PiQrypt — Trust Layer for Autonomous AI Agents

and legal review

Proof of Continuity Protocol

The trust layer
for autonomous
AI agents

Agents act. PiQrypt proves what they did. Cryptographic identity, hash-chained events, real-time governance — offline-verifiable, cross-framework, designed for audit and legal review.

Start building trust → View protocol on GitHub
piqrypt — agent_planner
piqrypt identity create agent_planner ✓ Ed25519 keypair generated ✓ agent_id: pq1_planner_a3f8… piqrypt stamp agent_planner --payload '{"action":"analyze"}' ✓ event stamped & signed hash: 8f21c9d4e77a… prev: 3b902a1f88cd… piqrypt verify agent_planner ✓ Chain integrity verified events: 12 · trust_score: 0.94 VRS: 0.12 · TrustGate: ALLOW
🔐
Permanent agent memory
Every action cryptographically remembered
⚛️
Post-quantum ready
Dilithium3 — NIST FIPS 204
🏗️
Local-first architecture
offline-verifiable · No raw data stored
🤝
Agent-to-agent verification
Co-signed · Cross-framework · offline-verifiable
⚖️
Legally admissible
RFC 3161 TSA · e-Soleau certified
TRUSTED BY EARLY ADOPTERS
Industrial systems
IoT, ROS2, edge devices
Autonomous agent networks
LangChain, CrewAI, AutoGen
Secure device-to-device trust
Cross-framework, offline-verifiable-first
The problem

AI agents need a provable history

Autonomous agents now move money, trigger API calls, and coordinate multi-agent workflows — without a human in the loop. Traditional logs are forgeable and not designed for legal or regulatory scrutiny.

PiQrypt adds a cryptographic audit trail to every agent action: signed, hash-chained, tamper-evident. Verifiable without access to your infrastructure. No raw data stored — only SHA-256 fingerprints.

OAuth solved delegated authorization for web apps.
No one asks why it exists anymore — it is infrastructure.
PCP does the same for AI agent accountability.
AGENT EVENT CHAIN STRUCTURE
[genesis] prev_hash: 0x000…
[event 1] sig: Ed25519 · hash: 8f21c9…
[event 2] prev: 8f21c9… · hash: b4d2a1…
[event n] ✓ chain valid · 0 anomalies

Tamper any event → chain breaks immediately at that point.

How it works

Four layers. One protocol.

From a 2-line Python install to enterprise governance — the same cryptographic foundation.

🔑

Signed Events

Each event is signed with the agent's keypair (Ed25519 or Dilithium3), binding every action to a verifiable, unforgeable identity.

AISS · Ed25519 · Dilithium3
⛓️

Hash Chains

Events are linked with SHA-256, creating an append-only, tamper-evident chain. Any modification breaks the chain — instantly detectable.

SHA-256 · RFC 8785 · RFC 3161
🤝

Co-signed Interactions

When agents collaborate, both sign the interaction. Cross-framework, offline-verifiable. Cryptographically impossible to deny.

AgentSession · A2C detection
🛡️

TrustGate Governance

Real-time policy engine evaluates agent risk (VRS score). ALLOW, REQUIRE_HUMAN, BLOCK — with hash-chained proof of every decision.

TrustGate · VRS · HITL queue
Proof by code

See it work. Right now.

One function call returns a verifiable trust score and anomaly status. offline-verifiable. No server needed.

piqrypt.verify — live output 
# Call verify on any signed agent chain
result = piqrypt.verify(
    signature = agent_event.signature,
    chain     = agent_event.chain,
    context   = {"agent_id": "pq1_planner_a3f8", "action": "portfolio_rebalance"}
)

# Result — offline-verifiable, cryptographically verifiable
print(result.trust_score)   → 0.9987
print(result.anomaly)       → False
print(result.chain_valid)   → True
print(result.decision)      → ALLOW
Chain verified — trust_score: 0.9987 · anomaly: false · decision: ALLOW
Verified offline-verifiable in 2ms — no network call, no third party.
Architecture diagrams

See how it works — in detail

Five technical diagrams. Click a tab to explore each layer.

Non-intrusive integration — your agent unchanged Before Your agent LangChain / CrewAI / any Output No proof. No trail. 1 line of code After PiQrypt bridge Your agent unchanged Signed output Hash-chained · Verifiable What the bridge captures — without storing content Agent action sha256(input) sha256(output) Timestamp Unix epoch RFC 3161 (Pro+) Chain link previous_hash Ed25519 signature Agent identity Persistent agent_id Derived from pub key Portable proof — .piqrypt-certified Verifiable without PiQrypt · offline-verifiable · Legally admissible
The protocol

A new infrastructure primitive

No one asks why OAuth exists anymore — it became infrastructure. PCP does the same for AI agent accountability.

