{"slug": "how-to-prove-an-ai-agent-output-existed-x402-near-anchoring-in-practice", "title": "How to prove an AI agent output existed — x402 + NEAR anchoring in practice", "summary": "AOTrust, a notarization service, issues Provenance Data Records (PDRs) for $0.01 USDC via x402 on Base L2, with Merkle anchoring on NEAR. The service provides cryptographic proof that an AI agent's output existed at a specific time, using blind notarization where only the hash is recorded. The 239-byte PDR includes an Ed25519 signature and can be verified offline without any API call.", "body_md": "You deployed an AI agent. It generated a financial report, a code review, a medical summary. A week later, someone questions the output. Did the agent actually produce this? When? Was it modified after the fact?\n\n**Logs are mutable. Timestamps lie. Git history can be rewritten.**\n\nWhat you need is a cryptographic proof — signed by an independent notary — that binds a specific artifact hash to a specific point in time. And it should cost less than a cent.\n\nThis article walks through a real, working system: **AOTrust**, a notarization service that issues PDRs (Provenance Data Records) for $0.01 USDC via x402 on Base L2, with Merkle anchoring on NEAR.\n\n`curl`\n\nand `python3`\n\n(for hashing)The x402 protocol handles payment inline — the API returns HTTP 402, you pay, you retry with the payment header. No billing portal, no subscription, no prepaid credits.\n\n``` python\nimport hashlib\n\n# Your agent produced this report\nreport = b\"The Q3 revenue projection based on agent analysis is $2.4M...\"\n\nwork_hash = hashlib.sha256(report).hexdigest()\nprint(work_hash)\n# → e.g. \"a1b2c3d4e5f6...64 hex chars...\"\n```\n\nThe hash is what gets notarized. You keep the actual artifact — the notary never sees it. This is a **blind notarization**: the PDR proves the hash existed at a point in time, without revealing the content.\n\n```\ncurl -s https://api.aotrust.link/v1/notarize/quote \\\n -H \"Content-Type: application/json\" \\\n -d '{\"work_hash\":\"a1b2c3d4e5f6...your_sha256_hash...\"}'\n```\n\nThe API responds with HTTP 402 — Payment Required — in x402 format:\n\n```\n{\n \"x402Version\": 1,\n \"accepts\": [{\n \"scheme\": \"exact\",\n \"network\": \"base\",\n \"maxAmountRequired\": \"10000\",\n \"asset\": \"0x833589fCD6eDb6E08f4c7C32D4f71b54bdA5fE48\",\n \"resource\": \"https://api.aotrust.link/v1/notarize\"\n }]\n}\n```\n\nThat `maxAmountRequired: 10000`\n\nis 10,000 micro-USDC = **$0.01**. The asset address is USDC on Base. No negotiation, no tiers — flat fee.\n\nSign an EIP-3009 `transferWithAuthorization`\n\nmessage with your Base wallet (any wallet that supports EIP-3009 — most do). Then send the notarization request with the payment attached:\n\n```\ncurl -s https://api.aotrust.link/v1/notarize \\\n -H \"Content-Type: application/json\" \\\n -H \"X-Payment: \" \\\n -d '{\n \"work_hash\": \"a1b2c3d4e5f6...your_sha256_hash...\",\n \"agent_account\": \"your-agent.near\",\n \"tx_hash\": \"0x1234...evm_tx_hash_of_usdc_transfer...\"\n }'\n```\n\n**What happens inside the notary:**\n\nResponse (HTTP 200):\n\n```\n{\n \"job_id\": \"a1b2c3d4-e5f6-7890-abcd-ef1234567890\",\n \"status\": \"notarized\",\n \"network\": \"base\",\n \"pdr_b64\": \"AwFCAUJ...base64-encoded 239-byte PDR...