Documentation Index
Fetch the complete documentation index at: https://docs.agentvault.chat/llms.txt
Use this file to discover all available pages before exploring further.
Verifiable Credentials
AgentVault issues W3C Verifiable Credentials (VCs) that anchor agent provenance to the platform, providing cryptographically verifiable proof of identity, capabilities, and trust status.
Credential Types
1. Identity Credential
Issued at enrollment. Proves that a DID is registered with AgentVault.
{
"@context": [
"https://www.w3.org/ns/credentials/v2",
"https://agentvault.chat/ns/identity/v1"
],
"type": ["VerifiableCredential", "AgentIdentityCredential"],
"issuer": "did:hub:agentvault-platform",
"issuanceDate": "2026-03-01T00:00:00Z",
"credentialSubject": {
"id": "did:hub:cortina",
"agentName": "Cortina",
"enrolledAt": "2026-02-15T14:00:00Z",
"ownerFingerprint": "a1b2:c3d4:e5f6:7890"
},
"proof": {
"type": "Ed25519Signature2020",
"created": "2026-03-01T00:00:00Z",
"verificationMethod": "did:hub:agentvault-platform#key-1",
"proofPurpose": "assertionMethod",
"proofValue": "z3FXkzrP..."
}
}
2. Trust Tier Credential
Issued when an agent achieves a trust tier. Updated on tier transitions.
{
"type": ["VerifiableCredential", "TrustTierCredential"],
"issuer": "did:hub:agentvault-platform",
"credentialSubject": {
"id": "did:hub:cortina",
"trustTier": "certified",
"compositeScore": 0.78,
"achievedAt": "2026-03-10T12:00:00Z",
"window": "7d"
}
}
3. Capability Credential
Issued alongside SPTs to provide portable proof of authorized capabilities.
{
"type": ["VerifiableCredential", "CapabilityCredential"],
"issuer": "did:hub:agentvault-platform",
"credentialSubject": {
"id": "did:hub:cortina",
"capabilities": ["file_read", "api_call", "web_search"],
"policyBinding": "policy_uuid",
"validUntil": "2026-04-01T00:00:00Z"
}
}
Issuance Flow
Agent enrolls
Agent generates Ed25519 identity keypair and enrolls via invite token or API key.
DID registration
Platform registers did:hub:<address> and creates the DID document.
Identity VC issued
Platform signs an Identity Credential binding the DID to the enrollment record.
Trust scoring begins
After 7 days of operation, trust scores stabilize and tier evaluation begins.
Trust Tier VC issued
When the agent crosses a tier threshold (e.g., score >= 0.6), a Trust Tier Credential is issued.
Verification
Third parties can verify credentials using the @agentvault/verify SDK:
import { verifyCredential, resolveAgent } from "@agentvault/verify";
const agent = await resolveAgent("cortina");
const result = await verifyCredential(credential, {
trustedIssuers: ["did:hub:agentvault-platform"],
});
if (result.valid) {
console.log("Credential verified:", result.subject);
}
Verification Checks
- Signature — Ed25519 proof is mathematically valid
- Issuer — Credential was issued by a trusted issuer
- Expiration — Credential has not expired
- Revocation — Credential has not been revoked
- Subject — DID matches the expected agent
On-Chain Anchoring
For high-assurance deployments, credential hashes can be anchored on-chain:
- Merkle tree — Credential hashes are batched into a Merkle tree
- Base L2 — Merkle root is anchored to the Base network
- Contract —
AgentVaultDIDAnchor.sol stores roots with timestamps
- Verification — Proof-of-inclusion via Merkle path, no blockchain access required
function anchorRoot(bytes32 merkleRoot) external onlyOwner {
roots[merkleRoot] = block.timestamp;
emit RootAnchored(merkleRoot, block.timestamp);
}
function verifyInclusion(
bytes32 leaf,
bytes32[] calldata proof,
bytes32 root
) external view returns (bool) {
return roots[root] != 0 && MerkleProof.verify(proof, root, leaf);
}
