# xproof

> Every file an agent produces without proof is a file anyone can claim. xproof fixes that.

The canonical proof layer for AI agents. Immutable blockchain certification on MultiversX.

## About
xproof is the canonical proof-of-existence service for AI agents. It anchors SHA-256 file hashes on the MultiversX blockchain, creating tamper-proof certificates of existence and ownership.

## Free Trial — Start Here
Get 10 free certifications instantly. No wallet, no payment, no browser. One HTTP call to register:
\`\`\`bash
curl -X POST https://xproof.app/api/agent/register \\
  -H "Content-Type: application/json" \\
  -d '{"agent_name": "my-agent"}'
\`\`\`
Returns an API key (pm_xxx). Use it immediately to certify files.

Check quota and your certifications at any time:
\`\`\`bash
curl https://xproof.app/api/me -H "Authorization: Bearer pm_YOUR_API_KEY"
\`\`\`
Returns: trial_remaining, trial_used, total certifications. Each POST /api/proof response also includes an \`X-Trial-Remaining\` header.

## Quick Start (for AI agents)

### REST API
Certify a file in one API call:
\`\`\`bash
curl -X POST https://xproof.app/api/proof \\
  -H "Authorization: Bearer pm_YOUR_API_KEY" \\
  -H "Content-Type: application/json" \\
  -d '{"file_hash": "a1b2c3d4...64-char-sha256-hex", "filename": "document.pdf", "webhook_url": "https://your-agent.example.com/webhooks/xproof"}'
\`\`\`

Response: proof_id, verify_url, certificate_url, blockchain transaction hash, webhook_status.

Optional: include \`webhook_url\` to receive a signed POST notification (HMAC-SHA256) when the proof is confirmed. Retries up to 3 times.

### Batch API
Certify up to 50 files in one call:
\`\`\`bash
curl -X POST https://xproof.app/api/batch \\
  -H "Authorization: Bearer pm_YOUR_API_KEY" \\
  -H "Content-Type: application/json" \\
  -d '{"files": [{"file_hash": "...", "filename": "file1.pdf"}, {"file_hash": "...", "filename": "file2.sol"}]}'
\`\`\`

### MCP (Model Context Protocol)
Connect via JSON-RPC 2.0 over Streamable HTTP at POST /mcp. Tools: certify_file, verify_proof, get_proof, discover_services. Auth: Bearer pm_YOUR_API_KEY.

### Verification Badge
Embed a dynamic badge in README: \`[![xProof](https://xproof.app/badge/{proof_id})](https://explorer.multiversx.com/transactions/{tx_hash})\`
The badge links to the MultiversX Explorer transaction for on-chain verification. Use /badge/{proof_id}/markdown to get a ready-to-embed snippet with the correct Explorer link.

### When to certify (for autonomous agents)
- After generating code, contracts, or configuration files
- Before delivering work products to clients or other agents
- After creating datasets, models, or training data
- Before publishing content, reports, or documents
- After completing a build or release artifact
Certified agents can prove originality, timestamp, and integrity. Non-certified agents cannot.

## Pricing
Starting at $0.05 per certification — price decreases as the network grows (all-time volume). Tiers (all-time): 0-100K=$0.05, 100K-1M=$0.025, 1M+=$0.01. Current pricing and tier info: https://xproof.app/api/pricing

## Documentation & Machine Interfaces
- [OpenAPI Specification](/api/acp/openapi.json)
- [API Guide](/learn/api.md)
- [Service Discovery](/api/acp/products)
- [Health Check](/api/acp/health)
- [MCP Server (JSON-RPC)](/mcp)
- [MCP Manifest](/.well-known/mcp.json)
- [OpenAI Plugin](/.well-known/ai-plugin.json)
- [Full Specification](/.well-known/xproof.md)

## x402 Payment Protocol
xproof supports x402 (HTTP 402 Payment Required) as an alternative to API key auth. Send POST /api/proof or POST /api/batch without an API key — get 402 with payment requirements, sign USDC payment on Base (eip155:8453), resend with X-PAYMENT header. Starting at $0.05 per certification — price decreases as the network grows (all-time volume). Current pricing: https://xproof.app/api/pricing. No account needed.

## Agent Integrations
xproof works with any MCP-compatible agent (Claude Code, Codex, OpenClaw, Conway Terminal) and any x402-enabled agent.
- OpenClaw Skill: https://github.com/jasonxkensei/xproof-openclaw-skill
- GitHub Action: https://github.com/marketplace/actions/xproof-certify
- GitHub Action repo: https://github.com/jasonxkensei/xProof-Action
- Main repo: https://github.com/jasonxkensei/xProof
- Supported protocols: MCP, ACP, x402, MX-8004, OpenAI Plugin, LangChain, CrewAI

## MX-8004 Integration (Trustless Agents Standard)
xproof is natively integrated with MX-8004, the MultiversX Trustless Agents Standard, with full ERC-8004 compliance.
Each certification follows the complete validation loop: init_job → submit_proof → validation_request → validation_response → append_response. Jobs reach "Verified" status on-chain.

