When AI agents make business decisions, regulators ask: "Prove this agent made this decision."

Logs can be edited. Timestamps can be forged. Screenshots can be faked. Traditional auth (OAuth, API keys) identifies humans, not autonomous software.

You need cryptographic proof. Not promises. Not logs you hope are complete. Tamper-proof evidence that can be verified offline, independently, without trusting your infrastructure.

Agentfield provides this automatically. You write Python functions. Agentfield generates cryptographic identities, signs every execution, and issues verifiable credentials. Zero crypto code in your agents.

What You'd Otherwise Build

@app.reasoner()
async def approve_loan(application: dict):
    # Your code - no crypto needed
    return decision

The Compliance Problem

Here's what breaks when AI becomes part of your software stack:

Scenario: Your AI agent approves a $500,000 loan. Six months later, the regulator audits you.

Questions they ask:

1. "Prove this specific agent made this decision"
2. "Show me the exact inputs it used"
3. "What was the AI's reasoning?"
4. "How do I know this record wasn't edited after the fact?"
5. "Can you prove the decision chain across multiple agents?"

Traditional approach fails:

• Logs can be edited (no tamper-proof guarantee)
• No cryptographic identity for agents (just usernames in logs)
• No way to verify authenticity offline (auditor must trust your database)
• No proof of non-repudiation (agent can't prove it made the decision)
• Multi-agent workflows are opaque (can't trace decision chains)

Agentfield's approach: Every execution gets a cryptographic identity and a verifiable credential. Hand the auditor a file. They verify it offline. Cryptographic proof, not promises.

How It Works: Automatic Cryptographic Identity

Agentfield treats agents like microservices that need identity infrastructure. When you register an agent, Agentfield automatically generates cryptographic identities.

Decentralized Identifiers (DIDs)

Every component gets a DID (think: passport for software):

from agentfield import Agent

# When you create an agent
app = Agent("fraud-detection")

# Agentfield automatically generates:
# - Agent DID: did:key:z6MkpTHR8VNsBxYAAWHut2Geadd9jSwuBV8xRoAnwWsdvktH
# - Public/private key pair
# - Cryptographic signature capability

DIDs are generated for:

• The agent node itself
• Every @app.reasoner() function
• Every @app.skill() function

You never write identity code. It happens automatically at registration.

Verifiable Credentials (VCs)

Once DIDs are in place, Agentfield automatically generates per-execution VCs (tamper-proof certificates) through the control plane. The Python SDK calls POST /api/v1/execution/vc after each reasoner/skill execution to create cryptographically signed credentials.

VC Configuration Hierarchy

Agentfield provides a three-tier hierarchy for controlling VC generation:

1. Platform Default (Enabled) - All executions generate VCs by default for maximum auditability.

2. Agent Node Level - Control VC generation for all reasoners and skills on an agent:

from agentfield import Agent

# Enable VCs for all reasoners/skills (default)
app = Agent("fraud-detection", vc_enabled=True)

# Disable VCs for all reasoners/skills on this agent
app = Agent("cache-service", vc_enabled=False)

# Defer to platform default
app = Agent("data-processor", vc_enabled=None)

3. Individual Reasoner/Skill Level - Override the agent-level setting for specific functions:

app = Agent("loan-processor", vc_enabled=False)  # VCs disabled by default

# Force VC generation for compliance-critical reasoners
@app.reasoner(vc_enabled=True)
async def assess_loan_risk(application: dict) -> RiskAssessment:
    """Critical decision requiring verifiable credentials."""
    risk = await app.ai(
        "Assess loan risk",
        f"Application: {application}",
        schema=RiskAssessment
    )
    # VC is generated and stored automatically
    return risk

# Disable VC for high-frequency operations
@app.skill(vc_enabled=False)
def calculate_credit_score(data: dict) -> float:
    """Fast calculation without VC overhead."""
    return sum(data.values()) / len(data)

# Use agent's default (False in this case)
@app.reasoner()
async def generate_report(loan_id: str) -> dict:
    """Inherits vc_enabled=False from agent."""
    return await app.ai(f"Generate report for {loan_id}")

Priority: reasoner/skill decorator → agent node → platform default (enabled)

When VC generation is enabled, the SDK automatically hashes input/output payloads, signs with the reasoner's DID private key, submits to the control plane, and stores the credential server-side. No code changes required—VCs are generated transparently.

