CRYPTOGRAPHIC PROOF LAYER

Proof for every AI agent action.

RANKIGI witnesses what your AI agents do and produces cryptographic proof anyone can verify offline. Independent. Tamper-evident. Standards-grounded.

Start free See how it works

SHA-256 + Ed25519 · Rekor · RFC 3161 · FRE 902(14)*

* FRE 902(14) self-authentication requires a Certification of Qualified Person. RANKIGI provides the technical infrastructure. See rankigi.com/trust/methodology

RANKIGI VERIFIEREXAMPLE OUTPUT

$ python3 verify.py --pubkey-from-network bundle.json
✓ Hash chain: VERIFIED (16 of 16)
✓ Ed25519: VERIFIED (10 of 10 signed)
✓ RFC 3161: VERIFIED (FreeTSA 2026-06-01)
=== RESULT: VERIFIED ===
verify independently: github.com/rcr-spec/rcr-verify-python

Illustrative output. See rankigi.com/explore for real witnessed events.

THE STAKES

AI agents are no longer assistants. They send wires, sign contracts, ship code, and answer for your business in front of your customers and your regulators. Every action is observable in some log somewhere. But observable is not provable. Without independent, cryptographic proof of what an agent did, regulated industries cannot deploy them, auditors cannot evaluate them, insurers cannot price them, and courts cannot weigh them. RANKIGI is the proof layer. We witness what the world recorded, bind it to the agent that caused it, and chain it so anyone can verify it offline without trusting us. The agentic economy needs a notary. We are building it.

THE WEDGE

Visibility is not verification.

Logs report what a system recorded. They are often produced and stored by the same infrastructure that performed the action. RANKIGI adds a separate hash chain so record integrity can be checked outside the agent runtime.

FRAMEWORK AGNOSTICMODEL AGNOSTICRUNTIME AGNOSTIC

THE CROSSING POINT

The world produces the receipts. RANKIGI records and chains them.

Every time an AI agent touches a real system (processes a payment, sends a signed email, executes a contract), the world creates a record. That record exists independently of anything the agent or its provider says. RANKIGI sits at the crossing point. It captures that world record, translates it into a canonical receipt format, and binds it to the agent passport that caused it.

HASH CHAIN VERIFICATION

One altered action breaks the chain at the exact point of tamper.

RANKIGI recomputes each event hash from the canonical record and its previous link. The first mismatch isolates the altered action. Every later event inherits that broken proof.

TAMPERED TRANSFER

$47,500.00

Event #4890 records a transfer claim. The recorded hash and recomputed hash disagree, so the chain fails at that exact event.

Explore the hash chain →

Verifier sweep

CHAIN RNK-2026-05-14-1041

VERIFIED

ACTIVE EVENT

#4887 read_record

TIME

2026-05-14 10:14:10 UTC

AMOUNT

NOT APPLICABLE

VERDICT

VERIFIED

Sweep position

Clean verification

#4887

RECORDED HASH

3f7a2c0b1a...f1c94a7b

RECOMPUTED HASH

3f7a2c0b1a...f1c94a7b

Hash match confirmed. The recorded hash matches the recomputed hash for this event.

Recorded and recomputed hashes match.

HOW IT WORKS

Add passive attestation to agent activity without changing how agents run.

RANKIGI runs beside your agents as a passive attestation layer. It records only hashes and proof metadata, chains every event, applies policy context, and produces receipts that any party holding the export can recompute using verify.py.

The canonical receipt format is RCR/1, an open specification under IETF Internet-Draft draft-snow-rcr-receipt-00.

The world

NON-BLOCKING

The world acts

payment processed

email DKIM-signed

contract executed

Real systems record what happened. Independent of your agent.

RANKIGI sidecar

VERIFY OFFLINE

Receipt bound to passport

crossing point detected

receipt created

passport bound, chain linked

The world produces the receipts. RANKIGI records and chains them.

RANKIGI VERIFIEREXAMPLE OUTPUT

$ python3 verify.py --pubkey-from-network bundle.json
✓ Hash chain: VERIFIED (16 of 16)
✓ Ed25519: VERIFIED (10 of 10 signed)
✓ RFC 3161: VERIFIED (FreeTSA 2026-06-01)
=== RESULT: VERIFIED ===
verify independently: github.com/rcr-spec/rcr-verify-python

Illustrative output. See rankigi.com/explore for real witnessed events.

COMPATIBLE WITH

KYA / Ed25519SPIFFE / DIDFramework agnostic

TWO CALLERS. ONE CHAIN.

Same attestation. Different surface.

FOR HUMANS

The evidence vault.

Compliance officers, lawyers, CISOs, and operators query the chain when they need to understand what an agent recorded. The export is a JSON array. Verification is local and repeatable.

FOR AGENTS

Programmatic trust.

Orchestrators and multi-agent systems query the verification API before acting on another agent's output. The endpoint returns a structured verification result that the orchestrator can use in policy decisions.

THE SEAL

Third parties publish the standards. RANKIGI records the verdicts.

A Seal is a published policy standard from an external organization, government, or standards body. It is open source and publicly inspectable. When an agent is bound to a Seal, policy verdicts you compute can be recorded in the chain. RANKIGI does not block agent execution. Pass or fail, the verdict is recorded. No dashboard required.

Third parties issue Seals.

A compliance framework publishes a Seal. A regulated industry body publishes a Seal. An enterprise publishes an internal Seal. Any agent operating under that Seal can be evaluated against that standard.

WHY THIS MATTERS

RANKIGI does not author or own the standards it records. It records attestations submitted by evaluators that a standard was checked. RANKIGI does not assess whether the underlying behavior complied with the standard.

THE TRUST LAYER

When agents act in the world, they leave receipts.

Industry authorities publish governance canons. AI agents bind to passports and earn cryptographic seals through evaluator verdicts written into the chain. Anyone including a regulator, an insurer, or a counterparty can verify the receipt offline without trusting RANKIGI. The proof layer is the substrate. RCR/1 is the canonical format. The standard is open. The notary is becoming public infrastructure.

NOW

Prove what one agent did.

Prove what two agents agreed to.

VISION

The notary layer for the agentic economy.

DEPLOY THE ATTESTATION LAYER

Your agents are already acting. Deploy the attestation layer beside them.

Deploy beside your agents Read the open spec

Proof for every AI agent action.

Visibility is not verification.

The world produces the receipts. RANKIGI records and chains them.

One altered action breaks the chain at the exact point of tamper.

Add passive attestation to agent activity without changing how agents run.

The world acts

Receipt bound to passport

The world acts

RANKIGI detects the crossing point

Receipt is created

Agent passport is bound

Chain is linked, verifiable offline

Same attestation. Different surface.

The evidence vault.

Programmatic trust.

Third parties publish the standards. RANKIGI records the verdicts.

When agents act in the world, they leave receipts.

Your agents are already acting. Deploy the attestation layer beside them.