04 / ATTEST · Agent attestation & reputation

A flight recorder
for AI agents.

Agents already do real things: they send messages, make payments, decide on someone's behalf. When a dispute starts, there is nothing to point at. Provyn hashes, signs and anchors every meaningful action, so you can prove later what the agent did and when.

Hash + signatureAnchored on-chainPublic verificationGas on usIntegration in an hour

Status: an early-access pilot running on the TAC SPB testnet. Contract, API and verification endpoints below are live and public - you can check every claim on this page yourself.

POST api.provyn.cloud/v1/attestations
// at the moment of a real action const leaf = sha256(canonical(action)); // you hash locally await fetch("https://api.provyn.cloud/v1/attestations", { method: "POST", headers: { Authorization: `Bearer ${KEY}` }, body: JSON.stringify({ agent_did: "did:provyn:your-agent", leaf, // only the hash leaves signature, // agent's key }), }); // the action itself, the prompt and the user data // never leave your servers. We cannot see them.
› two lines in your code pathanchoring is async

The agent's logs are kept
by an interested party.

"The agent bought the wrong thing." "I never authorised that." Today the only record of what happened is a log file held by the operator of the agent - who is also the party being accused. A notary of their own deeds.

Provyn turns that log line into evidence. At the moment of the action, the agent hashes what it did, signs the hash with its own key, and sends only the hash to us. We batch those hashes into a Merkle tree and anchor the root in a public smart contract. From then on the record cannot be edited retroactively - not by the operator, not by the agent, and not by us. Anyone holding the attestation ID can verify inclusion against the chain, without asking us for permission.

The agent's own logsWith Provyn attestation
Who holds the recordthe operator (interested party)a public contract
Can it be edited after the factyes, silentlyno - not even by us
Who can verifyonly the operatoranyone, independently
What the counterparty must dotrust youcheck a Merkle proof
What leaves your serverswhatever you exporta hash and a signature
Reputation basisself-reportedanchored history

Register. Attest. Verify.

Three calls. The blockchain stays out of your way: we run the relayer, we pay the gas, and your code never touches a wallet.

01 · Your agent
The real action
"Book flight LHR→DXB"
user: alice@…
amount: $840
stays on your servers
↓ sha256(canonical)
hash only
02 · Provyn
Batch & anchor
0x069b584cb2ea07f4…
+ agent signature
→ merkle tree
→ root on-chain
gas paid by us
root
03 · Anyone
Independent check
GET /v1/attestations/{id}
→ merkle proof + tx
✓ included in chain
no key, no account
no trust in Provyn
only hashes leave your perimeterrecords are append-onlyverification needs no permissionno wallet in your code
01 / REGISTER

The agent gets an on-chain identity

One call registers a DID for your agent (did:provyn:your-agent) and binds it to your platform. From that point the agent has a stable identity that its attestations and its reputation hang off.

02 / ATTEST

At the moment of a real action, send a signed hash

You canonicalise the action, hash it, sign it with the agent's key, and POST the hash. Not the prompt, not the payload, not the user's data - just sha256 and a signature. We queue it, put it in a Merkle batch and anchor the root.

03 / VERIFY

Anyone checks inclusion and reads the reputation

Two public endpoints, no API key required. One returns the attestation with its Merkle proof and the anchoring transaction; the other returns the agent's score and the signals behind it. That is the whole trust model: don't trust us, check the chain.

Five properties
a log file can't have.

None of these rest on a promise from us. They are consequences of where the record lives and what leaves your servers.

01
Proof, not logs
Once a batch is anchored, the record cannot be rewritten after the fact - by the operator, by the agent, or by us. Immutability is a property of the contract, not of our good behaviour.
02
Verified without trusting us
A Merkle proof checked against a public contract. Anyone can confirm the action was recorded, and we are not a party to that check. If we disappeared, the proofs would still verify.
03
Privacy by construction
Only hashes leave your perimeter. Prompts, payloads and user data never reach our servers - we physically cannot see them, so there is nothing for us to leak or be compelled to hand over.
04
Reputation you can't farm
The score is computed from anchored history, not self-reported activity. The heaviest signal is a counterparty's co-signature - and you cannot issue that on your own.
05
The blockchain is invisible
We run the relayer and pay the gas. No wallet, no tokens, no chain logic in your code. One request, one file, two lines - the integration is an hour of work.
06
Disputes are part of the record
A counterparty can mark an action disputed. The dispute is anchored like everything else and weighs against the agent's score - so the history stays honest in both directions.

Don't take our word.
Check the chain.

This widget calls the public API from your browser - no key, no account, no server of ours in the loop beyond returning the proof. Paste an attestation ID and follow the transaction to the explorer.

Attestation verifier · live
GET api.provyn.cloud/v1/attestations/{id}
› public endpoint, no authentication. Use a sample attestation
Attestation
Agent reputation

› the same two endpoints your counterparty would call. Nothing here is privileged.

