open protocol · live substrate

Verifiable agent actions.

Every action becomes signed context for the next.

Wrap an agent or its MCP tools once. From then on, every action is signed into a context graph: who acted, what evidence mattered, and what the next agent should build on.
Then verify it from the public log.

Watch the demo Explore the log Get started View on GitHub

install

pnpm add @atrib/mcp

server.ts

import { atrib } from "@atrib/mcp"

server.use(atrib())

Agent systems already produce chats, traces, logs, and memory writes. What they rarely produce is a past another agent can prove and use: who signed the action, what evidence mattered, what changed, and which prior belief was superseded.

server.use(atrib()) adds that evidence without changing the primary path. Each action becomes a signed receipt inside a graph that grows and evolves. Recall, audit, handoff, and settlement can read from the same verified chain instead of four disconnected logs.

The layer

One layer, three primitives,
a context graph.

atrib sits between the agents that act and the systems that read those actions.

Everything on the top plugs in through one package.

Everything on the bottom becomes context for the next pass.

Inputs

@atrib/agent + @atrib/mcp. Install either, the other, or both.

Agent

makes tool calls, reads the chain

@atrib/agent

Tool / Creator

fulfills calls, signs responses

@atrib/mcp

Agent

@atrib/agent

makes tool calls, reads the chain

Tool / Creator

@atrib/mcp

fulfills calls, signs responses

atribthe layer

protocol · apache 2.0

Signature

Every action, provably authored. Ed25519 over canonical JSON.

Chain

Every action, linked to what caused it. A causal graph, by construction.

Receipt

Every chain, readable by anyone. Verified through receipts, traces, annotations, and revisions.

The cycle

Handoffs

The next agent starts from verified context, not memory drift.

Audit

Teams can replay which evidence changed a decision.

Improvement

Corrections become signed context for future work.

loops

Handoffs

The next agent starts from verified context, not memory drift.

Audit

Teams can replay which evidence changed a decision.

Improvement

Corrections become signed context for future work.

loops back

Receipts flow out, settle, audit, and return as the next trace. The loop closes by itself. You didn't write a single line to make that happen.

The surface

One wrapper line. Every action becomes context.

6 agent frameworks · 6 payment protocols detected · 36 paths from action to receipt.

ACP

UCP

x402

MPP

AP2

a2a-x402

MCP

Claude Agent SDK

Cloudflare Agents

Vercel AI SDK

LangChain

Mastra

New frameworks and protocols ship as additive detectors. The signed context graph keeps the same verifier path.

Builds on

ed25519

sha-256

rfc 6962

jcs

c2sp

opentelemetry

Each of these is open and standard. atrib wires them into signed context records that agents and people can verify.

The full chain

01Ed25519 signature (RFC 8032) over JCS-canonicalized JSON (RFC 8785).
02Record hash committed to an append-only Merkle log (RFC 6962).
03Log served via C2SP tlog-tiles, state signed as C2SP tlog-checkpoints.
04Each record bound to the agent's OpenTelemetry trace via its W3C Trace Context trace-id.

Verifying a record means checking the signature, the Merkle inclusion proof, and the checkpoint signature.

Why you can build on it

Context you don't have to trust us for.

01
Verifier-first
Check the signature, inclusion proof, and checkpoint outside atrib.
02
Standard primitives
Ed25519, SHA-256, JCS, RFC 6962, C2SP checkpoints, and OpenTelemetry trace context.
03
Composable adoption
Use agent middleware, an MCP wrapper, OpenTelemetry spans, or cognitive primitives.
04
Self-hostable
Apache 2.0. Run your own log; the verifier still has the same job.

Start in a minute

Install the package, add the middleware, then inspect the signed context graph in the explorer.