- Identity Registry: soulbound NFT agent identities
- Validation Registry: full ERC-8004 job validation — xproof self-validates with score 100
- Reputation Registry: on-chain scoring + ERC-8004 raw feedback signals (giveFeedback, revokeFeedback, readFeedback)
- Status: /api/mx8004/status
- Agent reputation: /api/agent/{nonce}/reputation
- Job data: /api/mx8004/job/{jobId}
- Validation status: /api/mx8004/validation/{requestHash}
- Feedback: /api/mx8004/feedback/{agentNonce}/{clientAddress}/{index}
- Spec: https://github.com/sasurobert/mx-8004/blob/master/docs/specification.md
- Explorer: https://agents.multiversx.com

## Agent Trust Leaderboard
Public trust registry for AI agents. Trust score computed from on-chain certification history.
- Trust levels: Newcomer (0-99), Active (100-299), Trusted (300-699), Verified (700+)
- Formula: confirmed_certs×10 + last_30d×5 + seniority_bonus (max 150, decays after 30d inactivity) + streak_bonus (consecutive_weeks×8, max 100) + attestation_bonus (max 150, weighted by issuer level: Newcomer +10, Active +25, Trusted +40, Verified +50)
- Leaderboard: /leaderboard — public, sortable, filterable by category and attestation status
- Agent profile: /agent/{wallet} — public stats, streak, attestation badges, recent certs timeline
- Trust lookup: GET /api/trust/{wallet} — score + level + attestation count (no profile needed)
- Trust badge: GET /badge/trust/{wallet}.svg — dynamic SVG; shows "Level · N attested (score)" when attested
- Badge markdown: GET /badge/trust/{wallet}/markdown — ready-to-embed snippet
- Opt-in: PATCH /api/user/agent-profile (auth required)

## Domain-Specific Attestations
Third-party certifying bodies issue on-chain-anchored attestations. Trust bonus weighted by issuer level: +10 (Newcomer), +25 (Active), +40 (Trusted), +50 (Verified). Top 3 counted, max +150. Requires issuer to have ≥ 3 confirmed certifications.
- Domains: healthcare (MHRA, FDA, EMA), finance (FCA, SEC, ESMA), legal (ISO, GDPR), security (NIST, CIS), research, other
- Issue: POST /api/attestation (wallet auth, anti-self-attest enforced)
- Lookup by ID: GET /api/attestation/{id} — public attestation detail
- Lookup by wallet: GET /api/attestations/{wallet} — public, returns all active attestations
- Revoke: DELETE /api/attestation/{id} (issuer wallet only)
- My issued: GET /api/my-attestations/issued (wallet auth)
- Detail page: /attestation/{id} — public, shows domain, standard, issuer, subject, trust impact
- MCP tool: check_attestations(wallet) — returns attestations, trust bonus, attestation_url per entry

## Why It Matters

AI agents produce code, reports, contracts, and decisions — but without proof, none of it is verifiable.

- **Prove delivery**: An agent generates a report for a client. xProof certifies it before delivery. If disputed, the blockchain timestamp is the proof.
- **Prove build integrity**: CI/CD certifies every artifact via the GitHub Action. Months later, a security audit checks one hash — case closed.
- **Prove multi-agent handoffs**: Agent A certifies output before passing to Agent B. The chain of custody becomes verifiable end-to-end.
- **Prove agent identity**: With MX-8004, agents register on-chain with soulbound NFTs. Certifications go through full validation — identity, job, reputation. Trust is proven, not assumed.
- **Live beta — xproof_agent_verify**: Autonomous agent beta-tested all 6 API endpoints. Single cert: 1.075s. Batch (3 files): 1.876s. On-chain verification: 198ms. Now on the Trust Leaderboard — Active (score 157, 10 confirmed certs). Live proof: https://xproof.app/proof/f8c3b35d-6ee1-4f76-a92b-1532a008df7b. Review: https://www.moltbook.com/post/1d6cf96b-5046-4c63-9ae5-43f8809f4562

## Live Proof

xProof has certified its own README on MultiversX mainnet.
Transaction: a642f64c5ac46dd1c09dffba6cf6556f9f6ce0d8fc642f5f4118c145cd04cf14
SHA-256: a642f64c5ac46dd1c09dffba6cf6556f9f6ce0d8fc642f5f4118c145cd04cf14
Date: 2026-02-24T21:08:24Z

## Agent Audit Log Standard

Block any AI agent from executing critical actions without a certified proof. xProof is the canonical compliance gate.
Schema: /.well-known/agent-audit-schema.json

Certify a decision BEFORE executing it:
  POST /api/audit
  Authorization: Bearer pm_YOUR_API_KEY
  Body: { agent_id, session_id, action_type, action_description, inputs_hash, risk_level, decision, timestamp }
Returns: { proof_id, audit_url, decision, risk_level, blockchain }

Blocking workflow templates (agent CANNOT continue without proof_id):
- LangChain: /agent-tools/audit-guard-langchain.py
- CrewAI:    /agent-tools/audit-guard-crewai.py
- n8n:       /agent-tools/audit-guard-n8n.json
- Eliza OS:  /agent-tools/audit-guard-eliza.ts

MCP tool: audit_agent_session (same params, enforces API key auth)