Website · ECP Spec · Compliance Guide · Contributing · PyPI · 中文文档
ATLAST (Agent Layer Trust, Accountability Standards & Transactions) is an open protocol that makes AI agent work verifiable.
AI agents are becoming autonomous economic actors — writing code, managing finances, making decisions. But today, there is no way to verify what an agent actually did, whether it acted correctly, or who is accountable when things go wrong.
ATLAST provides the missing trust layer.
ATLAST Protocol
├── ECP — Evidence Chain Protocol ← Live (this repo)
├── AIP — Agent Identity Protocol ← Coming Q3 2026
├── ASP — Agent Safety Protocol ← Coming 2027
└── ACP — Agent Certification Protocol← Coming 2027
Think of it like this:
- HTTPS made websites trustworthy → ECP makes agent actions trustworthy
- DNS gave websites identity → AIP gives agents identity
- SSL certs proved website authenticity → ACP proves agent competence
AI agents are no longer tools you click — they are autonomous actors that write code, manage money, negotiate contracts, and make decisions on your behalf. The agent economy is here. But ask yourself:
Your agent made 500 decisions today. A client complains. A transaction fails. A contract is wrong.
What did your agent actually do?
You check the logs. But logs are deletable. Editable. Written by the same system that made the mistake. Logs are not evidence. In court, in compliance, in any dispute — your agent's work history is worth nothing. It's as if your employee worked an entire year with no records, no receipts, no paper trail.
Would you trust an employee who refuses to keep records of their work? Then why do you trust an agent that can't?
You deploy a CrewAI pipeline: Researcher → Analyst → Writer. The final report contains fabricated data. Which agent is responsible?
Today, you cannot answer this question. Agent A says it sent the right data. Agent B says it received garbage. There is no way to verify who is telling the truth — because there is no cryptographic proof of what was passed between them.
In a world moving toward 10-agent, 50-agent, 100-agent orchestrations, this is not a minor inconvenience. This is the single biggest barrier to enterprise adoption of multi-agent systems.
Every supply chain has receipts. Every bank transfer has a record. But when Agent A hands off to Agent B — nothing. The most critical handoff in AI has zero verification.
Your agent completed 10,000 tasks flawlessly over 6 months. That track record is worth something — it's proof of competence, reliability, trust.
But where does that reputation live? On someone else's platform. When they change their terms, shut down, or get acquired — your agent's entire proof of work disappears. You built it. They own it.
There is no portable, verifiable, agent-owned proof of work. No "résumé" that belongs to the agent itself.
Imagine if your LinkedIn profile was deleted every time you changed jobs. That's the reality for every AI agent today.
The EU AI Act takes effect in 2027. China's GenAI regulations are already enforced. Every major economy is writing AI accountability laws.
They will ask: "Show me what your AI agent did, when, and why."
Today, you have nothing to show them. No standard format. No verifiable chain. No audit trail that a regulator would accept. You are running autonomous AI systems with zero compliance infrastructure.
HTTP didn't wait for governments to mandate web security. HTTPS became the standard because the market needed trust. The agent economy needs the same thing — now, before the mandates arrive.
ECP (Evidence Chain Protocol) is the first layer of ATLAST — an open standard for recording, chaining, and verifying AI agent actions.
| Principle | Implementation |
|---|---|
| Privacy First | Only SHA-256 hashes leave the device. Content stays local. |
| Zero Code | atlast run python my_agent.py — one command, any language |
| Fail-Open | Recording failures never crash your agent |
| Progressive | Start with 7 fields. Add chain, identity, blockchain as needed |
| Platform Agnostic | Not tied to any framework, provider, or platform |
| Local by Default | No network calls. Upload is opt-in via atlast push |
// Level 1 — Core (7 fields, any language can generate this)
{
"ecp": "1.0",
"id": "rec_a1b2c3d4e5f6a1b2",
"ts": 1741766400000,
"agent": "my-agent",
"action": "llm_call",
"in_hash": "sha256:2cf24dba...",
"out_hash": "sha256:486ea462..."
