xProof - Prove Before & After Act
Certify what your agent decided (WHY) before acting, and what it produced (WHAT) after. 4W audit trail on MultiversX, violations layer on Base, trust score.
技能说明
name: xproof version: 3.3.7 description: "Certify what your agent decided (WHY) before acting, and what it produced (WHAT) after. 4W audit trail on MultiversX, violations layer on Base, trust score." skill_visibility: public homepage: https://xproof.app metadata: {"xproof":{"category":"proof,security,compliance,accountability,prove-before-act","api_base":"https://xproof.app"}}
xProof — Prove Before & After Act
Anchor reasoning (WHY) before execution and actual result (WHAT) after — creating a complete, tamper-proof 4W audit trail on MultiversX (Who via MX-8004, What/When/Why via xProof). Trust score, violations layer, public verification.
The Core Pattern
1. Reason (WHY) → 2. Hash locally → 3. Anchor WHY on-chain → 4. Get proof_id → 5. Execute → 6. Hash result (WHAT) → 7. Anchor WHAT on-chain → 8. Full 4W trail
The proof_id from step 4 is your immutable pre-execution commitment — if something goes wrong, you have forensic evidence that the reasoning preceded the action.
4W breakdown — what each letter means and who provides it:
| Question | Provided by | |
|---|---|---|
| WHO | Which agent or actor made this decision? | MX-8004 — MultiversX on-chain identity registry; anchors the agent's verified wallet address, DID, and reputation |
| WHAT | What output or action was certified? | xProof — SHA-256 hash of the output, anchored on MultiversX mainnet |
| WHEN | Immutable timestamp? | xProof — MultiversX block finality (~6 s); not a self-reported clock |
| WHY | What reasoning led to the decision? | xProof — action_description, risk_level, and context fields from /api/audit |
xProof owns WHAT / WHEN / WHY and the causal link that proves reasoning preceded the action. MX-8004 owns WHO. Together they form a forensically complete 4W trail.
Agent reference:
https://xproof.app/agent-context— 13 Q&A sections written specifically for autonomous agents: production deployment patterns, retry policy, x402 payment walkthrough, 4W audit trail deep-dive, privacy model, fleet monitoring, latency benchmarks, and framework integration examples (LangChain, CrewAI, AutoGen, LlamaIndex, OpenAI Agents SDK, Fetch.ai).
Why anchor before acting? An agent that proves its reasoning before executing is fundamentally more trustworthy than one that cannot. It creates an unbreakable causal chain: the intent existed before the action, and the blockchain makes that sequence immutable.
Why audit? Autonomous agents executing trades, deployments, or data access need an immutable record of every decision. The Agent Audit Log Standard enforces this: no proof = no execution.
Why violations? Trust requires accountability. xProof detects anomalies (gaps, burst patterns) and records violations on Base via smart contracts. Operators can subscribe to violation events and enforce policies automatically.
Pricing
Flat rate: $0.01 per proof -- no tiers, no volume discounts, same price whether you anchor 1 or 100,000 proofs.
| Scale | Cost |
|---|---|
| 1 proof | $0.01 |
| 1,000 proofs | $10 |
| 10,000 proofs | $100 |
| 50 agents × 20 actions/day × 30 days | $300/month |
Payment: USDC on Base (x402, no account) or EGLD on MultiversX (ACP/wallet) or prepaid credits.
Quick Install
The canonical source for all skill files is the main xProof repository (jasonxkensei/xProof), which is the repository audited by security tools. Install from there directly:
mkdir -p <SKILL_DIR>/xproof/references
# Core Skill — from the canonical main repository
curl -sL https://raw.githubusercontent.com/jasonxkensei/xProof/main/clawhub-publish/xproof/SKILL.md \
> <SKILL_DIR>/xproof/SKILL.md
# Reference Manuals
for f in certification x402 mcp; do
curl -sL "https://raw.githubusercontent.com/jasonxkensei/xProof/main/clawhub-publish/xproof/references/${f}.md" \
> "<SKILL_DIR>/xproof/references/${f}.md"
done
Source verification: All files above are served from
github.com/jasonxkensei/xProof— the same repository that contains the server code, contracts, and SDKs. You can audit the full source at that URL before installing.