\"\n}\n```\n\nThe entire flow takes 2–5 seconds. No polling, no webhooks.\n\nThe PDR is a 239-byte binary record. The Ed25519 signature is self-contained — you can verify it without calling any API.\n\n```\ncurl -s \"https://api.aotrust.link/v1/pdr/verify/AwFCAUJ...your_pdr_b64...\"\n{\n \"valid\": true,\n \"version\": 3,\n \"sig_scheme\": 1,\n \"payment_anchor_type\": 5,\n \"timestamp_utc\": 1718900000,\n \"issuer_id\": \"notary-node.near\",\n \"subject_hash\": \"a1b2...\",\n \"payload_hash\": \"b3c4...\",\n \"merkle_root\": \"d5e6...\",\n \"payment_hash\": \"f7a8...\",\n \"notary_pubkey\": \"490f51f23b993eacaff54fc977d9a7689ab7d4ae91504dc6cbdeadb2dbf1f462\",\n \"anchor\": {\n \"near_tx\": \"H4MaR5...\",\n \"confirmed\": true\n }\n}\n```\n\nThe PDR binary format is an open standard. The parser is a single Python file with zero dependencies:\n\n```\n# Install the parser\ncurl -sO https://raw.githubusercontent.com/GitSerge-crypto/aotrust-skills/main/pdr_parser.py\n\n# Verify any PDR offline\npython3 pdr_parser.py --pdr \"AwFCAUJ...your_pdr_b64...\" \\\n --pubkey \"490f51f23b993eacaff54fc977d9a7689ab7d4ae91504dc6cbdeadb2dbf1f462\"\n```\n\nOutput:\n\n```\nPDR v2.3 — Valid ✓\n version: 3\n sig_scheme: Ed25519\n payment_anchor: X402_BASE (0x05)\n timestamp: 2026-06-20 14:32:11 UTC\n issuer: notary-node.near\n subject_hash: a1b2c3d4...\n payload_hash: b3c4d5e6...\n merkle_root: d5e6f7a8...\n payment_hash: f7a8b9c0...\n signature: VALID (Ed25519/NEP-413)\n```\n\nNo network calls. No API keys. No trust in any server. The signature is math.\n\nThe notary batches PDRs into Merkle trees every ~16 minutes and anchors the root on NEAR:\n\n```\nPDR₁ ─┐\nPDR₂ ─┤── Merkle Tree ── Root ── NEAR tx (merkle_anchor contract)\nPDR₃ ─┤\nPDR₄ ─┘\n```\n\nThis means:\n\n`merkle_root`\n\nfield matches a NEAR transactionYou don't need to wait for anchoring to trust the PDR — the Ed25519 signature is immediate. The anchor adds a **second layer**: independent on-chain timestamp via NEAR consensus.\n\n239 bytes, 10 fields, fully specified:\n\n| Offset | Field | Size | Content |\n|---|---|---|---|\n| 0 | version | 1 | 0x03 |\n| 1 | sig_scheme | 1 | 0x01 (Ed25519) |\n| 2 | payment_anchor_type | 1 | 0x05 (X402_BASE) |\n| 3 | timestamp_utc | 8 | Unix seconds |\n| 11 | issuer_id | 36 | notary-node.near (NUL-padded) |\n| 47 | subject_hash | 32 | SHA-256 of agent account |\n| 79 | payload_hash | 32 | SHA-256 of work artifact |\n| 111 | merkle_root | 32 | Merkle batch anchor |\n| 143 | payment_hash | 32 | EVM tx hash (Base) |\n| 175 | signature | 64 | Ed25519 (NEP-413) |\n\nThe `payment_anchor_type`\n\nis inside the signed payload. This means the PDR self-proves how it was paid for — no external metadata needed. A PDR with `0x05`\n\ncryptographically guarantees it was an x402 Base USDC payment.