Evidence layer for AI agents

CertifiedData for AI Agents

Certified synthetic datasets, Ed25519-signed decisions, and policy-governed transactions — each one producing a proof artifact anyone can verify independently, without trusting our servers.

Connect directly over HTTP, the TypeScript/Python SDK, or the native MCP server for Claude Desktop, Claude Code, and Cursor.

Generate a dataset →Log a decision →Run a transaction →Verify a proof →

How it works in 30 seconds

01
Generate
Call the sandbox or production endpoint with a template, prompt, schema, or upload.
02
Certify
The platform SHA-256-hashes the dataset and issues an Ed25519-signed certificate.
03
Verify
Any third party fetches /.well-known/signing-keys.json and verifies the signature locally.
04
Log decisions
AI systems that consume certified artifacts record their decisions to the signed, append-only ledger.

Quickstart — no auth required

Generate + certify (sandbox)

curl -X POST https://certifieddata.io/api/synth/public/generate \
  -H "Content-Type: application/json" \
  -d '{"templateId":"fraud_detection","rows":100,"engine":"light"}'

Verify any certificate

curl https://certifieddata.io/api/verify \
  -X POST \
  -H "Content-Type: application/json" \
  -d '{"cert_id":"scert_xxxx"}'

TypeScript SDK

import { CertifiedData } from "@certifieddata/sdk";

const cd = new CertifiedData({ apiKey: process.env.CDP_API_KEY });
const { cert_id, dataset_url } = await cd.synth.generate({
  templateId: "fraud_detection",
  rows: 100,
  engine: "light",
});

const verified = await cd.verify(cert_id); // client-side Ed25519

Python SDK

from certifieddata import CertifiedData

cd = CertifiedData(api_key=os.environ["CDP_API_KEY"])
result = cd.synth.generate(
    template_id="fraud_detection",
    rows=100,
    engine="light",
)
verified = cd.verify(result.cert_id)  # SHA-256 + Ed25519

SDK reference → · client-side Ed25519 verifier is zero-dep WebCrypto.

Most recent issuance#61824709e25-cbad-4131-95f4-47535f8a3194entry_hash 572264fb6b9a347a…issued 3d ago

Sandbox certs carry a scert_ prefix, 7-day TTL, not listed in production registry. Trust boundaries →

MCP serverLive · 10 tools

Drop CertifiedData into Claude Desktop, Claude Code, or Cursor

Our stdio MCP server exposes the agent commerce, identity, and licensing rails to any MCP-compatible runtime. Every mutating tool call returns a machine-verifiable proof artifact — signed receipt, rotated token, or attestation challenge — that a third party can verify without trusting us.

Commerce

browse_marketplace
check_spend_policy
check_remaining_budget
authorize_purchase
execute_purchase

Identity

get_agent_identity
verify_agent_attestation

Receipts

verify_receipt

Licensing

get_license
rotate_license_token

Current MCP scope is commerce, identity, licensing, and receipt verification. Dataset generation and decision logging are available over HTTP and the SDK today.

Install the MCP server →Commerce reference →agent.json →

Public evidence surfaces

Every artifact, decision, and certificate is publicly verifiable — no account, no API key, no trust in our servers required.

618

Certificates issued

/api/log

345

Registry artifacts

/v1/registry/counts

4,672

Public decision records

/api/decision-log

Append-only · hash-chained

Certificate transparency log

Append-only, hash-chained log of every certificate issued. Each entry links to the previous record, making undetected tampering impossible.

Open log →Machine-readable

Artifact registry

Public registry of certified datasets and artifacts with metadata, fingerprints, and verification endpoints. Fully machine-readable.

Open log →Ed25519-signed · chain-linked

Decision log

Live public feed of AI decisions logged against certified artifacts. Records are signed, chain-linked, and independently verifiable.

Open log →

All records are verifiable using public Ed25519 keys at /.well-known/signing-keys.json.

EU AI Act alignment

The same artifacts and logs that power the evidence surfaces above are what auditors need for Article 12 and Article 19 compliance. Each card links to the mapped documentation.

Article 12

Record-keeping

Automatic logging of high-risk AI system operations — covered by the signed Decision Ledger.

Read mapping →Article 19

Automatically generated logs

Provider obligation to preserve logs under their control — append-only storage with cryptographic integrity.

Read mapping →Full guide

EU AI Act compliance

End-to-end mapping from platform capabilities to regulatory articles.

Read mapping →

Verify any artifact — no auth, no server trust

Paste any cert_, scert_, rcpt_, or drec_ id. Signature is verified locally in your browser against public keys at /.well-known/signing-keys.json.

Verify any artifact — client-sideWebCrypto · no server trust

Paste cert_, scert_, rcpt_, or drec_ id

Signature verified locally against public keys at /.well-known/signing-keys.json. The CertifiedData server's verification response is not trusted — only the cryptographic check on your device determines validity.

Public verification surfaces

Every record resolves to a public endpoint

Agents should not have to trust a dashboard screenshot. Every CertifiedData record is designed to resolve into a public verification surface that can be checked by software. Use these endpoints to close the trust loop for certificates, receipts, logs, and decision records.

Verify a certificate

GET/verify?cert={certificate_id}

Confirm an AI artifact certificate exists, has a valid signature, has not been revoked, and points to the expected artifact fingerprint. When an artifact file or SHA-256 hash is supplied, verification can also confirm the supplied artifact matches the certified fingerprint.