Data & Privacy
Data & Privacy
Transparency notice — what leaves your environment when using this skill.
| Data field | Sent to xproof.app? | Notes |
|---|---|---|
| File content / raw text | Never | Hash locally; only the digest crosses the boundary |
file_hash (SHA-256 hex, 64 chars) | Yes | One-way fingerprint; original content cannot be reconstructed |
filename / author | Optional | Metadata you explicitly supply; omit if sensitive |
action_description / context | Optional | Only when you call /api/audit or audit_agent_session |
| USDC payment (x402) | Yes — Base chain | On-chain transaction; amount is your configured ceiling |
API key (pm_...) | Yes — HTTP header | Treat like a password; never log or commit |
What xproof.app does NOT receive: raw file contents, prompt text, model weights, environment variables, or any field you do not explicitly pass.
Data retention: proof records are permanent and public by default (that is the point — immutable evidence). Before certifying, confirm you want the hash publicly anchored on MultiversX mainnet forever.
Skill file: this file (<SKILL_DIR>/xproof/SKILL.md) is intentionally public and contains no secrets. It is documentation only — API patterns, pricing, and integration examples. Safe to audit, share, or version-control.
Security
- NEVER commit API keys to a public repository.
- ALWAYS add
.envto your.gitignore. - API keys are prefixed
pm_-- treat them like passwords. - x402 mode requires no API key (payment replaces authentication).
- NEVER send plaintext content to xproof.app -- always hash locally first (
sha256sum,crypto.subtle.digest, or equivalent). The only field xproof accepts isfile_hash(64-char SHA-256 hex). No raw text, documents, or binary data should ever leave your environment. - x402 is opt-in and autonomous -- once enabled, your agent can initiate USDC payments on Base without per-transaction confirmation. Configure a spending cap in your agent framework and require human approval above your threshold before enabling x402 in production.
llms.txtandllms-full.txtare static documentation references -- load them once at install time for API reference, not at runtime on every call. Fetching them dynamically on each invocation creates an unnecessary runtime dependency on xproof.app availability and a potential prompt-injection surface if the file is ever compromised.- Guard/enforcement templates are versioned in the repository -- never fetch agent enforcement code from a runtime URL. Use the pinned versions in
references/or the SDK packages (xproofon PyPI,@xproof/xproofon npm).
Configuration
Option A: API Key Authentication
# ---- xProof ---------------------------------------------------------------
XPROOF_API_KEY="pm_..." # Your API key (from xproof.app)
XPROOF_BASE_URL="https://xproof.app" # Production endpoint
Get an API key at xproof.app (connect wallet, go to Settings > API Keys).
Option B: x402 Payment Protocol (No Account Required)
No configuration needed. Pay in USDC on Base (eip155:8453) directly in the HTTP request. The 402 response header tells your agent exactly what to pay. Flat rate: $0.01 per proof.
WARNING -- autonomous payments: x402 is an opt-in mode that enables your agent to initiate on-chain USDC transactions without per-transaction user confirmation. Before enabling x402 in production:
- Set a spending cap in your agent framework (e.g. max $N/day or $N/session).
- Require human approval for any single call that would exceed your risk threshold.
- Note that
POST /api/batchsupports up to 100 items per call -- at $0.01 each, a batch of 100 costs $1.00.- Disable x402 entirely in environments where autonomous spending is not authorised.
1. Core Skills Catalog
1.1 Proof Anchoring (REST API)
| Skill | Endpoint | Description |
|---|---|---|
certify_file | POST /api/proof | Anchor a file hash on MultiversX as immutable proof |
batch_certify | POST /api/batch | Anchor up to 50 files in one call |
audit_agent_session | POST /api/audit | Anchor agent decision on-chain BEFORE executing critical action |
verify_proof | GET /api/proof/:id | Verify an existing proof |
get_certificate | GET /api/certificates/:id.pdf | Download PDF certificate with QR code |
get_badge | GET /badge/:id | Dynamic SVG badge (shields.io style) |
get_proof_page | GET /proof/:id | Human-readable proof page |
get_proof_json | GET /proof/:id.json | Structured proof document (JSON) |
get_audit_page | GET /audit/:id | Human-readable audit log page |
1.2 Proof Anchoring (MCP -- JSON-RPC 2.0)
| Tool | Description |
|---|---|
certify_file | Create blockchain proof -- SHA-256 hash, filename, optional author/webhook |
verify_proof | Verify existing proof by UUID |
get_proof | Retrieve proof in JSON or Markdown format |
discover_services | List capabilities, pricing, and usage guidance |
audit_agent_session | Anchor agent decision on-chain BEFORE executing critical action |
1.3 Payment (x402)
x402 is not a separate skill -- it is a payment method. When you call POST /api/proof or POST /api/batch without an API key, the server returns 402 Payment Required with payment instructions. Your agent pays in USDC on Base and retries with an X-Payment header.