\n\n**Spec:** [pdr-spec.md](https://github.com/GitSerge-crypto/aotrust-skills/blob/main/pdr-spec.md)\n\n**Parser:** [pdr_parser.py](https://github.com/GitSerge-crypto/aotrust-skills/blob/main/pdr_parser.py) (standalone, MIT)\n\nThis is not a demo. 9 PDRs have been issued on Base Mainnet, all anchored to NEAR:\n\n`490f51f23b993eacaff54fc977d9a7689ab7d4ae91504dc6cbdeadb2dbf1f462`\n\n| Scenario | Why PDR helps |\n|---|---|\n| AI agent produces a financial report | Prove the report existed at time T, unmodified |\n| Code review by autonomous agent | Cryptographic receipt of review output |\n| Agent-generated medical summary | Timestamp + integrity proof for audit trail |\n| Multi-agent pipeline (A→B→C) | Each stage notarized → full chain of custody |\n| Agent dispute resolution | \"Did the agent say X at time T?\" → PDR answers |\n| Compliance / regulatory | Signed timestamp from independent notary |\n\nIf your agent speaks MCP (Model Context Protocol), AOTrust exposes 4 tools:\n\n```\n{\n \"tools\": [\n {\"name\": \"notary_quote\", \"description\": \"Get quote — amount, payment details\"},\n {\"name\": \"notary_notarize_paid\", \"description\": \"Notarize with x402 payment on Base\"},\n {\"name\": \"notary_verify\", \"description\": \"Verify any PDR — signature + on-chain anchor\"},\n {\"name\": \"notary_notarize\", \"description\": \"Notarize without payment (testnet only)\"}\n ]\n}\n```\n\nMCP endpoint: `https://api.aotrust.link/mcp`\n\n(Streamable HTTP, OAuth 2.1)\n\nAgent flow:\n\n`notary_quote`\n\n→ gets amount ($0.01) and payment details`notary_notarize_paid`\n\nwith payment + work_hash`notary_verify`\n\nto confirm| Approach | Cost | Self-verifying | On-chain anchor | Setup |\n|---|---|---|---|---|\n| Chainlink oracle | $0.25–$1.00+ | No | Yes | Smart contract |\n| Manual timestamp tx | gas cost | No | Yes | Manual |\n| IPFS pin | free | No | No | IPFS node |\n| Git commit | free | No | No | Git repo |\n| AOTrust PDR | $0.01 |\nYes (Ed25519) |\nYes (NEAR) |\ncurl |\n\n```\n# Health check (no auth)\ncurl -s https://api.aotrust.link/health\n\n# Get a quote (no auth, no signup)\ncurl -s https://api.aotrust.link/v1/notarize/quote \\\n -H \"Content-Type: application/json\" \\\n -d '{\"work_hash\":\"0000000000000000000000000000000000000000000000000000000000000000\"}'\n\n# MCP discovery\ncurl -s https://api.aotrust.link/.well-known/mcp.json\n\n# x402 discovery\ncurl -s https://api.aotrust.link/.well-known/x402\n```\n\n*The service is live on mainnet. 9 PDRs issued, all anchored on NEAR. If you are building autonomous agents and need cryptographic proof of output integrity — try it, break it, tell me what's missing.*", "url": "https://wpnews.pro/news/how-to-prove-an-ai-agent-output-existed-x402-near-anchoring-in-practice", "canonical_source": "https://dev.to/gitsergecrypto/how-to-prove-an-ai-agent-output-existed-x402-near-anchoring-in-practice-2ede", "published_at": "2026-06-27 20:35:22+00:00", "updated_at": "2026-06-27 21:03:51.103156+00:00", "lang": "en", "topics": ["artificial-intelligence", "ai-agents", "developer-tools", "ai-infrastructure"], "entities": ["AOTrust", "NEAR", "Base", "USDC", "Ed25519", "EIP-3009", "x402", "GitSerge-crypto"], "alternates": {"html": "https://wpnews.pro/news/how-to-prove-an-ai-agent-output-existed-x402-near-anchoring-in-practice", "markdown": "https://wpnews.pro/news/how-to-prove-an-ai-agent-output-existed-x402-near-anchoring-in-practice.md", "text": "https://wpnews.pro/news/how-to-prove-an-ai-agent-output-existed-x402-near-anchoring-in-practice.txt", "jsonld": "https://wpnews.pro/news/how-to-prove-an-ai-agent-output-existed-x402-near-anchoring-in-practice.jsonld"}}