AttestProto is a per-tool-call attestation layer for AI agents. Ed25519-signed, schema-validated, and auto-mapped to the regulations your auditors actually cite.
Same protocol, three landing strategies. Pick yours.
Skip the data-plumbing. Vendors emit signed evidence in the exact shape your selection-rate and impact-ratio computation needs.
Per-decision attestation maps to Reg B §1002.9 specific-reasons disclosure + 30-day adverse-action notice automatically.
Article 12 logs + Article 19 conformity assessment evidence, signed and exportable. Free tier for SMBs under 250 staff.
Audit infrastructure is hand-rolled per engagement. 40-60% of an audit fee is engineer time on data plumbing — not the actual statistical analysis customers are paying for.
Compliance VPs at lending fintechs spend 0.5-1 FTE rebuilding adverse-action notice paperwork that should be derivable from the decision itself.
Every tool call your agent makes is canonicalised (RFC 8785 JCS), Ed25519-signed, and schema-validated. The attestation JSON is the evidence — auto-mappable to the rule citations your regulator inspects.
MIT licence. Self-hosted. No callhome. Your data never leaves your infrastructure.
v0.1.1 ships cross-language reference implementations, the compliance auto-mapping engine wired to six regulatory frameworks, and the FCRA/ECOA adverse-action notice generator. MIT-licensed reference impl; CC0 spec.
ARIA Protocol, on-chain ERC-8004, and the LLM-eval SaaS players each cover a slice. AttestProto is the slice that maps regulator-cited rules to per-decision evidence — without putting your data on a public chain or behind a vendor account.
| AttestProto | ARIA Protocol | ERC-8004 (on-chain) | LLM eval SaaS (Patronus / Galileo / Arize) | |
|---|---|---|---|---|
| Per-tool-call Ed25519 signature | Yes — RFC 8785 JCS canonical | Per-agent only, no per-call | On-chain TXs (gas required) | Run-level only (post-hoc) |
| Self-hosted with no callhome | Yes — MIT, fork the binary | Foundation-hosted ledger | Public chain (data on-chain) | SaaS (your data leaves) |
| Compliance auto-mapping engine | EU AI Act + LL144 + FCRA + ECOA + GDPR + CO AI Act | Generic governance only | None (chain primitive) | Subset (model eval only) |
| Adverse-action notice generator (FCRA / ECOA) | CLI + library (v0.1.1) | Not in scope | Not in scope | Not in scope |
| Multi-protocol bridge (read foreign attestations) | ARIA + ERC-8004 + Google AP2 | ARIA-native only | On-chain only | Closed format |
| In-browser sign + verify (no install) | Live demo widget on landing | No browser path | Wallet required | Account required |
| License model | Spec CC0 · Code MIT | Foundation-controlled | EIP open spec, chain costs apply | Closed-source SaaS |
| Cost at 10k attestations / month | Self-host: $0 infra. Cloud Pro: $50-300/mo | Foundation pricing TBD | ~$5-50k in gas (Ethereum) | $200-2,000+/mo per seat |
| Time to first signed attestation | < 30 seconds (`pip install + attestproto demo`) | Account setup + key onboard | Wallet + gas + tooling | Account + integration |
Twenty rule mappings shipped at v0.1, growing per release. Filter by niche or search for a specific citation — the field that satisfies it is one column away.
| Framework | Citation | Requirement | AttestProto field that satisfies it | |
|---|---|---|---|---|
| EU AI ActEU AI Act | Article 12 § 1 | Automatic logging of events over the lifetime of the system | attestation.timestamps + attestation.signature | ● mapped |
| EU AI ActEU AI Act | Article 12 § 2(a) | Recording the period of each use of the system | attestation.timestamps.task_started → task_completed | ● mapped |
| EU AI ActEU AI Act | Article 19 § 1 | Conformity assessment evidence pre-market | export bundle (signed archive, DPIA-ready) | ● mapped |
| EU AI ActEU AI Act | Article 13 | Transparency to users | attestation.agent + attestation.task | ● mapped |
| LL144NYC LL144 | § 20-870 | Independent bias audit (selection-rate + impact-ratio) | compliance.map(rule=nyc-ll144) → selection-rate.json | ● mapped |
| LL144NYC LL144 | § 20-871(a) | Bias audit within one year prior to AEDT use | attestation.timestamps + audit.bundle.signature | ● mapped |
| LL144NYC LL144 | § 20-871(b) | Notify employer ≥10 business days before use | audit.notice (workflow output) | ◐ partial |
| LL144NYC LL144 | § 20-872(a) | Public summary of bias-audit results | compliance.map(--public) → public-summary.json | ● mapped |
| LendingFCRA | § 1681m | Adverse action notice with specific reasons | attestation.output + compliance.specific_reasons | ● mapped |
| LendingECOA Reg B | § 1002.9(a) | Written notice within 30 days | attestation.timestamps.attestation_emitted (anchor for SLA) | ● mapped |
| LendingECOA Reg B | § 1002.9(b)(2) | Statement of specific reasons for action taken | attestation.output.factors + compliance.specific_reasons | ● mapped |
| LendingCFPB Circ. 2022-03 | — | AI/ML noncompliance with ECOA cannot be excused by tech complexity | compliance.specific_reasons (forces concreteness) | ● mapped |
| LendingCFPB Circ. 2023-03 | — | Reaffirms specific-reasons requirement on AI scoring | same as 2022-03 | ● mapped |
| LendingCFPB Circ. 2024-04 | — | Extends scrutiny to alternative-data lending | compliance.specific_reasons + attestation.input.factors | ● mapped |
| Cross-cuttingGDPR | Article 22 § 1 | Right not to be subject to solely automated decision | attestation.output.human_review + audit trail | ● mapped |
| Cross-cuttingGDPR | Article 22 § 3 | Right to obtain human intervention + contest decision | compliance.human_review_pathway | ● mapped |
| Cross-cuttingColorado AI Act | § 6-1-1701 | High-risk AI consumer disclosure + appeal | compliance.consumer_disclosure | ● mapped |
| Cross-cuttingSOC 2 | CC7.1 | Detection and response control evidence | attestation envelope (signature + timestamps) | ● mapped |
| Cross-cuttingISO 42001 | Clause 7.4 | Documented information communication | audit.bundle (Annex IV technical documentation) | ● mapped |
| Cross-cuttingISO 42001 | Clause 9.2 | Internal audit evidence base | attestation ledger + Merkle batch root | ● mapped |
v0.1 is shipping. Reference implementations in Python and Node. 162 tests. Spec under MIT.