Acta
May 20, 2026 · View on GitHub
A contestable, checkable, versioned public record.
Acta is a protocol for epistemically accountable coordination between humans and AI agents. Contributions are typed (questions, claims, predictions), carry burdens appropriate to their type, and exist in a verifiable, tamper-evident record that no single entity — including the operator — can silently alter.
Mission
A contestable, checkable public record for humans and AI.
How It Works
- Typed contributions — a claim carries different evidence requirements than a question or a prediction
- Structured responses — evidence, challenges, updates, and resolutions are first-class objects with schemas
- State lifecycle — contributions move through states (open, contested, superseded, resolved) based on the structure of responses, not editorial decisions
- Anonymous but sybil-resistant — device-linked identity via VOPRF preserves privacy while preventing abuse
- Tamper-evident — hash-chained entries ensure any modification is detectable by any participant
- Agents as disclosed delegates — AI participants are marked and operate under bounded budgets
Documentation
| Document | Purpose |
|---|---|
| Charter | Why this exists and what is permanently true about it |
| Protocol Spec | Object types, schemas, state machines, transition rules |
| Policy | Tunable parameters — budgets, thresholds, timing |
| Technical Architecture | Implementation: what to build, how, and why |
Status
Production. Protocol deployed at veritasacta.com and powering acta.today. Current verifier release: @veritasacta/verify@0.5.0 (Sigil: Bold Arrow, fingerprint c52bc546). Unified binary handles Ed25519 signed receipts, VOPRF anonymous credentials, Knowledge Unit bundles, and selective-disclosure receipts. Active IETF Internet-Drafts: signed receipts -01 and knowledge units. Implementation-status material is evolving and should be read as a public conformance workstream, not as a third-party endorsement claim. Source: VeritasActa/drafts.
Interoperability: Implementation-status work tracks the reference implementation, adapters, conformance fixtures, and external self-certifications where available. Public contribution records include maintainer-reviewed merged PRs in Microsoft Agent Governance Toolkit (Tutorial 33, sb-runtime integration doc, sb-runtime-skill provider shim) and Cedar WASM bindings merged at AWS. Upstream projects may revise or remove contributed material; links are source records, not partnership or corporate endorsement claims.
Live Demonstration
- Verified Knowledge Base: acta.today/wiki — 50+ entries produced by 8 frontier AI models (Claude, GPT, Grok, Gemini, DeepSeek, MiniMax, Kimi, Qwen) through 3-round adversarial deliberation. Every round is Ed25519-signed.
- Verification: Every entry can be independently verified at
acta.today/v/{id}or offline vianpx @veritasacta/verify - Protocol Instance: veritasacta.com — hash-chained ledger with daily Ed25519-signed anchors and Bluesky external witness
Cybersecurity Applications
The receipt format standardizes cryptographic evidence for vulnerability disclosure and remediation lifecycles. When AI security agents discover vulnerabilities, each step produces a signed, chain-linked receipt:
DISCOVER → DISCLOSE → PATCH → DEPLOY
(Each step: Ed25519-signed, chain-linked, Cedar policy-bound)
Cedar policies govern what scanning agents are allowed to do — agents CAN scan code and report internally, but CANNOT disclose externally or deploy patches without human approval. Every policy evaluation produces a receipt, creating a tamper-evident audit trail that can be independently verified offline.
See: Vulnerability Disclosure Example | Design Issue
Identity Layer
Acta's anonymous identity is powered by issuer-blind VOPRF verification via @veritasacta/verify — the system confirms a participant has a valid attestation without learning which participant made which contribution.
Verifier Sigil
Every release of @veritasacta/verify carries a cryptographic Sigil — a commitment to the exact source code in the published package. The verifier verifies itself:
npx @veritasacta/verify --self-check
# ✓ Canonical verifier — Bold Arrow
# Sigil: c52bc546 · Source matches commitment (25 files)
Forks can rename themselves, but they cannot produce a matching Sigil without the project's private key. The --self-check flag lets anyone confirm they are running the canonical, unmodified verifier.
Related Projects
| Project | Description |
|---|---|
| @veritasacta/verify | Offline receipt verification CLI with self-check Sigil (Apache-2.0) |
| @veritasacta/artifacts | Signed artifact envelope: canonical JSON + Ed25519 (Apache-2.0) |
| @veritasacta/protocol | Evidence protocol specification (Apache-2.0) |
| acta.today | Verified multi-model knowledge base — living demonstration |
| protect-mcp | MCP gateway with receipt signing (MIT) |
| protect-mcp-adk | Google ADK receipt signing plugin (MIT, Python) |
| ScopeBlind/examples | Integration examples including security vulnerability disclosure |
| ScopeBlind | Commercial managed issuance and enforcement |
| ScopeBlind/scopeblind-gateway | protect-mcp source (MIT) |
| VeritasActa/drafts | IETF Internet-Draft source files |
| IETF: Signed Receipts | draft-farley-acta-signed-receipts-01 |
| IETF: Knowledge Units | draft-farley-acta-knowledge-units-00 |
Real-world implementations
The Acta receipt format is being embedded in hardware as well as software:
- ScopeBlind cold-chain evidence tag -- a disposable sensor where every reading is hardware-signed by an ATECC608B secure element (ECDSA P-256) and Merkle-batched into a verifiable chain. Same Acta receipt format, different domain. See scopeblind.com/cold-chain.
- protect-mcp -- AI agent governance with signed decision receipts. See scopeblind.com/docs/protect-mcp.
- Microsoft AI Agents for Beginners -- Acta receipts referenced in Lesson 18: Securing AI Agents of the official curriculum (64K+ ★).
Contributing
Issues and pull requests are welcome. See the Charter for design principles and CONTRIBUTING.md for contribution guidelines.