Prove what your agent did. Don't just claim it.
An open standard for verifiable execution provenance: a portable, tamper-evident record of what an agent did, in what order, and under what governance. Anyone can verify it without trusting you or your host. Here is a real one. Check it yourself, right now, in this tab.
run/conformance3COSE_Sign1 · Ed25519provetrail-conformance-root
This runs the real provetrail npm package, its COSE_Sign1 + RFC 6962 Merkle checks, entirely client-side. Governance and ground-truth (the L4 tiers) are checked by the full Go verifier, flynn spine verify. Don't trust this page? Download the record and verify it yourself.
Signed is not the same as proven
Plenty of systems can hand you a signed log. A signature only says these bytes are mine. It says nothing about whether the work was real. Provetrail is built so a stranger’s machine can check the claim instead of taking your word for it:
- Integrity. The events rebuild a signed Merkle root (RFC 6962). Change one byte and the proof breaks, as above.
- Governance. Every side-effecting action has a matching admission, so no action ran without authorization.
- Ground truth. A claimed success is bound to a check that actually passed. A record that says “done” with nothing behind it is rejected, not trusted.
Where it fits
Provetrail is a sibling to the standards you already know, not a rival:
| Standard | Answers |
|---|---|
| C2PA | Is this content AI-generated, and by whom? |
| MCP | How does an agent connect to tools? |
| A2A | How do agents talk to each other? |
| Provetrail | What did the agent do, provably? |
The reference runtime is Flynn (Go); the verifier ships in every language as a thin client. One engine, many verifiers, one conformance suite.