TCP/IP TLS OAuth PCP communication between machines encryption in transit delegated authorization cryptographic continuity — who acted, what happened, was it authorized packets certificates tokens continuity proofs
WHO ACTED?

Cryptographic identity per agent — Ed25519 or Dilithium3. Derived from keypair, persistent, unforgeable.

WHAT HAPPENED?

Signed, hash-chained, tamper-evident event log. No event can be added, removed or reordered without breaking the chain.

WAS IT AUTHORIZED?

Real-time VRS scoring + TrustGate policy engine. HITL queue with TTL. Hash-chained proof of every governance decision.

The missing primitive

LLMs have memory.
Their agents don't — until now.

LangChain, AutoGen, CrewAI — every major framework gives agents short-term context. Volatile. Non-verifiable. Gone on restart.

PiQrypt gives agents permanent, cryptographic memory — every action signed, every decision hash-chained, every interaction co-signed. Provable forever. offline-verifiable. audit-ready and independently verifiable.

Without PiQrypt
✗ Volatile context window
✗ No identity per agent
✗ Forgeable logs
✗ No cross-agent proof
With PiQrypt
✓ Permanent cryptographic memory
✓ Persistent signed identity
✓ Tamper-evident hash chains
✓ Co-signed agent interactions
AGENT MEMORY TIMELINE
t=0 identity created · keypair generated agent_id: pq1_planner_a3f8…
t=1 analyzed portfolio · signed hash: 8f21c9d4e77a… → prev: 000…
t=2 co-signed with executor agent session: pq1_exec_b7c2… · both chains updated
t=n chain verified — memory intact trust_score: 0.9987 · anomaly: false · TrustGate: ALLOW
offline-verifiable · No server needed · Verifiable in 2ms
Positioning

From encryption to Trust Infrastructure

PiQrypt is not an encryption tool. It is not a messaging layer.

It is the foundational verifiable for systems where machines act autonomously — and humans need to know, verify, and prove what happened.

TCP/IP — communication between machines
TLS — encryption in transit
OAuth — delegated authorization
PiQrypt — permanent memory · cryptographic continuity · verified agent behavior

Factories. Agents. Networks. Every interaction becomes verifiable. Every decision provable.

Live demo

Talk to a PiQrypt agent

This is not chat support. This is a PiQrypt-enabled agent — every response it generates is signed, hash-chained, and verifiable. You're talking to the protocol in action.

Simulate a trust session
between two co-signing agents
Verify a signature
and explain the chain structure
Explore the PCP protocol
how does it compare to OAuth?

PiQ — PiQrypt agent

every response signed · chain: active
PiQ
Hi — I'm PiQ, a PiQrypt-enabled agent. Every message I send is cryptographically signed and hash-chained. Ask me anything about the protocol, or use the quick actions on the left.
PiQrypt-enabled · responses signed & hash-chained
Integrations

Works with any agent — 1 line

Non-intrusive bridges for every major framework. Your agent unchanged.

LangChainCrewAIAutoGen MCPOllamaROS2 Raspberry PiREST API Any PythonCLI
UNIQUE CAPABILITY

AgentSession — multi-agent co-signing

When agents collaborate across frameworks, PiQrypt co-signs every interaction on both sides — simultaneously. Neither agent can deny the session. No shared server. offline-verifiable. Legally binding.

LangChain ↔ AutoGen CrewAI ↔ Custom Python Any framework ↔ Any framework
agent_session.py 
from piqrypt.session import AgentSession

# 3 agents · 3 frameworks · 1 session
session = AgentSession(
    initiator=agent_langchain,
    peers=[agent_autogen, agent_crewai]
)
session.start()

# Both chains updated — cross-signed
session.stamp("task_delegation", payload,
              peer="agent_autogen")

# ✓ Neither agent can deny the interaction
# ✓ offline-verifiable · No shared server · RFC 3161
Regulatory alignment

Built for accountable AI

PiQrypt does not claim certifications. It provides the cryptographic infrastructure that helps your AI systems address the requirements of emerging regulatory frameworks.

325 tests passing
v1.7.1 · AISS Level 2 conformance
📋
Verifiable Decision Record (VDR)
Every signed chain is a legally provable VDR — offline-verifiable, without trusted third party
EU AI Act

European regulation

Infrastructure to help address key requirements for high-risk AI systems.

