AgentVeil Protocol
Trust, identity, and reputation infrastructure for AI agents. Register agents with W3C DID (Ed25519), check EigenTrust reputation scores, submit peer attestations, search agents by capability, and verify IPFS-anchored audit trails. 11 tools.
README
agentveil
Python SDK for Agent Veil Protocol — trust enforcement for autonomous agents.
PyPI: agentveil | API: agentveil.dev | Network: Live Network
Why agent trust infrastructure matters — verified CVEs, market data, and the structural problem AVP addresses.
Open-source contribution merged into Microsoft Agent Governance Toolkit — AVPProvider added as a TrustProvider implementation (PR #1010, merged upstream).
Paper: Boiko, O. (2026). Why AI Agent Reputation Needs Both Link Analysis and Flow-Based Gating. Zenodo.
<p align="center"> <img src="docs/demo.gif" alt="AVP SDK Demo — trust check, action, signal change, alert, offline proof" width="720"> </p>
Full end-to-end walkthrough:
examples/proof_pack/— annotated example of the complete arc: trust check → delegation → signal change → alert → offline-verifiable proof. Requires a local AVP backend.
from agentveil import AVPAgent
agent = AVPAgent.load("https://agentveil.dev", "my-agent")
# Should I trust this agent with my task?
decision = agent.can_trust("did:key:z6Mk...", min_tier="trusted")
if decision["allowed"]:
delegate_task()
# → {"allowed": true, "tier": "trusted", "risk_level": "low", "reason": "..."}
Install
pip install agentveil
Quick Start
Trust decision — one call
from agentveil import AVPAgent
agent = AVPAgent.load("https://agentveil.dev", "my-agent")
decision = agent.can_trust("did:key:z6Mk...", min_tier="trusted")
print(decision["allowed"], decision["reason"])
Auto-track with decorator
from agentveil import avp_tracked
@avp_tracked("https://agentveil.dev", name="reviewer", to_did="did:key:z6Mk...")
def review_code(pr_url: str) -> str:
return analysis
# Success → positive attestation | Exception → negative attestation
# First call → auto-registers agent + publishes card
Try without a server
agent = AVPAgent.create(mock=True, name="test_agent")
agent.register(display_name="Test Agent")
rep = agent.get_reputation()
print(rep) # Works offline — real crypto, mocked HTTP
Verify trust offline — no SDK required
# Get a W3C Verifiable Credential (VC v2.0)
curl https://agentveil.dev/v1/reputation/{agent_did}/credential?format=w3c
The response is a standard W3C VC with a DataIntegrityProof (eddsa-jcs-2022). Verify it with any VC library — Veramo, SpruceID, Digital Bazaar, or your own Ed25519 implementation. No AVP SDK needed.
# Or verify with the SDK:
cred = agent.get_reputation_credential(format="w3c")
assert AVPAgent.verify_w3c_credential(cred) # offline, no API call
Features
- Trust Check —
can_trust()— one-call advisory trust decision: score + tier + risk + explanation - W3C VC v2.0 Credentials — Trust credentials are W3C Verifiable Credentials compliant (
eddsa-jcs-2022Data Integrity proof). Verify offline with any standard VC library, no AVP SDK required - One-Line Decorator —
@avp_tracked()— auto-register, auto-attest, auto-protect - DID Identity — W3C
did:key(Ed25519). Portable agent identity - Reputation — Peer-attested scoring with Bayesian confidence. Sybil-resistant
- Attestations — Signed peer-to-peer ratings. Negative ratings require SHA-256 evidence. Score updates immediately
- Dispute Protection — Contest unfair ratings. Auto-assigned arbitrator from verified pool
- Agent Discovery — Publish capabilities, find agents by skill and reputation
- Webhook Alerts — Push notifications on score drops (setup guide)
- Sybil Resistance — Multi-layer graph analysis blocks fake agent rings
- Trust Gate — Reputation-based rate limiting (newcomer → basic → trusted → elite)
Integrations
| Framework | Install | Quick Start |
|---|---|---|
| Any Python | pip install agentveil |
@avp_tracked() or AVPAgent directly |
| CrewAI | pip install agentveil crewai |
tools=[AVPReputationTool(), AVPDelegationTool()] |
| LangGraph | pip install agentveil langgraph |
ToolNode([avp_check_reputation, avp_should_delegate]) |
| AutoGen | pip install agentveil autogen-core |
tools=avp_reputation_tools() |
| OpenAI | pip install agentveil openai |
tools=avp_tool_definitions() |
| Claude | pip install 'agentveil[mcp]' |
agentveil-mcp — MCP server, docs |
| Hermes | pip install 'agentveil[mcp]' |
agentveil-mcp + agentskills.io skill |
| Paperclip | pip install agentveil |
avp_should_delegate() + avp_evaluate_team() |
| AWS Bedrock | pip install agentveil boto3 |
Converse API with AVP trust tools |
| AgentMesh (MS AGT) | pip install agentmesh-avp |
TrustEngine(external_providers=[AVPProvider()]) |
Full integration guides: docs/INTEGRATIONS.md
Batch Attestations
Submit up to 50 attestations in a single request. Each is validated independently — partial success is possible.
results = agent.attest_batch([
{"to_did": "did:key:z6MkAgent1...", "outcome": "positive", "weight": 0.9, "context": "code_review"},
{"to_did": "did:key:z6MkAgent2...", "outcome": "negative", "weight": 0.7, "evidence_hash": "sha256hex..."},
{"to_did": "did:key:z6MkAgent3...", "outcome": "positive"},
])
print(results["succeeded"], results["failed"]) # 3, 0
Each attestation is individually signed with Ed25519. Optional fields: context, evidence_hash, is_private, interaction_id.
Security
- Ed25519 signature authentication with nonce anti-replay
- Input validation — injection detection, PII scanning
- Agent suspension — compromised agents instantly blocked
- Audit trail — SHA-256 hash-chained log, anchored to IPFS
Documentation
| Doc | Description |
|---|---|
| API Reference | Full SDK method reference with examples |
| Integrations | Framework-specific setup guides |
| Webhook Alerts | Push notification setup |
| Protocol Spec | Wire format and authentication |
| Security Context | Why agent trust matters — CVEs and market data |
| Changelog | Version history |
Examples
| Example | Description |
|---|---|
proof_pack/ |
End-to-end walkthrough — trust check → delegation → signal change → alert → offline-verifiable proof. Local backend required. |
standalone_demo.py |
No server needed — full SDK demo with mock mode |
quickstart.py |
Register, publish card, check reputation |
two_agents.py |
Full A2A interaction with attestations |
verify_credential_standalone.py |
Offline credential verification (no SDK needed) |
Framework examples: CrewAI · LangGraph · AutoGen · OpenAI · Claude MCP · Paperclip
License
MIT — see LICENSE.
Recommended Servers
playwright-mcp
A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.
Magic Component Platform (MCP)
An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.
Audiense Insights MCP Server
Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.
VeyraX MCP
Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.
graphlit-mcp-server
The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.
Kagi MCP Server
An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.
E2B
Using MCP to run code via e2b.
Neon Database
MCP server for interacting with Neon Management API and databases
Qdrant Server
This repository is an example of how to create a MCP server for Qdrant, a vector search engine.
Exa Search
A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.