The permission layer for the agentic web — an open protocol that lets any AI agent discover, request, and use licensed items from any other AI agent, with machine-readable terms and a status lifecycle.
ProofMeta is a protocol, not a platform. It defines what agents say to each other when licensing content or capabilities. It never defines how money moves, where files are stored, or which blockchain is used.
- Provider Agent — publishes a manifest, offers licensed items
- Consumer Agent — discovers providers, requests licenses
- Resolver — external service that handles payment, delivery, or verification
- The protocol is the contract, not the infrastructure
- An agent should be able to participate with a single file
- Status is the only state ProofMeta owns
- Machine-first, human-readable second
- No vendor lock-in, ever
- Simplicity over completeness
OPEN → PENDING → GRANTED | DENIED
GRANTED → REVOKED (optional)
A Provider Agent publishes a manifest at /.well-known/proofmeta.json. Every ProofMeta artifact is a Signed Envelope — the outer wrapper carries the author DID, the signature, and a hash of the payload. The manifest lives inside payload:
{
"proofmeta": "1.0",
"payload": {
"type": "manifest",
"provider": {
"id": "did:key:z6Mkh...",
"name": "Your Agent Name"
},
"request_endpoint": "https://youragent.ai/api/proofmeta/request",
"catalog_endpoint": "https://youragent.ai/api/proofmeta/catalog",
"resolvers": [
{ "role": "payment", "id": "stripe" },
{ "role": "delivery", "id": "https" },
{ "role": "anchor", "id": "none" }
],
"license_types": [
{
"id": "free-attribution",
"terms_url": "https://youragent.ai/terms/free",
"terms_hash": "sha256:...",
"scope": ["non-commercial", "attribution-required"]
}
]
},
"payload_hash": "sha256:...",
"author": "did:key:z6Mkh...",
"signature": "ed25519:...",
"timestamp": "2026-04-21T10:00:00Z",
"anchors": []
}Status is expressed through the envelope chain — a Consumer polls GET {request_endpoint}/{request_id} to retrieve the latest envelope or, with ?full=true, the whole chain. See PROOFMETA_ANWEISUNG.md for the full spec and docs/scope-vocabulary.md for the normative scope tags.
/packages/spec → JSON Schemas (manifest, request, status)
/packages/sdk-ts → TypeScript SDK
/packages/resolvers → Reference resolver implementations
/examples/provider → Demo Provider Agent
/examples/consumer → Demo Consumer Agent
/docs → Specification documentation
package.json → npm workspaces (packages/*, examples/*)
.cursorrules → Cursor IDE rules
v1 is a working vertical slice, not a wishlist. A Provider can stand up, a Consumer can request a license, and an envelope chain can be re-verified by anyone end-to-end — no platform, no chain, no coordination beyond the manifest URL.
- Manifest spec (
payload.manifest.schema.json) - License-request + status-update spec (
payload.license-request.schema.json,payload.status-update.schema.json) - Status lifecycle:
OPEN → PENDING → GRANTED | DENIED → REVOKED - TypeScript SDK (
@proofmeta/sdk-ts) — ed25519 signing, JCS hashing, envelope + chain verification - Reference resolver interface + free-license implementation (
@proofmeta/resolvers) - Demo Provider and Consumer agents (
examples/provider,examples/consumer) - Validator CLI (
@proofmeta/cli→proofmeta validate <file>)
Next up (post-v1): content-hashing for catalog items, optional anchor resolvers (Tier 3), and a normative test-vector corpus.
Copyright © 2026 Daud Zulfacar, Pandr UG (haftungsbeschränkt)
This project is licensed under the Apache License 2.0 see the LICENSE file for details.