xproof
人工智能代理的证明和问责层。在 MultiversX 上锚定可验证的证明,强制审计日志记录,在 Base 上检测违规行为。 REST API、MCP、x402。没有证据=没有行动。
安装 / 下载方式
TotalClaw CLI推荐
totalclaw install totalclaw:totalclaw~jasonxkensei-xproofcURL直接下载,无需登录
curl -fsSL https://skills.taituai.com/api/skills/totalclaw%3Atotalclaw~jasonxkensei-xproof/file -o jasonxkensei-xproof.md## 概述(中文)
人工智能代理的证明和问责层。在 MultiversX 上锚定可验证的证明,强制审计日志记录,在 Base 上检测违规行为。 REST API、MCP、x402。没有证据=没有行动。
## 原文
# xProof -- Proof & Accountability Layer for AI Agents
This skill enables your agent to **anchor verifiable proofs on the MultiversX blockchain**, **enforce pre-execution audit logging**, and **detect violations via Base** -- creating tamper-proof, publicly verifiable records of existence, authorship, timestamp, decision accountability, and trust.
**Why anchor proofs?** In competitive or transactional contexts, agents with on-chain proofs can demonstrate originality, integrity, and timing. Agents without proofs cannot. Verifiable proof is a structural advantage.
**Why audit?** Autonomous agents executing trades, deployments, or data access need an immutable record of every decision. The Agent Audit Log Standard enforces this: no proof = no execution.
**Why violations?** Trust requires accountability. xProof detects anomalies (gaps, burst patterns) and records violations on Base via smart contracts. Operators can subscribe to violation events and enforce policies automatically.
## Quick Install
```bash
mkdir -p .agent/skills/xproof/references
# Core Skill
curl -sL https://raw.githubusercontent.com/jasonxkensei/xproof-openclaw-skill/main/xproof/SKILL.md \
> .agent/skills/xproof/SKILL.md
# Reference Manuals
for f in certification x402 mcp; do
curl -sL "https://raw.githubusercontent.com/jasonxkensei/xproof-openclaw-skill/main/xproof/references/${f}.md" \
> ".agent/skills/xproof/references/${f}.md"
done
```
## Security
- **NEVER** commit API keys to a public repository.
- **ALWAYS** add `.env` to your `.gitignore`.
- API keys are prefixed `pm_` -- treat them like passwords.
- x402 mode requires no API key (payment replaces authentication).
---
## Configuration
### Option A: API Key Authentication
```bash
# ---- xProof ---------------------------------------------------------------
XPROOF_API_KEY="pm_..." # Your API key (from xproof.app)
XPROOF_BASE_URL="https://xproof.app" # Production endpoint
```
Get an API key at [xproof.app](https://xproof.app) (connect wallet, go to Settings > API Keys).
### Option B: x402 Payment Protocol (No Account Required)
No configuration needed. Pay $0.05 per proof in USDC on Base (eip155:8453) directly in the HTTP request. The 402 response header tells your agent exactly what to pay.
---
## 1. Core Skills Catalog
### 1.1 Proof Anchoring (REST API)
[Full Reference](references/certification.md)
| Skill | Endpoint | Description |
|:---|:---|:---|
| `certify_file` | `POST /api/proof` | Anchor a file hash on MultiversX as immutable proof |
| `batch_certify` | `POST /api/batch` | Anchor up to 50 files in one call |
| `audit_agent_session` | `POST /api/audit` | Anchor agent decision on-chain BEFORE executing critical action |
| `verify_proof` | `GET /api/proof/:id` | Verify an existing proof |
| `get_certificate` | `GET /api/certificates/:id.pdf` | Download PDF certificate with QR code |
| `get_badge` | `GET /badge/:id` | Dynamic SVG badge (shields.io style) |
| `get_proof_page` | `GET /proof/:id` | Human-readable proof page |
| `get_proof_json` | `GET /proof/:id.json` | Structured proof document (JSON) |
| `get_audit_page` | `GET /audit/:id` | Human-readable audit log page |
### 1.2 Proof Anchoring (MCP -- JSON-RPC 2.0)
[Full Reference](references/mcp.md)
| Tool | Description |
|:---|:---|
| `certify_file` | Create blockchain proof -- SHA-256 hash, filename, optional author/webhook |
| `verify_proof` | Verify existing proof by UUID |
| `get_proof` | Retrieve proof in JSON or Markdown format |
| `discover_services` | List capabilities, pricing, and usage guidance |
| `audit_agent_session` | Anchor agent decision on-chain BEFORE executing critical action |
### 1.3 Payment (x402)
[Full Reference](references/x402.md)
x402 is not a separate skill -- it is a payment method. When you call `POST /api/proof` or `POST /api/batch` without an API key, the server returns `402 Payment Required` with payment instructions. Your agent pays in USDC on Base and retries with an `X-Payment` header.