The more parties confirmed it,
the higher it counts.

A score built only from your own activity is a score you can farm. So the weights are arranged around one idea: the signals that are hard to fake alone are worth the most.

Counterparty co-signature30%
The other side signed the same action. Impossible to issue on your own - which is exactly why it weighs most.
Signed attestations20%
The agent signed the action with its own key, so the record is bound to that identity.
Volume15%
How much anchored history exists. Cheap to inflate alone, so deliberately capped low.
Counterparty diversity15%
How many distinct parties the agent has dealt with. Punishes talking only to yourself.
Age10%
How long the identity has existed. Time is the one input you cannot buy retroactively.
Platform binding10%
The agent's identity is bound to a known operator platform rather than floating free.
You cannot forge a handshake alone.

Every weight above is chosen against one attack: an operator inflating their own agent's standing. Volume and age are easy to manufacture, so together they are worth a quarter. A co-signature and a diverse set of counterparties require other people to participate - so together they are worth close to half.

The score is recomputed from the anchored history and returned by a public endpoint, alongside the raw signals. You can always see why a number is what it is, rather than being handed a rating.

disputes count against the score

Everything here
is checkable right now.

The contract is deployed, the API answers, the endpoints below need no key. This is a testnet pilot, and we would rather say so than dress it up.

StageEarly access · testnet pilot. Not production. Access keys are issued manually.
NetworkTAC SPB Testnet · chain ID 2391
ContractProvynAttestationRegistry
0xFa0f9a36473FCA38406dEf81ae06339A3389B412
APIhttps://api.provyn.cloud
Public endpointsGET /v1/attestations/{id} → status, tx, Merkle proof
GET /v1/agents/{did}/reputation → score and signals
Both without an API key - by design.
What we receiveA hash and a signature. Never the action, the prompt or user data.
AnchoringMerkle batches; the root is written on-chain by our relayer
IdentityDID per agent, bound to an operator platform
GasPaid by Provyn. No wallet or tokens on your side.
IntegrationRegister once, then one POST per action. About an hour of work.
Not this productThis layer is anchoring - hash, signature, immutability. Zero-knowledge proofs are a separate Provyn product; we do not conflate the two.
curl · public verification
# no key, no account - try it in a terminal curl https://api.provyn.cloud/v1/attestations/att_… # → { "status": "anchored", "leaf": "0x069b584cb2ea…", "merkle_proof": [ /* … */ ], "tx_hash": "0x07de35d4ef3e…", "block_number": "22475715", "chain_id": "tac" } # follow tx_hash to the explorer and the # root is there, written by the contract. # We are not needed for that step.

Common questions.

If yours isn't here, email sales@provyn.cloud.

Do you see our prompts or our users' data?

No, and that's structural rather than a policy. Your side computes sha256 over the canonical form of the action and sends us the hash plus a signature. The action itself never crosses the boundary. We could not show you a prompt if you asked us to, because we never had it.

Can you alter or delete a record if someone leans on you?

Not once it's anchored. The Merkle root is in a public contract on a chain we don't control. We could stop accepting new attestations, but we cannot rewrite the ones already there - which is the entire point of putting them outside our own database.

Do we need a wallet, tokens, or any chain knowledge?

No. Our relayer holds the wallet and pays the gas. Your code makes an HTTPS request with a bearer key, exactly like any other API. The chain is an implementation detail of durability - if it were replaced tomorrow, your integration wouldn't change.

Is this zero-knowledge?

No, and we're careful about this. This layer is anchoring: a hash, a signature, and immutability. It proves that an action was recorded at a point in time - it does not prove statements about hidden data. That is ZK Validation, a separate Provyn product. Mixing the two words would be misleading.

What is actually running today?

An early-access pilot on the TAC SPB testnet. The registry contract is deployed, the relayer is anchoring batches, and the public verification endpoints work - you can confirm all of it from this page. We're not claiming production status or announcing mainnet dates, because neither is decided.

How does a counterparty co-sign an action?

The other party signs the same canonical action hash with their own key and submits it against the attestation. Because both signatures cover the identical leaf, agreement is verifiable by anyone later. This is the signal that carries the most weight in the reputation score, precisely because one side cannot produce it alone.

How do we get access?

Keys are issued by hand at this stage - there's no self-service signup for attestation yet. Use the form below and tell us roughly what your agent does; we'll send a key and a quickstart.

Get a key for the pilot.

Tell us what your agent does and we'll send an access key and a quickstart. Keys are issued manually while this is in early access - so a human reads every request, and you get a straight answer about whether it fits.

sales@provyn.cloudTestnet pilot · TAC SPB
Request access · Attestation
Your data is protected
We reply within one business day. Your data is processed in accordance with GDPR.
PROVYN
© 2026 Provyn · Fan Labs Inc. · PII infrastructure