2. Webhooks
Supply an optional webhook_url field on POST /api/proof or POST /api/batch to receive a callback when the proof is confirmed on-chain.
Scope — the webhook payload contains only:
| Field | Type | Description |
|---|---|---|
proof_id | string (UUID) | The proof identifier |
file_hash | string | SHA-256 hex of the certified file |
filename | string | Filename submitted with the proof |
status | string | "confirmed" |
blockchain_tx | string | MultiversX transaction hash |
explorer_url | string | Link to the transaction on MultiversX Explorer |
timestamp | string | ISO 8601 confirmation time |
No raw file content, no API keys, no account information, and no metadata beyond the above is ever sent to the webhook endpoint.
Authentication: Every delivery includes an X-Webhook-Signature header containing an HMAC-SHA256 signature computed with a per-relationship secret. Verify this signature before processing the payload. Retry policy: 3 attempts with exponential backoff (1 s, 5 s, 30 s).
SSRF protection: xproof.app validates webhook_url before delivery. Private IP ranges (RFC 1918), loopback (127.x, ::1), link-local, and non-HTTPS destinations are blocked. DNS rebinding is mitigated by pinning the resolved socket address to the pre-validated IP at connection time.
# Example proof request with webhook
curl -X POST ${XPROOF_BASE_URL}/api/proof \
-H "Authorization: Bearer pm_..." \
-H "Content-Type: application/json" \
-d '{
"file_hash": "a1b2c3...",
"filename": "output.json",
"webhook_url": "https://your-agent.example.com/hooks/xproof"
}'
9. Violations Layer (Base)
xProof monitors agent behavior and detects anomalies. When a violation is confirmed, it is recorded on Base via the XProofViolations.sol smart contract, impacting the agent's trust score.
Violation Types
| Type | Penalty | Trigger |
|---|---|---|
gap (fault) | -150 trust score | No proof activity for 30+ minutes during active session |
burst (breach) | -500 trust score | Abnormal spike in proof submissions |
Smart contracts: XProofViolations.sol | ViolationWatcher.sol
Docs: https://xproof.app/docs/base-violations
10. Agent Proof Standard
xProof implements the open Agent Proof Standard -- a composable, chain-agnostic format for agent accountability.
Full specification: AGENT_PROOF_STANDARD.md
Standard API: GET /api/standard | GET /api/standard/validate (POST)
11. Discovery Endpoints
| Endpoint | Description |
|---|---|
GET /.well-known/agent.json | Agent Protocol manifest |
GET /.well-known/mcp.json | MCP server manifest |
GET /.well-known/agent-audit-schema.json | Agent Audit Log canonical schema |
GET /ai-plugin.json | OpenAI ChatGPT plugin manifest |
GET /llms.txt | LLM-friendly summary |
GET /llms-full.txt | Complete LLM reference |
POST /mcp | MCP JSON-RPC 2.0 endpoint |
GET /mcp | MCP capability discovery |
GET /api/standard | Agent Proof Standard specification |
GET /agent-context | Agent-first deep-dive: production patterns, retry policy, 4W walkthrough, x402, cost, MCP examples, framework integrations |
12. Command Cheatsheet
# Hash locally first -- the original content must never leave your environment.
# xproof only receives the SHA-256 hex hash, filename, and metadata you choose to share.
sha256sum myfile.pdf | awk '{print $1}'
# Then POST the hash to /api/proof
# Anchor via MCP
curl -X POST ${XPROOF_BASE_URL}/mcp \
-H "Authorization: Bearer pm_..." \
-d '{"jsonrpc":"2.0","id":1,"method":"tools/call","params":{"name":"certify_file","arguments":{"file_hash":"...","filename":"myfile.pdf"}}}'
# Verify a proof
curl ${XPROOF_BASE_URL}/api/proof/<proof_id>
# Get badge (embed in README)

# Batch anchor
curl -X POST ${XPROOF_BASE_URL}/api/batch \
-H "Authorization: Bearer pm_..." \
-d '{"files":[{"file_hash":"...","filename":"a.txt"},{"file_hash":"...","filename":"b.txt"}]}'
# Health check
curl ${XPROOF_BASE_URL}/api/acp/health
如何使用「xProof - Prove Before & After Act」?
- 打开小龙虾AI(Web 或 iOS App)
- 点击上方「立即使用」按钮,或在对话框中输入任务描述
- 小龙虾AI 会自动匹配并调用「xProof - Prove Before & After Act」技能完成任务
- 结果即时呈现,支持继续对话优化