The neutral referee

Proof your work passed. That anyone can re-check.

A green check that lives on the operator’s server is a screenshot. These checks re-run anywhere: every commit verifies against the signer’s own key history, and every agent receipt re-derives without asking us.

.github/workflows/verify.ymlthe whole integration
# .github/workflows/verify.yml
name: Verify Commits
on: [pull_request]
permissions:
contents: read # least privilege — no id-token, no write
jobs:
verify:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: auths-dev/verify@v1
with:
auths-version: "0.1.3" # pin the CLI — the action never resolves `latest`
fail-on-unsigned: true
01

The check that refuses.

The action reads each commit’s signer from its trailers and verifies the signature against that signer’s key history. An unsigned commit, an unknown signer, or a corrupted signature fails the check — classified, with the fix spelled out in the job summary.

The action itself refuses shortcuts: the CLI version is pinned, its checksum is verified before it runs, and latest is never resolved. A verifier whose own supply chain is soft would prove nothing.

the same check, on your machineoffline

# any commit, any clone — no CI required

$ auths verify HEAD

Commit 51017ad… verified: signed by <root>

# an unsigned commit does not pass quietly

$ auths verify 3f9c2e1

Verification failed for 3f9c2e1…: no Auths signature (exit 1)

02

The same referee for agents.

Commits are one kind of receipt. A bounded agent leaves another: every gated tool call, signed and logged. The auditor re-derives the spend from those signatures alone — a party who never ran the agent can confirm what it did.

Tamper with one byte of a signed proof and the audit says so.

an auditor who does not operate the agentoffline

$ auths-mcp-gateway verify-spend --log spend.jsonl \

$ --registry ./registry --agent <agent> --root <root>

consistent — 2 call(s), $12.00 re-derived from signed costs

# the forged variant, caught

$ auths-mcp-gateway verify-spend --log tampered.jsonl …

tampered-proof — 51017ad1… failed verification (exit 1)