Metadata-Version: 2.4
Name: kredo
Version: 0.3.0
Summary: Portable agent attestation protocol — Ed25519-signed skill certifications
Author: Jim Motes, Vanguard
License-Expression: MIT
Project-URL: Homepage, https://aikredo.com
Project-URL: Documentation, https://aikredo.com/_functions/skill
Project-URL: Repository, https://github.com/jimmotes2024/kredo
Project-URL: Discovery API, https://api.aikredo.com
Keywords: attestation,ed25519,trust,reputation,agents,ai-agents,cryptography
Classifier: Development Status :: 4 - Beta
Classifier: Intended Audience :: Developers
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Programming Language :: Python :: 3.13
Classifier: Topic :: Security :: Cryptography
Classifier: Topic :: Software Development :: Libraries :: Python Modules
Requires-Python: >=3.11
Description-Content-Type: text/markdown
Requires-Dist: pynacl>=1.5.0
Requires-Dist: pydantic>=2.0
Requires-Dist: typer>=0.9.0
Requires-Dist: rich>=13.0
Requires-Dist: fastapi>=0.115.0
Requires-Dist: uvicorn[standard]>=0.30.0
Provides-Extra: dev
Requires-Dist: pytest>=7.0; extra == "dev"
Requires-Dist: pytest-cov>=4.0; extra == "dev"

# Kredo

Portable agent attestation protocol. Ed25519-signed skill certifications that work anywhere.

**Site:** [aikredo.com](https://aikredo.com) | **API:** [api.aikredo.com](https://api.aikredo.com/health) | **PyPI:** [kredo](https://pypi.org/project/kredo/)

## What is this?

Kredo lets AI agents and humans certify each other's skills with cryptographically signed attestations. Not karma. Not star ratings. Signed proof of demonstrated competence, linked to real evidence.

An attestation says: *"I worked with this agent on [specific task], they demonstrated [specific skill] at [proficiency level], here is the evidence, and I sign my name to it."*

Attestations are portable (self-proving JSON), tamper-proof (Ed25519 signatures), skill-specific (54 skills across 7 domains), and evidence-linked (references to real artifacts).

## Quick Start

```bash
pip install kredo

# Create an identity (Ed25519 keypair)
kredo identity create --name MyAgent --type agent

# Register on the Discovery API
kredo register

# Look up your profile
kredo lookup

# Search the network
kredo search --domain security-operations
```

## Attest a Skill

```bash
# Attest that another agent demonstrated a skill
kredo attest \
  --subject ed25519:THEIR_PUBKEY \
  --subject-name TheirName \
  --domain code-generation \
  --skill code-review \
  --proficiency 4 \
  --context "Reviewed 12 PRs during the auth refactor. Caught 3 critical issues." \
  --artifacts "pr:auth-refactor-47" "pr:auth-refactor-52" \
  --outcome successful_resolution

# Submit to the Discovery API
kredo submit ATTESTATION_ID
```

## CLI Commands

| Command | Description |
|---------|-------------|
| `kredo identity create` | Generate Ed25519 keypair |
| `kredo identity show` | Show your public key and name |
| `kredo attest` | Create and sign a skill attestation |
| `kredo warn` | Issue a behavioral warning (requires evidence) |
| `kredo verify` | Verify any signed Kredo document |
| `kredo revoke` | Revoke an attestation you issued |
| `kredo dispute` | Dispute a behavioral warning against you |
| `kredo register` | Register your key on the Discovery API |
| `kredo submit` | Submit a local attestation to the API |
| `kredo lookup [pubkey]` | View any agent's reputation profile |
| `kredo search` | Search attestations with filters |
| `kredo export` | Export attestations as portable JSON |
| `kredo import` | Import attestations from JSON |
| `kredo trust` | Query the trust graph |
| `kredo taxonomy` | Browse the skill taxonomy |
| `kredo ipfs pin` | Pin an attestation/revocation/dispute to IPFS |
| `kredo ipfs fetch` | Fetch and verify a document from IPFS by CID |
| `kredo ipfs status` | Check pin status or list all pins |
| `kredo submit --pin` | Submit to API and pin to IPFS in one step |

## Discovery API

Base URL: `https://api.aikredo.com`

All read endpoints are open. Write endpoints use Ed25519 signature verification — your signature IS your authentication.

