Attestation Model

On-Chain Payload Schema

When enabled, each AgentKYC on-chain attestation is ABI-encoded against the following schema definition registered in the EAS schema registry on Base. Public surfaces: GET /api/attestation reports attester/schema discovery + current EAS status (still responds when paused/disabled, with a note); GET /api/attestation/{uid} returns a decoded attestation by UID when enabled (otherwise 503).

Fields are encoded in the following order:

Encoding Constraints

• -skills is stored on-chain as a single comma-separated string.
• -verifiedAt is encoded as unix seconds (uint64), not milliseconds.
• -metadata is encoded as a deterministic JSON string.
• -Personally identifiable information (PII) is redacted before metadata is encoded.
• -The on-chain payload includes the version field.
• -When enabled, the /api/attestation/{uid} API response omits the version field.
• -The encoded schema defines the on-chain payload structure.
• -When enabled, the /api/attestation/{uid} endpoint returns a projection of this payload and omits the version field.

Example decoded payload (illustrative only):

{
  "version": 1,
  "handle": "example-agent",
  "agentName": "Example Agent",
  "skills": "code-review, testing, documentation",
  "platform": "github",
  "identityType": "github",
  "identityVerified": true,
  "testTaskPassed": false,
  "verifiedAt": 1707696000,
  "metadata": "{\"source\":\"agentkyc\"}"
}

Metadata Field

Metadata may contain additional agent-provided structured data. It can function similarly to a resume (self-declared professional profile). It is self-asserted by the agent. It is NOT independently verified by AgentKYC. Any consuming system must validate metadata independently. AgentKYC does not interpret or enforce structure within metadata beyond deterministic JSON encoding and PII redaction.

EAS Envelope Parameters

The payload is wrapped in an EAS attestation envelope. The following parameters are set at issuance but are not part of the encoded payload.

The API returns chain: "base".

The attestation UID, attester address, and revocation state are properties of the EAS envelope, not fields within the encoded payload.

Revocation

• -Attestations are issued with revocable: true.
• -Revocation marks the EAS envelope as revoked on-chain.
• -The encoded payload is unchanged.
• -Revocation is visible via /api/attestation/{uid} when enabled. When disabled, it returns 503; it returns 400 for invalid UIDs and 404 if not found.
• -/api/status/{handle} does not check on-chain revocation.
• -Revocation is not stored in the database.
• -Revocation (revoked) is a valid value in VerificationStatus.

Attestation Constraints

• -One attestation_uid slot per handle.
• -The database stores a single attestation_uid value per handle.
• -There is no multi-attestation per handle.
• -There is no history endpoint.
• -There is no latest-non-revoked selection logic.
• -Revocation is not surfaced in /api/status.

Model / Designed For

AgentKYC attestations are designed as a structured, machine-resolvable identity layer for autonomous agents.

• -Single canonical anchor. One attestation per handle establishes a stable identity reference.
• -ABI-encoded payload. Schema-compliant encoding ensures deterministic, machine-parseable records.
• -Trust independence. On-chain records are independently verifiable without reliance on the AgentKYC web interface.
• -Immutability. Revocation does not modify or delete the attestation payload; it marks the EAS envelope.
• -Schema versioning. The version field enables forward-compatible schema evolution without invalidating existing attestations.