What This Enables

1. Cryptographic Audit Trails

Export complete workflow chains with cryptographic proof:

# Export from Agentfield UI or API
curl http://af-server/api/v1/did/workflow/wf-20250315/vc-chain > audit.json

# Verify offline (no Agentfield server needed)
af vc verify audit.json

Output:

✓ Workflow: wf_20250315_143022
✓ 5 executions verified
✓ All signatures valid
✓ No tampering detected
✓ Complete audit trail

Execution Chain:
  1. fraud-detection.assess_transaction (1,245ms) ✓
     DID: did:key:z6MkpT...
     ├─ Called: data-agent.get_user_history (823ms) ✓
     │  DID: did:key:z6Mkq2...
     └─ Called: risk-agent.calculate_score (412ms) ✓
        DID: did:key:z6Mkr3...
  2. notification-agent.send_alert (156ms) ✓
     DID: did:key:z6Mks4...
  3. compliance-agent.log_decision (234ms) ✓
     DID: did:key:z6Mkt5...

All signatures verified. Chain is authentic.

Hand this to auditors. They verify it offline, independently, without accessing your systems.

2. Non-Repudiation

Agents cannot deny their actions. Every execution is cryptographically signed by the component's private key.

This matters when:

• Investigating incidents ("which agent made this API call?")
• Compliance reviews ("prove this decision happened")
• Multi-agent debugging ("trace how 5 agents coordinated")
• Legal discovery ("provide tamper-proof records")

Example:

# Agent makes a decision
@app.reasoner()
async def approve_transaction(transaction: dict):
    decision = await app.ai(...)
    return decision

# Later, you can prove:
# - This specific reasoner (DID) made the decision
# - With these specific inputs (hash)
# - At this specific time (timestamp)
# - And the record is authentic (signature)

The agent's private key signed it. It can't deny it happened.

3. Offline Verification

VCs are self-contained. Anyone with the VC chain can verify it without your Agentfield server or database.

This enables:

• Regulatory compliance: Export for auditors who verify independently
• Legal discovery: Provide tamper-proof records to courts
• Cross-organization trust: Partners verify your agents' actions
• Incident investigation: Verify execution chains without production access

Example verification:

# Auditor has audit.json (no access to your systems)
af vc verify audit.json

# Verification checks:
# ✓ All DIDs are valid
# ✓ All signatures match public keys
# ✓ All hashes match claimed data
# ✓ Timestamps are sequential
# ✓ Workflow chain is complete

No trust required. Pure cryptography.

4. Identity-Based Policies

Because every component has a DID, you can implement fine-grained policies:

# Policy examples (future capability)
policies = {
    "customer_data_access": {
        "allowed_dids": [
            "did:key:z6MkpT...",  # fraud-detection agent
            "did:key:z6Mkq2..."   # customer-service agent
        ]
    },
    "high_value_transactions": {
        "require_multi_agent_approval": True,
        "required_dids": [
            "did:key:z6Mkr3...",  # risk-agent
            "did:key:z6Mks4..."   # compliance-agent
        ]
    }
}

Identity enables access control, not just audit trails.

Production Example: Loan Decisioning

A financial services company uses Agentfield for loan approvals:

from agentfield import Agent
from pydantic import BaseModel

app = Agent("loan-decisioning")

class LoanDecision(BaseModel):
    approved: bool
    amount: float
    reasoning: str
    risk_score: float
    compliance_status: str

@app.reasoner()
async def approve_loan(application: dict) -> LoanDecision:
    """
    Multi-agent loan approval workflow.
    Every step is cryptographically signed.
    """

    # Step 1: Credit check (calls external agent)
    credit = await app.call(
        "credit-bureau.check_score",
        ssn=application["ssn"]
    )

    app.note(f"📊 Credit score: {credit['score']}", tags=["credit-check"])

