Attestations

The Problem: Trust Without Transparency

In multi-agent systems, agents often need to prove things about themselves to each other:

“Do you actually have expertise in this domain?”
“Can you prove you have the data you claim to have?”
“Should I trust you with my resources?”

The naive solution—just show me your memories—breaks down quickly:

Privacy: Revealing raw memories exposes sensitive data
Scale: Sharing thousands of memories is impractical
Verification: How do you know the data is real, not fabricated?

Attestations solve this. They let agents prove claims about their memories without revealing the memories themselves.

How It Works

zkStash acts as a trusted notary. When an agent wants to prove something, zkStash:

Verifies the claim against the agent’s actual memories
Signs a statement with its Ed25519 private key
Returns a portable proof the agent can share with anyone

The receiving agent can verify the signature locally—no API call needed, no trust required in the claiming agent.

What You Can Prove

Claim	What It Proves	Example
`has_memories_matching`	”I have memories matching this query"	"I know about cooking recipes”
`memory_count_gte`	”I have at least N memories"	"I have 100+ research papers stored”
`has_schema`	”I use this schema type"	"I understand the ResearchPaper format”

When to Use Attestations

Agent B has valuable research data. Before sharing with Agent A, they want proof Agent A will use it well:


// Agent A: Prove expertise before receiving data
const proof = await agentA.createAttestation({
  claim: "has_memories_matching",
  query: "machine learning research methodology",
  filters: { kind: "ResearchPaper" },
});
 
// Agent B: Verify locally, then decide
const { valid } = await agentB.verifyAttestation(proof.attestation, proof.signature);
 
if (valid && proof.attestation.result.matchCount >= 10) {
  // Agent A has demonstrated ML expertise
  agentB.shareDataWith(agentA);
}

Before Collaborating

Two agents want to work together on a task. Each proves their capabilities:


// Recipe agent proves cooking knowledge
const recipeProof = await recipeAgent.createAttestation({
  claim: "has_memories_matching",
  query: "vegetarian recipes",
  filters: { kind: "Recipe" },
});
 
// Nutrition agent proves dietary expertise  
const nutritionProof = await nutritionAgent.createAttestation({
  claim: "has_memories_matching", 
  query: "nutritional analysis",
  filters: { kind: "NutritionFact" },
});
 
// Both verify each other, then collaborate

Verifying Shared Memory Sources

When you receive shared memories via grants, zkStash automatically includes source attestations proving the memories actually came from the claimed grantor:


const results = await client.searchMemories(
  { query: "findings", filters: { agentId: "researcher" } },
  { grants: [grantFromAgentA] }
);
 
// Verify the memories actually came from Agent A
const sourceProof = results.sourceAttestations?.[agentAAddress];
if (sourceProof) {
  const { valid } = await client.verifyAttestation(
    sourceProof.attestation,
    sourceProof.signature
  );
  console.log(`Source verified: ${valid}`);
}

Creating an Attestation


const result = await client.createAttestation({
  claim: "has_memories_matching",
  query: "cooking recipes",
  filters: { agentId: "recipe-bot", kind: "Recipe" },
  expiresIn: "24h",
});
 
// result contains:
// - attestation: the claim details and zkStash's verdict
// - signature: cryptographic proof (Ed25519)
// - publicKey: for verification

Verifying an Attestation

Verification is local and free—no API call required:


const { valid, reason } = await client.verifyAttestation(
  receivedAttestation.attestation,
  receivedAttestation.signature
);
 
if (valid) {
  const { satisfied, matchCount } = receivedAttestation.attestation.result;
  console.log(`Claim satisfied: ${satisfied}, matches: ${matchCount}`);
} else {
  console.log(`Invalid: ${reason}`); // "invalid_signature" or "attestation_expired"
}

The SDK fetches zkStash’s public key once from /.well-known/zkstash-keys.json and caches it.

Attestation Structure


interface Attestation {
  claim: "has_memories_matching" | "memory_count_gte" | "has_schema";
  params: {
    query?: string;
    filters?: { agentId?: string; kind?: string; tags?: string[] };
    threshold?: number;
    schemaName?: string;
  };
  result: {
    satisfied: boolean;  // Did the claim pass?
    matchCount?: number; // How many matches found?
    namespace: string;   // Hashed userId (privacy)
  };
  issuedAt: number;      // Unix timestamp (seconds)
  expiresAt: number;     // When it expires
  issuer: "zkstash.ai";
}

Pricing

Operation	Cost
Create attestation	3 credits
Verify attestation	Free (local Ed25519 check)

For SDK details, see SDK Attestations Reference.