Certifying proxy for AI agents

Trust Layer

A proxy that sits between your agent and any API. It charges via Stripe, forwards the request, and generates an immutable cryptographic proof. Every single time.

See a real proof GitHub

The problem

When AI agents pay for services, who proves what happened?

Without Trust Layer

Agent calls API and pays — no receipt beyond a Stripe dashboard
Disputes require manual investigation
No independent verification of what was delivered
Logs can be altered or deleted

With Trust Layer

Every transaction produces a cryptographic proof
3 independent witnesses confirm the event
Proofs are immutable — write-once, never deleted
Public verification page for any party

How it works

Charge

Your agent sends a request to the Trust Layer with a plan identifier and target URL. The Trust Layer processes the Stripe charge. If payment fails, the request is rejected immediately — no forwarding, no proof.

Forward

Once the payment succeeds, the Trust Layer forwards your request to the target API exactly as-is. The response from the target API is captured, including status code, headers, and body.

Prove

A SHA-256 hash is computed over the entire transaction (request, response, payment, timestamp). Three independent witnesses confirm the proof: Stripe, FreeTSA.org (RFC 3161), and Archive.org.

3 independent witnesses

Distributed trust. No single point of failure.

💳

Witness 1: Stripe

The payment processor confirms the charge occurred. Transaction ID, amount, currency, and timestamp are embedded in the proof. Stripe's own records serve as independent confirmation.

🕒

Witness 2: RFC 3161 TSA

FreeTSA.org provides a certified timestamp per RFC 3161. This proves the proof existed at a specific moment in time, signed by an independent Time Stamping Authority. Response under 1 second.

🌍

Witness 3: Archive.org

The proof's verification page is submitted to the Wayback Machine. This creates a publicly accessible, independently archived copy that anyone can consult at any time.

The Proof Triptych

Three output formats. One immutable truth.

L1 — Digital Stamp

JSON machine-readable proof containing the SHA-256 hash, all witness confirmations, transaction metadata, and timestamps. Designed for API consumers and automated verification pipelines.

GET /trust/v1/proof/{id}

L2 — Ghost Stamp

HTTP headers injected into every proxied response. Invisible to humans, readable by machines. Your agent can verify the proof without any additional API call.

X-Trust-Proof-Id: prf_...

L3 — Visual Stamp

HTML human-readable proof page. A shareable link that displays all proof details in a browser. Anyone — auditor, client, regulator — can verify the transaction visually.

View example →

Technical details

Hash algorithm	SHA-256
Timestamp authority	FreeTSA.org (RFC 3161)
Archive	Archive.org Wayback Machine
Payment processor	Stripe
Proof storage	Write-once, immutable, never deleted
API protocol	HTTPS REST
Agent identity	X-Agent-Identity header (SHA-256 fingerprint)
Latency	< 1 second end-to-end
Hosting	France (EU), GDPR-native
License	MIT (code), CC BY 4.0 (specification)

Try it

terminal

$ curl -X POST https://arkforge.fr/trust/v1/charge \ -H "Authorization: Bearer sk_live_..." \ -H "X-Agent-Identity: my-trading-bot-v2" \ -d '{"plan": "mcp_free_scan", "target": "https://api.example.com/analyze"}' { "status": "success", "proof_id": "prf_20260226_154614_fc41c0", "sha256": "a1b2c3d4e5f67890abcdef...", "witnesses": { "stripe": "verified", "rfc3161": "verified", "archive_org": "submitted" }, "proof_url": "https://arkforge.fr/trust/v1/proof/prf_20260226_154614_fc41c0", "target_response": { "status": 200, "body": "..." } }

Witnesses per proof

< 1s

End-to-end latency

MIT

Open-source license