 8.3 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.12.10

File hashes

Hashes for vda_witness-0.1.1.tar.gz
Algorithm Hash digest
SHA256 b7276285e4a73d1b9b5cdd7c14d1e4dd63788db4ae5167e9bb8bb4b2a8e13ae6
MD5 dc2ac0e13e868c916a3741b22005e2f4
BLAKE2b-256 aba5e36649afd2df822e1f81b9ea98776e62480bd369e8989c6fd4a56fd63f19

See more details on using hashes here.

File details

Details for the file vda_witness-0.1.1-py3-none-any.whl.

File metadata

  • Download URL: vda_witness-0.1.1-py3-none-any.whl
  • Upload date:
  • Size: 9.2 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.12.10

File hashes

Hashes for vda_witness-0.1.1-py3-none-any.whl
Algorithm Hash digest
SHA256 2db49989fbd829debe3325525200276b693c9aa5e58af36aa9572215567b7813
MD5 1664aa669f5983d1d0c32e3fa04bcb1c
BLAKE2b-256 596152682cb0e3ec319991b4c15c154251bbefb87c278aae28e6f10c1ffc9e44

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page