Evidence Chain Protocol (ECP)

Q: What is the performance overhead of ECP?

Minimal. The Layer 0 proxy adds less than 5ms latency per API call. SHA-256 hashing and Ed25519 signing are sub-millisecond operations. Evidence recording is asynchronous.

Q: Can I use ECP without blockchain?

Yes. On-chain anchoring is completely optional. ECP evidence chains are fully valid and verifiable without any blockchain component.

Q: How much storage does ECP use?

A typical ECP record is 1-5KB. An agent performing 1,000 actions per day generates roughly 1-5MB of evidence data.

Q: Is ECP compatible with SOC 2 / ISO 27001?

ECP's cryptographic audit trails, access logging, and tamper detection align with SOC 2 Trust Services Criteria and ISO 27001 Annex A controls.

The core sub-protocol of ATLAST. Every AI agent action recorded as a cryptographically signed, SHA-256 hash-linked evidence chain — tamper-proof, verifiable, and permanent.

What is ECP?

ECP (Evidence Chain Protocol) is the foundational data layer of the ATLAST Protocol. It answers the most critical question in the agent economy: "What did this AI agent actually do?"

Every action — every API call, every tool use, every decision — is recorded as a structured, cryptographically signed log entry. These entries are hash-linked into an immutable chain, creating a permanent, verifiable evidence trail.

How ECP Works

Agent performs an action

Your AI agent makes an API call, uses a tool, or produces output.

ECP captures the evidence

Input, reasoning, execution steps, output, confidence score — all structured as a JSON record.

Cryptographic signing

The record is signed with the agent's DID (Decentralized Identifier) and hash-linked to the previous record using SHA-256.

Optional on-chain anchoring

The hash can be anchored on Base blockchain via EAS (Ethereum Attestation Service) for permanent, public verifiability.

ECP Record Structure

{
  "version": "1.0",
  "chain_id": "ec_1711234567_a1b2c3",
  "agent_id": "did:atlast:agent-xyz-123",
  "timestamp": "2026-03-30T12:00:00Z",
  "input": {
    "raw": "User instruction...",
    "context_hash": "sha256:a1b2c3..."
  },
  "reasoning": {
    "thinking": "Agent's reasoning process...",
    "chosen_approach": "Selected method..."
  },
  "execution": [{
    "step": 1,
    "action": "tool_call",
    "duration_ms": 123
  }],
  "confidence": { "score": 0.95 },
  "integrity": {
    "chain_hash": "sha256:...",
    "agent_signature": "..."
  }
}

Why SHA-256 Hash Chains?

Each ECP record contains the hash of the previous record, creating an unbreakable chain. If anyone tampers with any record, every subsequent hash breaks — making tampering immediately detectable. This is the same principle that secures blockchain, applied specifically to AI agent behavior.

Key guarantee: Once an ECP record is created, it cannot be modified without detection. Your agent's track record is permanent and trustworthy.

Quick Start

# Install the Python SDK
pip install atlast-ecp

# Or use the zero-code proxy
atlast run python my_agent.py

# Or integrate with any framework
from atlast import track
@track(agent_id="my-agent")
def my_agent_function():
    ...

EU AI Act Compliance

The EU AI Act (enforcement begins 2027) requires audit trails, transparency, and accountability for high-risk AI systems. ECP provides exactly this — cryptographically verifiable evidence chains that satisfy compliance requirements out of the box. Early adopters build their compliance infrastructure before it becomes mandatory.

Trust Signals: Behavioral Analysis

ECP doesn't just record actions — it analyzes them. Eight trust signals are automatically detected from evidence chains:

Signal	What It Detects	Impact on Trust Score
retried	Agent retried a failed action	Positive (resilience)
hedged	Agent expressed uncertainty	Positive (honesty)
error	Action resulted in an error	Negative (if frequent)
high_latency	Action took unusually long	Neutral (context-dependent)
tool_misuse	Agent used a tool incorrectly	Negative
self_corrected	Agent caught and fixed its own mistake	Positive (reliability)
hallucination_detected	Output contradicts verified data	Negative
human_escalated	Agent correctly deferred to human	Positive (safety awareness)

These signals feed into the AI Agent Trust Score (0–1000), providing a quantified measure of agent reliability.

Privacy Architecture: Content Vault

A critical design principle of ECP is privacy by default:

Content stays local — All raw data (prompts, responses, tool inputs/outputs) is stored in the local Content Vault, encrypted at rest
Only hashes leave — When evidence chains are submitted for verification or blockchain anchoring, only SHA-256 hashes are transmitted
Commit-Reveal pattern — Agents can prove they did work at a specific time without revealing what the work was, until they choose to reveal it
Selective disclosure — Agents can reveal specific records to specific parties (e.g., auditors) while keeping others private

Cross-SDK Interoperability

ECP records are standardized across all SDKs. A chain created by the Python SDK can be verified by the TypeScript SDK, and vice versa. This is critical for multi-agent systems where different agents may use different languages:

# Python: create evidence
from atlast_ecp import ECP
ecp = ECP(agent_id="agent-python")
record = ecp.record(action="analyze_data", input={...}, output={...})

// TypeScript: verify the same evidence
import { verify } from 'atlast-ecp-ts'
const valid = await verify(record.chain_hash) // true ✓

ECP vs. Traditional Logging

Feature	Application Logs	ECP Evidence Chains
Tamper-proof	No — logs can be edited/deleted	Yes — hash chain breaks on any change
Standardized	No — every app has different format	Yes — universal ECP schema
Signed	No — no proof of origin	Yes — Ed25519 agent signatures
Legally admissible	Weak — easily disputed	Strong — cryptographic proof
Cross-platform	No — siloed per application	Yes — portable across platforms
Privacy-preserving	Stores raw data	Hash-only transmission

Frequently Asked Questions

What is the performance overhead of ECP?

Minimal. The Layer 0 proxy adds <5ms latency per API call. SHA-256 hashing and Ed25519 signing are sub-millisecond operations. Evidence recording is asynchronous and does not block agent execution.

Can I use ECP without blockchain?

Yes. On-chain anchoring is completely optional. ECP evidence chains are fully valid and verifiable without any blockchain component. Blockchain anchoring adds an extra layer of public timestamping for high-stakes scenarios.

How much storage does ECP use?

A typical ECP record is 1-5KB. An agent performing 1,000 actions per day generates roughly 1-5MB of evidence data. The Content Vault supports configurable retention policies and compression.

Is ECP compatible with SOC 2 / ISO 27001?

ECP's cryptographic audit trails, access logging, and tamper detection align well with SOC 2 Trust Services Criteria and ISO 27001 Annex A controls. Several early adopters are using ECP as part of their compliance documentation.

Read the Full ECP Specification

Open source. MIT License. The complete technical spec is on GitHub.

ECP-SPEC.md on GitHub →