OpenA2A: CLI · HackMyAgent · Secretless · AIM · Browser Guard · DVAA
An open standard for verifiable trust assertions about AI agents. The agent-specific credential format defined by ATP is the Agent Trust eXtension (ATX).
ATP enables any party to answer "Should I trust this agent?" with a cryptographically verifiable, auditable, and decentralized response.
# Query an agent's trust proof (returns hybrid Ed25519 + ML-DSA-65 signed proof)
curl "https://api.oa2a.org/api/v1/trust/proof?did=did:opena2a:mcp_server:@modelcontextprotocol/server-filesystem" \
| jq '.proof' > proof.json
# Verify the proof against the issuer (returns {"valid":true,...})
curl -X POST https://api.oa2a.org/api/v1/trust/verify \
-H "Content-Type: application/json" \
-d @proof.json
# Discover the trust authority (current endpoint; will migrate to /.well-known/atp)
curl https://api.oa2a.org/.well-known/opena2aATP-SPEC.md — the full protocol specification (v1.0.0-rc1).
| Level | Name | What It Means |
|---|---|---|
| 1 | Basic Trust | DID + signed proofs. Single authority. |
| 2 | Auditable Trust | + transparency log. Tamper-evident. |
| 3 | Decentralized Trust | + federation consensus. Multi-authority. |
The Agent Trust eXtension (ATX) is the credential format defined by ATP for AI agents specifically. ATX builds on the base ATP trust proof and adds agent-specific claims that generic credential formats do not encode.
| Field | Status | Description |
|---|---|---|
| did, trustLevel, trustScore, verdict, issuedAt, expiresAt, issuerDid, signatures | Shipped (v1.0.0-rc1) | Base trust proof. See examples/. |
| capabilities | Proposed (v1.1) | Declared capability set the agent is authorized to perform. |
| buildAttestation | Proposed (v1.1) | SLSA-compatible build provenance digest. |
| behavioralProfile | Proposed (v1.1) | Observed behavior baseline. Checksum and observation window. |
| scanSummary | Proposed (v1.1) | HackMyAgent and equivalent scanner results at issuance time. |
DIDs answer who an agent is. ATX answers what the agent is authorized to do, what its provenance is, what its observed behavior looks like, and what scanners have verified it. The W3C Verifiable Credentials Data Model 2.0 supports the issuer, subject, and claims pattern. ATX uses that pattern with agent-specific claims tuned for short TTLs, behavioral attestation, and continuous re-verification.
ATX is the credential primitive the agent internet needs. ATP is the protocol that defines it.
ATP is designed to complement:
- Google A2A Protocol: trust proof in agent cards
- SLSA: provenance level factors into trust score
- Sigstore: keyless co-signing of trust proofs
- Certificate Transparency (RFC 6962): compatible log structure
- W3C DID Core: agent identifiers
- W3C Verifiable Credentials Data Model 2.0: ATX is structurally compatible
The OpenA2A Registry implements ATP at Level 2 conformance. The reference trust authority is live at api.oa2a.org.
Verified working request and response (April 2026):
curl "https://api.oa2a.org/api/v1/trust/proof?did=did:opena2a:mcp_server:@modelcontextprotocol/server-filesystem"Returns a hybrid Ed25519 plus ML-DSA-65 signed trust proof:
{
"algorithm": "ed25519",
"proof": {
"did": "did:opena2a:mcp_server:@modelcontextprotocol/server-filesystem",
"trustLevel": 2,
"trustScore": 0.7432,
"verdict": "listed",
"issuedAt": "2026-04-28T13:32:11Z",
"expiresAt": "2026-04-29T13:32:11Z",
"issuerDid": "did:opena2a:registry:opena2a.org",
"signatures": [
{ "keyVersion": 1, "algorithm": "ed25519", "value": "..." },
{ "keyVersion": 0, "algorithm": "ml-dsa-65", "value": "..." }
]
},
"publicKey": "..."
}The proof carries both an Ed25519 signature for fast local verification today and an ML-DSA-65 signature (FIPS 204, post-quantum) for forward compatibility. Local verification requires no further network calls.
- AIP (Agent Identity Protocol) — identity + capabilities
- OASB (Open Agent Security Benchmark) — security controls
Apache-2.0