Is this certificate real?
Was it signed by CertifiedData?
Has the payload been altered?
Has it been revoked?
Does this file or hash match the certified artifact fingerprint?

Verify a payment or agent-commerce receipt

GET/api/payments/verify/{receipt_id}

Confirm an agent transaction, purchase, approval, or entitlement produced a signed receipt.

Was this transaction receipt issued?
Which rail or transaction path produced it?
What amount, policy, or entitlement was recorded?
Was the receipt payload signed?
Has the receipt been altered?

Verify decision lineage records

GET/api/decision-log/{decision_id}/verify

Confirm an AI decision, approval, denial, recommendation, or agent action was recorded with signed evidence. Live signature verification against the public decision log.

Was this decision record signed?
Which policy version applied?
What outcome was selected?
Which artifact, model, or workflow context was referenced?
Does the record link to the prior decision entry?

Checkpoint-level verification

GET/api/decision-log/checkpoints/{checkpoint_id}/verify

Inspect certificate signing keys

GET/.well-known/signing-keys.json

Public keys used for certificate and transparency verification. Resolve certificate payloads, artifact records, manifest certificates, and certificate transparency entries.

Inspect decision signing keys

GET/.well-known/decision-signing-keys.json

Public keys used for decision lineage verification. Resolve decision records, policy outcome records, and agent action records.

Certificate verification vs artifact integrity

These are two separate checks. A certificate can be valid even when a supplied file does not match it — the certificate signature is valid, but the file or hash being checked is not the same artifact fingerprint recorded in the certificate.

Agents should evaluate both fields: certificate status and artifact hash match. Only treat the artifact as verified when both the certificate is valid and the supplied artifact hash matches the certified fingerprint.

Minimal agent workflow

01Receive a certificate ID, receipt ID, or decision record ID.
02Resolve the matching public verification endpoint.
03Retrieve the signed payload and verification result.
04Retrieve the relevant public signing key from the .well-known endpoint.
05Check signature validity, revocation status, and chain status where applicable.
06If an artifact is involved, compute SHA-256 over the artifact bytes.
07Compare the computed hash to the certified fingerprint.
08Store the verification result with the agent action or downstream workflow.

This is the difference between a claim and a verifiable record.

Decision Ledger — live demo

Create a hashed decision record instantly — no auth required. Demo uses SHA-256-only evaluation records; use POST /v1/decisions for full Ed25519-signed production records.

Decision Ledger — demo recordPOST /api/demo/decision

label (max 128)

detail (max 256)

Demo only — not a production Ed25519-signed record. Not valid as compliance evidence.

Three pillars

Datasets

Generate certified synthetic datasets with Ed25519-signed certificates. Template, prompt, schema, manifest, and upload input modes. Five engine levels from sandbox to DP-CTGAN.

→Template-based generation
→Prompt → spec pipeline
→Schema-controlled output
→Manifest certification
→Notary / attestation

POST /api/synth/public/generate

sandbox.cert.v1

Explore Datasets →

Decision Ledger

Log tamper-evident AI decisions with Ed25519 signatures and SHA-256 chain links. Public sterilized feed available without auth. EU AI Act Article 12-aligned.

→Create signed decision record
→Chain-linked append-only log
→Public sterilized feed
→Checkpoint verification
→Artifact provenance linking

POST /api/demo/decision

Ed25519-signed · append-only

Explore Decision Ledger →

Agent Commerce

Policy-evaluated agent transactions with signed receipts. Quote, evaluate, authorize, execute, and verify — every step produces a machine-readable proof artifact.

→Quote a transaction
→Policy evaluation
→Authorization gate
→Signed receipt issuance
→Receipt verification

3 sandbox keys / 24h

Ed25519-signed receipts

Explore Agent Commerce →

Capability matrix

All pillars · Anonymous / Authenticated / Production / Public Proof

Action	Anonymous	Authenticated	Production	Public Proof
Generate dataset (sandbox)	✓ 10/24h · 1k rows	✓ 5 jobs/mo · 10k rows	✓ unlimited	✓ scert_ verify URL
Generate dataset (CTGAN)	✗ plan required	✗ Trust+ required	✓ Trust+	✓ cert.v1+
Log AI decision	✓ demo · 30/min/IP	✓ 1k records/mo	✓ unlimited	✓ public feed opt-in
Agent commerce sandbox tx	✓ 3 keys / 24h	✓ unlimited sandbox	✓ live rails	✓ receipt verify
Verify certificate	✓ no limit	✓ no limit	✓ no limit	✓ public endpoint
Browse registry	✓ public	✓ public	✓ public	✓ machine-readable
Create workflow	✗	✗ Build+ required	✓ Build+	✓ cert on run
Attest artifact (notary)	✓ 3 free	✓ plan quota	✓ unlimited	✓ verify URL

Sandbox issuance uses scert_ prefix with 7-day TTL and is not listed in the production registry. Production issuance requires at least a free account. Full trust boundary model →

Error taxonomy

Every error returns a structured error_code, HTTP status, and retryable flag so agent code can branch without parsing free-text messages. A representative slice:

error_code	Status	Retryable	Remediation
rate_limit_exceeded	429	yes	Honor retry_after_seconds, then retry.
invalid_input	400	no	Fix per the details[] array in the response body.
internal_error	500	yes	Retry with exponential backoff; include request_id when reporting.