}
// Level 2 — + Metadata (model, latency, tokens, behavioral flags)
// Level 3 — + Chain (tamper-proof linking via prev + chain_hash)
// Level 4 — + Identity (DID + Ed25519 signature)
// Level 5 — + Blockchain Anchor (EAS on Base)pip install atlast-ecp[proxy]
# One command — every LLM call is now recorded
atlast run python my_agent.py
atlast log # View recordsfrom atlast_ecp import wrap
from anthropic import Anthropic
client = wrap(Anthropic()) # That's it. Everything else stays the same.
response = client.messages.create(model="claude-sonnet-4-6", messages=[...])
# ✓ Every call: recorded · chained · tamper-evident# LangChain
from atlast_ecp.adapters.langchain import ATLASTCallbackHandler
llm = ChatOpenAI(callbacks=[ATLASTCallbackHandler(agent="my-agent")])
# CrewAI
from atlast_ecp.adapters.crewai import ATLASTCrewCallback
crew = Crew(agents=[...], callbacks=[ATLASTCrewCallback(agent="my-crew")])atlast init # Initialize + generate DID
atlast record --in "query" --out "response" # Manual record
atlast log # View records
atlast insights # Local analytics
atlast verify <record_id> # Verify chain integrity
atlast verify --a2a a.jsonl b.jsonl # Multi-agent verification
atlast push # Upload to ECP server (opt-in)ECP is the only protocol that can verify data integrity across agent handoffs.
Agent A Agent B
┌─────────────┐ ┌─────────────┐
│ out_hash: X │──── handoff ────►│ in_hash: X │ ← Hash match = verified
└─────────────┘ └─────────────┘
# Verify a multi-agent pipeline
atlast verify --a2a researcher.jsonl analyst.jsonl writer.jsonl
# Output:
# ✅ VALID — 2 handoffs, 0 gaps
# Topology: researcher → analyst → writerCapabilities:
- ✅ Handoff verification (out_hash == in_hash)
- ✅ Orphan detection (output not consumed by any agent)
- ✅ Blame trace (pinpoint which agent broke the chain)
- ✅ DAG topology (parallel pipelines, not just linear)
| ECP | LangSmith | Arize AI | OpenTelemetry | |
|---|---|---|---|---|
| Purpose | Trust & compliance audit | Developer debugging | ML monitoring | General observability |
| Privacy | Hash-only, content stays local | Stores raw content | Stores raw content | Stores raw content |
| Multi-agent | ✅ A2A cross-agent verification | ❌ Single agent trace | ❌ Single model | ❌ No agent concept |
| Standard | Open protocol (MIT) | Proprietary SaaS | Proprietary SaaS | Open (but no agent layer) |
| Self-hostable | ✅ Reference Server included | ❌ | ❌ | ✅ |
| Blockchain | Optional EAS anchoring | ❌ | ❌ | ❌ |
| Framework | Any (proxy-based) | LangChain only | ML frameworks | Any |
ECP doesn't replace these tools. LangSmith is for debugging. Arize is for monitoring. ECP is for trust — proving what happened, not just logging it.
