Specification | Getting Started | Examples | Changelog
Developer Preview — launching at Confidential Computing Summit, June 23 2026.
A signed JWT proves who called an API. It proves nothing about the agent that made the call.
Agent Manifest binds the ten artifacts that define an agent — system prompt, policy bundle, tool schemas, model identity, RAG corpus, memory state, decision trace, A2A delegation chain, supply chain provenance, and human-in-the-loop approvals — into one hardware-attestable, tamper-evident record. A signed manifest makes agent identity provable to any third party who has no reason to trust the operator.
pip install agent-manifest# Generate a signing key pair
manifest keygen -d ./keys/
# Sign a manifest
manifest sign draft.json --key keys/private.hex -o signed.json
# Verify
manifest verify signed.json --public-key keys/public.hex # VALID--public-key accepts the raw Ed25519 public key generated by manifest keygen.
Python SDK:
from agent_manifest import AgentManifest, sign_manifest
manifest = AgentManifest(
name="payments-processor",
system_prompt_hash="sha256:a1b2c3...",
model_id="claude-sonnet-4-6",
policy_bundle_hash="sha256:d4e5f6...",
)
signed = sign_manifest(manifest, key=signing_key)| 📖 Full documentation | manifest.agentrust-io.com |
| 📄 Specification | spec/agent-manifest-spec-v0.1.md |
| 📦 PyPI | agent-manifest |
| 🔗 TRACE integration | trace-spec |
| 💬 Discussions | GitHub Discussions |
| 📋 Changelog | CHANGELOG.md |
Targeting the Agentic AI Foundation (AAIF) at the Linux Foundation. 197 conformance tests against the formal specification. Integrates with TRACE for hardware-rooted attestation.
See CONTRIBUTING.md and GOVERNANCE.md.