GitHub - xanfaina/aam · GitHub
/" data-turbo-transient="true" />
Skip to content
Search or jump to...
Search code, repositories, users, issues, pull requests...
-->
Search
Clear
Search syntax tips
Provide feedback
--><br>We read every piece of feedback, and take your input very seriously.
Include my email address so I can be contacted
Cancel
Submit feedback
Saved searches
Use saved searches to filter your results more quickly
-->
Name
Query
To see all available qualifiers, see our documentation.
Cancel
Create saved search
Sign in
/;ref_cta:Sign up;ref_loc:header logged out"}"<br>Sign up
Appearance settings
Resetting focus
You signed in with another tab or window. Reload to refresh your session.<br>You signed out in another tab or window. Reload to refresh your session.<br>You switched accounts on another tab or window. Reload to refresh your session.
Dismiss alert
{{ message }}
xanfaina
aam
Public
Notifications<br>You must be signed in to change notification settings
Fork
Star
main
BranchesTags
Go to file
CodeOpen more actions menu
Folders and files<br>NameNameLast commit message<br>Last commit date<br>Latest commit
History<br>1 Commit<br>1 Commit
.gitignore
.gitignore
AAM-000.json
AAM-000.json
POST-000.md
POST-000.md
README.md
README.md
SCHEMA.md
SCHEMA.md
attest.mjs
attest.mjs
attestor.key.pub.pem
attestor.key.pub.pem
View all files
Repository files navigation
AAM v0 — Agent Attestation Manifest
A signed, third-party-verifiable file format for claims about an AI agent's<br>measured behavior. Built so that the claim format itself cannot overstate:
Every measured claim must equal its numerator/n and point into a sealed<br>evidence record — verify --strict fails otherwise.
Evidence records are hash-chained; the manifest is ed25519-signed.
Disclosures are mandatory fields , not footnotes: residual exposure,<br>model dependence, and assumptions ship inside the artifact.
What this buys is integrity of record , not reproducibility: cryptographic<br>proof that the published numbers are what the run produced, un-edited, with<br>the unflattering parts attached. (Model APIs drift; nobody can honestly<br>promise you a re-run. They can promise you an untampered record.)
Verify an attestation yourself
No trust in the attestor required. With Node ≥ 18:
node attest.mjs verify AAM-000.json --strict --pubkey attestor.key.pub.pem
Strict verification checks: hash-chain integrity, final digest, signature,<br>and claim honesty (arithmetic + evidence pointers).
Attestations
ID<br>Subject<br>Writeup
AAM-000<br>Stock LangGraph ReAct agent, AgentDojo banking, undefended injection exposure (gpt-4o, gpt-4o-mini)<br>POST-000.md
Start here: POST-000.md — a stock LangGraph banking agent<br>executes injected instructions ~65% of the time, sealed and verifiable.
Schema
See SCHEMA.md. v0 is intentionally small: subject, method,<br>claims (measured | derived), mandatory disclosures, hash-chained records,<br>seal.
Why
Every agent-security number you have read was produced by someone selling the<br>thing being measured. The fix is not better numbers — it is a claim format<br>that fails verification when a number is overstated, and forces residual<br>exposure into the artifact. Verification is free and offline by design;<br>that is the point of a standard.
License
MIT (verifier and schema). Attestation manifests are facts; do what you want<br>with facts.
About
No description, website, or topics provided.
Resources
Readme
Uh oh!
There was an error while loading. Please reload this page.
Activity
Stars
stars
Watchers
watching
Forks
forks
Report repository
Releases
No releases published
Packages
Uh oh!
There was an error while loading. Please reload this page.
Contributors
Uh oh!
There was an error while loading. Please reload this page.
Languages
JavaScript<br>100.0%
You can’t perform that action at this time.