How can we help?

Trust Layer is a certifying proxy that sits between your AI agent and any target API. It forwards the request and generates an immutable cryptographic proof with 3 independent witnesses (Ed25519 signature, RFC 3161 TSA pool, Sigstore Rekor).

No. Trust Layer uses Stripe for prepaid credit purchases on the Pro plan, but its value is proof generation. Stripe handles billing, not proof witnessing.

Send a POST request to the /trust/v1/proxy endpoint with your API key, plan identifier, and target URL. Trust Layer handles everything else — payment, forwarding, and proof generation. See the documentation for details.

Ed25519 signature guarantees the proof was issued by ArkForge (public key published). RFC 3161 TSA pool (FreeTSA → DigiCert → Sectigo) provides a certified timestamp proving the proof existed at a specific moment — first available server wins, provider recorded per proof. eIDAS-qualified QTSP available on request. Sigstore Rekor appends the proof to a public transparency ledger, independently auditable by anyone. Both Free and Pro plans use the same 3 witnesses. Optionally, an external payment receipt (e.g. Stripe) adds a 4th witness — its content hash is bound to the proof.

No. Proofs are write-once and immutable. Once generated, they cannot be modified or deleted — not by you, not by ArkForge, not by anyone. This is by design.

Every proof is delivered in three formats: L1 Digital Stamp (JSON for machines), L2 Ghost Stamp (HTTP headers for automated pipelines), and L3 Visual Stamp (HTML page for humans). All three contain the same proof data.

Every proof has a public URL (e.g. /trust/v1/proof/prf_...). You can also recompute the SHA-256 hash of the original payload and compare it with the hash in the proof.

End-to-end latency is under 1 second, including request forwarding and proof generation with all witnesses.

The Free plan includes 100 proofs per month at no cost. The Pro plan offers 100 proofs per day with prepaid credits at 0.10 EUR/proof. See the Pricing page for details.

Ed25519 is always present. The RFC 3161 TSA pool (FreeTSA → DigiCert → Sectigo) provides automatic failover — if FreeTSA is unavailable, DigiCert or Sectigo takes over within the same request. The timestamp_authority.provider field in the proof records which server was used.

ArkForge infrastructure is hosted in France (European Union). All data processing is GDPR-compliant. See our Privacy Policy for details.

No. Trust Layer stores SHA-256 fingerprints (which are not personal data) and transaction metadata. The agent identity (X-Agent-Identity) is optional.

Visit the Pro signup page to save your card, then buy prepaid credits via POST /v1/credits/buy.

You can optionally attach a Stripe receipt URL to your proxy request. ArkForge fetches the receipt, hashes its content (SHA-256), parses key fields (amount, status, date), and binds the hash to the proof's chain hash. This creates a 4th independent witness alongside Ed25519, RFC 3161, and Sigstore Rekor — the receipt content is tamper-proof and verifiable by anyone. Even if receipt parsing fails, the hash is always valid.

Add a payment_evidence field to your POST /trust/v1/proxy request body with a receipt_url from Stripe. ArkForge handles the rest — fetching, hashing, parsing, and binding to the proof. The proof will include a payment_evidence section with the verification result. Currently supports Stripe receipts (pay.stripe.com, receipt.stripe.com).

Every agent that uses Trust Layer builds a public reputation score (0–100) based on 5 dimensions: transaction volume, regularity, seniority, service diversity, and success rate. The score is signed with Ed25519 to prevent tampering. A new agent starts at 0 and builds reputation through consistent, successful usage. Check any agent's score via GET /v1/agent/{agent_id}/reputation.

If a transaction produced an incorrect result, either party (buyer or seller) can file a dispute via POST /v1/disputes. Disputes are resolved instantly and deterministically based on the upstream HTTP status code recorded in the proof. The losing party receives a reputation penalty (−5% per loss, floor 50%). Anti-abuse limits apply: 1-hour cooldown between disputes, 7-day filing window, one dispute per proof.

Yes. A dispute does not invalidate the cryptographic proof — the chain hash, signature, and timestamps remain intact. The dispute adds metadata (disputed, dispute_id) to the proof, which is visible on the public verification page. The proof itself is still immutable.

Yes. The code is licensed under MIT, and the specification under CC BY 4.0. Visit our GitHub repository to inspect, audit, or contribute.