CIRISVerify issues the driver's license (identity), performs the vehicle inspection (integrity), and tracks insurance (accountability). Without it, any agent could claim to be anything.
Just like every car on the road.
CIRISVerify is the trust anchor for the CIRIS ecosystem. Post-quantum ready with hybrid Ed25519 + ML-DSA-65 cryptography as a day-1 standard.
Identity & Signing Key
A hardware-bound Ed25519 signing key that is the agent's identity. Stored in secure hardware (TPM, Secure Enclave, Android Keystore). Cannot be forged or transferred.
The key doesn't represent the identity — it is the identity.
Software & Hardware Integrity
Every file in the agent distribution is SHA-256 hashed at build time and stored in a signed manifest. At runtime, CIRISVerify validates files against this manifest. Any modification — even one byte — triggers forced shutdown.
Software-only environments are capped at community tier.
Accountability & Licensing
Tracks the human-in-the-loop accountability chain: which organization deployed this agent, which licensed human is responsible, what capabilities they're authorized to use, and mandatory disclosure shown to every user.
Unlicensed agents can operate — but cannot perform professional services.
CIRISVerify doesn't trust a single source. HTTPS endpoints at independent domains are authoritative; DNS provides advisory cross-checks. If sources disagree, the agent is restricted. Anti-rollback protection tracks the highest-seen revocation revision and rejects any decrease.
Is this license real? The agent's signing key is verified: portal-issued or ephemeral, hardware-bound or software-only. A random challenge proves possession.
Has this car been modified? CIRISVerify fetches the build manifest from CIRISRegistry and SHA-256 verifies every file. Full checks at startup, random spot checks at runtime.
Let me run your plates. Multiple independent sources (HTTPS US, HTTPS EU, DNS US, DNS EU) are queried. If they disagree, that's suspicious — the agent is restricted.
The unified attestation produces a trust level based on how many checks pass.
| Level | Meaning | Description |
|---|---|---|
| 5 | Full trust | All checks pass |
| 4 | High trust | Minor issues (DNS advisory disagree) |
| 3 | Medium trust | Some checks failed |
| 2 | Low trust | Multiple failures |
| 1 | Minimal trust | Most checks failed |
| 0 | No trust | Critical failures (tampered binary, broken audit) |
CIRISPortal is the web interface where administrators issue driver's licenses, register vehicles, and manage insurance records for AI agents. Register agents, generate Ed25519 keypairs, issue licenses with capability grants, and respond to incidents — all with complete audit trails.
Open PortalRegister and track AI agents by SHA-256 hash. Issue identities backed by hardware-bound keys. Every registration is cryptographically logged.
Register builds with Tripwire file integrity manifests — 907+ file SHA-256 hashes per build. CIRISVerify validates agents against these manifests at runtime.
Issue and manage licenses with capability grants (medical, legal, financial). Track the full accountability chain from organization to individual human.
Generate Ed25519 keypairs with AES-256-GCM envelope encryption. Self-custody or portal-custodied — your choice. ML-DSA-65 post-quantum keys coming soon.
Emergency shutdown and mass revocation controls. Suspend licenses, recall registrations. When something goes wrong, the system responds in seconds.
SOC2, HIPAA, and GDPR compliance reporting. Complete audit trail of all administrative operations. Every action is logged and attributable.
$1.50
per agent identity
Up to 5 agents
$15.00
activation + $10/agent/mo
Up to 50 agents
$125.00
activation + $100/agent/mo
Up to 500 agents
$1,250
activation + custom monthly
Unlimited agents
A small, non-refundable fee that covers registry infrastructure and prevents identity churn. Per agent identity, not per organization.
A per-identity stake for Sybil resistance. Forfeited on revocation. Admin can issue manual refund for properly decommissioned identities.
Paid tiers include steward-backed verification, compliance documentation, and enhanced accountability support. You're paying for accountability, not capability.
Every response includes dual signatures: Ed25519 from hardware for classical security and ML-DSA-65 from software for quantum resistance. Both must verify. This is day-1 infrastructure, not a roadmap item.
Ed25519 (hardware-bound)
ML-DSA-65 (FIPS 204)
SHA-256 Merkle tree log
Monotonic revision tracking
Python 3.10–3.13. Platform-specific wheel includes the correct Rust binary automatically.
CIRISVerify is infrastructure for trust, not control. The capability is the same whether licensed or not. The difference is accountability — and with CIRISVerify, that accountability is cryptographically provable.