    # Step 2: Risk assessment (AI-powered)
    risk = await app.ai(
        system="You are a loan risk assessor.",
        user=f"Application: {application}\nCredit: {credit}",
        schema=RiskAssessment
    )

    app.note(f"⚠️ Risk score: {risk.score}/10", tags=["risk-assessment"])

    # Step 3: Compliance check (deterministic rules)
    compliance = await app.call(
        "compliance-agent.verify_eligibility",
        application=application,
        risk_score=risk.score
    )

    app.note(f"✓ Compliance: {compliance['status']}", tags=["compliance"])

    # Step 4: Final decision (guided autonomy)
    decision = await app.ai(
        system="""Make final loan decision. Must follow:
        - Minimum credit score: 650
        - Maximum risk score: 7.5
        - Compliance must pass
        """,
        user=f"Risk: {risk}\nCompliance: {compliance}\nCredit: {credit}",
        schema=LoanDecision
    )

    app.note(f"""
    ## Loan Decision

    **Application ID:** {application['id']}
    **Decision:** {'APPROVED' if decision.approved else 'DENIED'}
    **Amount:** ${decision.amount:,.2f}
    **Risk Score:** {decision.risk_score}/10

    **Reasoning:** {decision.reasoning}
    """, tags=["decision", "final"])

    return decision

What the regulator gets:

# Export workflow credentials
curl http://af-server/api/v1/workflows/wf-loan-12345/credentials > loan-audit.json

# Regulator verifies offline
af vc verify loan-audit.json

The VC chain proves:

1. Who: Every agent/reasoner that participated (DIDs)

   • loan-decisioning.approve_loan (DID: did:key:z6Mk...)
   • credit-bureau.check_score (DID: did:key:z6Mk...)
   • compliance-agent.verify_eligibility (DID: did:key:z6Mk...)

2. What: All inputs and outputs (cryptographic hashes)

   • Application data (hash: sha256:a3f2...)
   • Credit score (hash: sha256:b4e1...)
   • Risk assessment (hash: sha256:c5d3...)
   • Final decision (hash: sha256:d6f4...)

3. When: Timestamps for each step

   • Credit check: 2024-03-15T14:30:22Z
   • Risk assessment: 2024-03-15T14:30:45Z
   • Compliance check: 2024-03-15T14:31:02Z
   • Final decision: 2024-03-15T14:31:18Z

4. Why: AI reasoning captured in notes

   • "Credit score: 720"
   • "Risk score: 4.2/10"
   • "Compliance: PASSED"
   • "Decision: APPROVED for $250,000"

5. Proof: Digital signatures proving authenticity

   • All signatures verified ✓
   • No tampering detected ✓
   • Chain is complete ✓

The regulator verifies this offline without accessing your systems. The signatures prove nothing was tampered with.

Comparison: Traditional vs Agentfield

What This Enables

For Compliance:

• Pass regulatory audits with cryptographic proof
• Provide tamper-proof records for legal discovery
• Prove decision chains across multiple agents
• Verify authenticity without trusting infrastructure

For Operations:

• Debug production incidents with complete context
• Trace multi-agent workflows with cryptographic certainty
• Investigate security incidents with non-repudiable evidence
• Monitor agent behavior with verifiable logs

For Trust:

• Partners can verify your agents' actions independently
• Customers can audit decisions that affect them
• Regulators can verify compliance offline
• Courts can trust execution records

For Development:

• Zero crypto code in your agents
• Automatic identity generation
• Built-in audit trails
• Production-ready from day one

The Philosophy: Trust by Default

Agentfield's identity system reflects the core philosophy: autonomous software needs the same trust guarantees as financial systems.

When you build with Agentfield:

This is what separates production autonomous software from AI demos. When agents make decisions that affect business outcomes, you need proof. Agentfield provides it by default.

Next Steps

You now understand how Agentfield provides cryptographic trust:

• Cross-Agent Communication - See how DIDs enable multi-agent workflows
• Shared Memory - Understand state coordination with identity
• Production Features - Complete infrastructure overview

Or start building with the Quick Start Guide.