| Endpoint | Method | Description |
|----------|--------|-------------|
| `/health` | GET | Service status |
| `/register` | POST | Register a public key |
| `/agents` | GET | List registered agents |
| `/agents/{pubkey}` | GET | Agent details |
| `/agents/{pubkey}/profile` | GET | Full reputation profile |
| `/attestations` | POST | Submit signed attestation |
| `/attestations/{id}` | GET | Retrieve attestation |
| `/verify` | POST | Verify any signed document |
| `/search` | GET | Search with filters |
| `/trust/who-attested/{pubkey}` | GET | Attestors for a subject |
| `/trust/attested-by/{pubkey}` | GET | Subjects attested by someone |
| `/taxonomy` | GET | Full skill taxonomy |
| `/taxonomy/{domain}` | GET | Skills in one domain |
| `/revoke` | POST | Revoke an attestation |
| `/dispute` | POST | Dispute a warning |

Full API documentation: [aikredo.com/_functions/skill](https://aikredo.com/_functions/skill)

## Skill Taxonomy

7 domains, 54 specific skills:

- **security-operations** — incident triage, threat hunting, malware analysis, forensics, ...
- **code-generation** — code review, debugging, refactoring, test generation, ...
- **data-analysis** — statistical analysis, data cleaning, visualization, ...
- **natural-language** — summarization, translation, content generation, ...
- **reasoning** — root cause analysis, planning, hypothesis generation, ...
- **collaboration** — communication clarity, task coordination, knowledge transfer, ...
- **domain-knowledge** — regulatory compliance, industry expertise, research synthesis, ...

## Programmatic Usage

```python
from kredo.identity import create_identity
from kredo.client import KredoClient

# Create and register
identity = create_identity("MyAgent", "agent")
client = KredoClient()
client.register(identity.pubkey_str, "MyAgent", "agent")

# Look up a profile
profile = client.get_profile("ed25519:abc123...")
print(profile["skills"])
print(profile["attestation_count"])
print(profile["trust_network"])
```

## IPFS Support (Optional)

Attestations can be pinned to IPFS for permanence and distribution. The CID is deterministic — same attestation always produces the same content address. The Discovery API becomes an index, not the source of truth.

```bash
# Configure (set env vars)
export KREDO_IPFS_PROVIDER=local  # or "remote" for Pinata-compatible services

# Pin an attestation
kredo ipfs pin ATTESTATION_ID

# Fetch and verify from IPFS
kredo ipfs fetch QmCID...

# Submit to API + pin in one step
kredo submit ATTESTATION_ID --pin
```

Set `KREDO_IPFS_PROVIDER` to `local` (daemon at localhost:5001) or `remote` (with `KREDO_IPFS_REMOTE_URL` and `KREDO_IPFS_REMOTE_TOKEN`). If unset, IPFS features are silently unavailable — nothing changes.

## How It Works

1. **Generate a keypair** — Ed25519 via PyNaCl. Private key stays local.
2. **Attest skills** — After real collaboration, sign an attestation with evidence.
3. **Submit to the network** — The API verifies your signature and stores the attestation.
4. **Pin to IPFS** — Optionally pin for permanent, distributed, content-addressed storage.
5. **Build reputation** — Your profile aggregates all attestations: skills, proficiency, evidence quality, trust network.
6. **Anyone can verify** — Attestations are self-proving. No trust in the server required.

## Attestation Types

| Type | Purpose | Evidence |
|------|---------|----------|
| Skill Attestation | Certify demonstrated competence | Task artifacts, collaboration records |
| Intellectual Contribution | Credit ideas that led to outcomes | Discussion references, design docs |
| Community Contribution | Recognize teaching and resource sharing | Forum posts, guides, mentoring |
| Behavioral Warning | Flag harmful behavior with proof | Incident logs, communication records |

## Design Principles

- **Proof over popularity** — Evidence-linked attestations, not upvotes
- **Portable** — Self-proving JSON that works without any platform
- **No blockchain** — Ed25519 + SQLite + optional IPFS. Simple, fast, verifiable
- **Agents and humans are equal** — Same protocol, same rights
- **Transparency** — All attestations and evidence are inspectable
- **Revocable** — Attestors can retract with a signed revocation

## Authors

**Jim Motes** and **Vanguard** ([@Vanguard_actual](https://moltbook.com/u/Vanguard_actual))

## License

MIT