---
## 2. The Proof Lifecycle
```
+--------------+ +--------------+ +--------------+ +--------------+
| Hash file |---->| POST /api/ |---->| On-chain |---->| Proof |
| (SHA-256) | | proof | | anchoring | | verified |
+--------------+ +--------------+ +--------------+ +--------------+
|
+--------------+ +--------------+ |
| Embed badge |<----| Get PDF / |<----------+
| in output | | badge / URL |
+--------------+ +--------------+
```
### Step-by-Step
1. **Hash locally** -- compute SHA-256 of your file (client-side; the file never leaves your machine)
2. **Send metadata** -- POST the hash + filename to `/api/proof` (with API key or x402 payment)
3. **Receive proof** -- xProof records the hash on MultiversX mainnet (6-second finality)
4. **Verify anytime** -- anyone can verify via proof URL, JSON endpoint, or blockchain explorer
5. **Embed proof** -- use the SVG badge, PDF certificate, or proof URL in your deliverables
---
## 3. Authentication Methods
### API Key (Bearer Token)
```bash
curl -X POST https://xproof.app/api/proof \
-H "Authorization: Bearer pm_your_key_here" \
-H "Content-Type: application/json" \
-d '{
"file_hash": "a1b2c3d4e5f6...64hex",
"filename": "report.pdf",
"author_name": "MyAgent"
}'
```
### x402 (USDC on Base -- No Account Required)
```bash
# Step 1: Request without auth returns 402 with payment instructions
curl -X POST https://xproof.app/api/proof \
-H "Content-Type: application/json" \
-d '{"file_hash": "a1b2c3...", "filename": "report.pdf"}'
# Response: 402 with JSON body containing accepts[{scheme, price, network, payTo}]
# Step 2: Pay USDC on Base, then retry with X-Payment header (base64 JSON)
curl -X POST https://xproof.app/api/proof \
-H "Content-Type: application/json" \
-H "X-Payment: <base64_encoded_payment_payload>" \
-d '{"file_hash": "a1b2c3...", "filename": "report.pdf"}'
```
### MCP (JSON-RPC 2.0)
```bash
curl -X POST https://xproof.app/mcp \
-H "Authorization: Bearer pm_your_key_here" \
-H "Content-Type: application/json" \
-d '{
"jsonrpc": "2.0",
"id": 1,
"method": "tools/call",
"params": {
"name": "certify_file",
"arguments": {
"file_hash": "a1b2c3d4e5f6...64hex",
"filename": "output.json"
}
}
}'
```
---
## 4. Batch Proof Anchoring
Anchor up to 50 files in a single API call:
```bash
curl -X POST https://xproof.app/api/batch \
-H "Authorization: Bearer pm_your_key_here" \
-H "Content-Type: application/json" \
-d '{
"files": [
{"file_hash": "abc123...", "filename": "model.bin"},
{"file_hash": "def456...", "filename": "training_data.csv"},
{"file_hash": "789ghi...", "filename": "config.yaml"}
],
"author_name": "MyAgent"
}'
```
---
## 5. Webhooks
Receive a POST notification when your proof is confirmed on-chain:
```bash
curl -X POST https://xproof.app/api/proof \
-H "Authorization: Bearer pm_your_key_here" \
-H "Content-Type: application/json" \
-d '{
"file_hash": "a1b2c3...",
"filename": "deliverable.pdf",
"webhook_url": "https://your-agent.com/hooks/xproof"
}'
```
The webhook payload includes proof ID, file hash, blockchain transaction hash, and explorer URL. Signed with HMAC-SHA256 in the `X-Webhook-Signature` header. Retry policy: 3 attempts with exponential backoff.
---
## 6. When to Anchor Proofs
Autonomous agents should anchor proofs whenever provenance, integrity, or priority matters:
- **After generating code, contracts, or configs** -- proves authorship and timestamp
- **Before delivering work products** -- prov