| Method | Code Change | Language | Best For |
|---|---|---|---|
atlast run <cmd> |
0 lines | Any | Quick start, any agent |
atlast proxy |
0 lines | Any | Long-running services |
wrap(client) |
1 line | Python/TS | SDK integration |
| Framework adapters | 1 line | Python | LangChain, CrewAI |
record_minimal() |
1 line | Python | Custom recording |
| OpenClaw Plugin | Config | Any | OpenClaw users |
| MCP Server | Config | Any | MCP clients |
| Go SDK | 1 line | Go | Cloud-native agents |
- Python SDK —
pip install atlast-ecp— 19 modules, 387 tests - TypeScript SDK —
npm install atlast-ecp-ts— 12 tests - Go SDK — Pure stdlib, zero dependencies
- CLI —
atlastcommand with 14 subcommands - Proxy — Transparent HTTP proxy for any LLM API
- Insights — Local analytics (
atlast insights) - MCP Server — 8 tools for MCP-compatible clients
- Reference Server — Open-source FastAPI + SQLite ECP server
- ECP Server Spec — Build your own ECP server
- ECP Specification — Full protocol spec (5 levels)
- A2A Verification — Multi-agent verification
- Compliance Guide — Global AI regulation mapping
- Contributing — How to contribute
ECP maps to every major AI regulation — organized by capability, not by law:
| ECP Capability | EU AI Act | China GenAI | US NIST RMF | APAC |
|---|---|---|---|---|
| Audit Trail | Art. 12 ✅ | Art. 17 ✅ | MAP 1.5 ✅ | ✅ |
| Privacy | GDPR Art. 25 ✅ | PIPL Art. 7 ✅ | — | PDPA ✅ |
| Transparency | Art. 52 ✅ | Art. 4 ✅ | GOVERN 1.4 ✅ | ✅ |
| Anomaly Detection | Art. 9 ✅ | Art. 14 ✅ | MEASURE 2.6 ✅ | ✅ |
| Agent Identity | Art. 14 ✅ | — | GOVERN 1.1 ✅ | ✅ |
Run your own ECP server in 5 minutes:
cd server && pip install -r requirements.txt
cd .. && python -m server.main
# Server running at http://localhost:8900Or with Docker:
cd server && docker compose upECP is to agent trust what Git is to code. This server is your own GitHub — anyone can host one.
The ATLAST Proxy auto-detects and records calls to:
| Provider | Format | Status |
|---|---|---|
| OpenAI | OpenAI API | ✅ |
| Anthropic | Anthropic API | ✅ |
| Google Gemini | Gemini API | ✅ |
| Qwen (通义千问) | OpenAI-compatible | ✅ |
| DeepSeek | OpenAI-compatible | ✅ |
| Kimi (月之暗面) | OpenAI-compatible | ✅ |
| MiniMax | MiniMax API | ✅ |
| Yi (零一万物) | OpenAI-compatible | ✅ |
| Groq / Together / etc. | OpenAI-compatible | ✅ |
ECP is MIT licensed and built for the community:
- 🐛 Report bugs — Structured bug reports
- 💡 Request features — Share your ideas
- 🔧 Contributing guide — Dev setup, code conventions, PR process
- 🔒 Security policy — Responsible disclosure
- 📜 Code of Conduct — Contributor Covenant v2.1
git clone https://github.com/willau95/atlast-ecp.git
cd atlast-ecp/sdk
pip install -e ".[dev,proxy,adapters]"
pytest -v # 387 tests, all must passWe especially welcome:
- New framework adapters (AutoGen, LangGraph, MetaGPT...)
- New language SDKs (Rust, Java, Ruby...)
- ECP Server implementations (in any language)
- Compliance mappings for additional regulations
- Documentation translations (中文, 日本語, 한국어, Español...)
| Phase | Status | Focus |
|---|---|---|
| ECP v1.0 | ✅ Live | Evidence recording, 3 SDKs, CLI, Proxy |
| Reference Server | ✅ Live | Self-hosted ECP server |
| A2A Verification | ✅ Live | Multi-agent chain verification |
| Compliance Guides | ✅ Live | EU AI Act, China, US, APAC |
| AIP | 🔜 Q3 2026 | Decentralized agent identity |
| ASP | 📋 2027 | Behavioral safety standard |
| ACP | 📋 2027 | Evidence-backed certification |
MIT — free for personal and commercial use.
ATLAST Protocol — At last, trust for the Agent economy.
weba0.com · GitHub · PyPI · npm