Open-source SDK that signs every agent step. Hourly Merkle commitments, RFC 3161 timestamps, claim packs you can hand to an underwriter or a court. Verifiable offline — no expert witness, no hardware vendor in the trust chain.
Every cryptographic primitive is battle-tested IETF / NIST. The differentiation is architectural — what the evidence chain doesn't depend on.
The verifier is Apache 2.0. Your team, your auditor, the opposing party in a dispute can all run the same code and reach the same conclusion. No "trust us, the binary says VERIFIED" black box. No expert witness required to explain hardware attestation chains.
Claim packs verify without internet — no callbacks to AgentSig infrastructure, no calls to third-party attestation services. Sealed evidence in three years still verifies the same way. One CLI command runs eight independent cryptographic checks.
DID-based identity (W3C did:web) — your domain is the trust root, not a US certificate authority. Runs on any cloud or on-prem; no TEE silicon required. EU-friendly anchoring options for DORA / Schrems III conscious deployments.
Three commands produce a court-admissible claim pack and verify it offline. The output below is a real run — Ed25519 signatures, RFC 3161 timestamp from a public TSA, Merkle inclusion proofs, all checked.
Every primitive is IETF or NIST. Every choice is what auditors and regulators already accept as evidence.
Not a generic developer tool. AgentSig produces evidence in formats already accepted by insurance underwriting, regulatory audits, and civil dispute resolution.
30-minute walkthrough. Working claim pack on a real agent workload. Your team runs the open verifier. If it doesn't help your audit or claim-adjudication workflow, we walk away — no contract, no cost.