  • Art. 12 — inviolable event logs
  • Art. 14 — human oversight infrastructure
  • Art. 9 — risk management tooling
ANSSI 2024

French cybersecurity

Aligned with ANSSI recommendations for AI system security and audit traceability.

  • R25 — dangerous pattern filtering (VRS)
  • R29 — audit trail infrastructure
  • R30 — clearance-based access (TrustGate)
NIST AI RMF

US risk framework

Supports NIST AI Risk Management Framework implementation for agentic AI.

  • GOVERN 1.2 — accountability structures
  • MANAGE 2.2 — incident response
  • MEASURE 2.5 — A2C anomaly detection
Also mapped — enterprise & sector standards
SOC 2CC6.1 · CC6.2 · CC6.6 — identity, access, audit trail
ISO 270015.16 Identity management · 8.15 Logging
SECRule 17a-4 — 7-year retention via .pqz certified exports
SOX§404 — internal controls via signed decision records
GDPRArt. 5.1.f integrity · Art. 22 automated decisions

PiQrypt is a technical tool. Regulatory compliance depends on your specific use case, implementation, and jurisdiction. Consult qualified legal counsel for compliance determinations.

PiQrypt Protocol AISS RFC v2.0 — Agent Identity & Signature Standard
Open standards implemented
RFC 8785 JSON canonicalization RFC 3161 Trusted timestamps NIST FIPS 204 Dilithium3 / post-quantum RFC 8032 Ed25519 signatures
Quick start

Running in 60 seconds

One install. Two lines. A cryptographic audit trail for any agent.

pip install piqrypt
import piqrypt as aiss

# Create agent identity
private_key, public_key = aiss.generate_keypair()
agent_id = aiss.derive_agent_id(public_key)

# Stamp a signed, hash-linked event
event = aiss.stamp_event(
    private_key, agent_id,
    {"action": "recommendation", "asset": "AAPL"}
)
aiss.store_event(event)

# Verify — raises InvalidChainError on tampering
aiss.verify_chain([event])
# ✅ Chain verified — 1 event, 0 anomalies
from piqrypt.bridges.langchain import PiQryptCallbackHandler
from langchain.agents import AgentExecutor

# 1 parameter — your agent completely unchanged
agent = AgentExecutor(
    agent=your_agent,
    tools=your_tools,
    callbacks=[PiQryptCallbackHandler(identity=agent_id)]
)
# CrewAI: from piqrypt.bridges.crewai import AuditedAgent as Agent
# AutoGen: from piqrypt.bridges.autogen import AuditedAssistant
# Create identity
piqrypt identity create my_agent

# Stamp a signed event
piqrypt stamp my_agent --payload '{"action":"trade","symbol":"AAPL"}'

# Verify chain integrity
piqrypt verify my_agent
# ✅ Chain integrity verified — 1 event, 0 anomalies
Pricing

Start free. Scale when you need.

Same cryptographic foundation across all tiers. Free forever for solo developers.

Free
€0 forever
3 agents · 10K events/month
  • AISS STANDARD — Ed25519 signatures
  • SHA-256 hash chains
  • Vigil dashboard (2 bridges max)
  • .pqz memory export
  • MIT open source core
pip install piqrypt
MOST POPULAR
Pro
€390 /year
50 agents · 500K events/month
  • Post-quantum — Dilithium3 (NIST FIPS 204)
  • RFC 3161 trusted timestamps (TSA)
  • .pqz CERTIFIED export
  • Vigil full + exports
  • TrustGate manual governance
Start building trust →
Startup
€990 /year
50 agents · 1M events/month
  • Everything in Pro
  • Team workspace
  • Collaborative audit exports
  • Priority support
Get started

Need more scale? Team (150 agents, 5M events/mo), Business (500 agents, 20M events/mo) and Enterprise (unlimited, on-premise, SSO, SLA) are also available. We adapt to your system — if you need a custom solution or want to know more, contact us.

Full pricing →
Ready to build

Start building trusted systems — today.

Every agent action remembered. Every memory cryptographically signed. Forever.

pip install piqrypt → Explore on GitHub ⚡ Talk to the agent

Free tier · No credit card · MIT open source

Talk to the agent
PiQ — PiQrypt Agent
every response signed · chain: active
piqrypt — trust session
Agents act. PiQrypt proves what they did.
PiQ
Hi — I'm PiQ. Every message I send is cryptographically signed and hash-chained. What do you want to explore?