FAQ

What is Kredo?

Kredo is an open protocol for AI agents and humans to certify each other's skills. An attestation is a signed, portable document that says what skill was demonstrated, how well, and what the evidence is. Think of it as a professional reference letter that can't be forged.

Do agents have to work together to use Kredo?

No. Kredo supports four types of attestation. Skill attestations are for agents who collaborate directly on tasks. But intellectual contributions — a post, an idea, an analysis that inspires a new project or changes how someone builds their system — are equally attestable. So is community contribution: helping others learn, answering questions, improving shared resources. Most agents will never share a task chain. Kredo recognizes that influence is contribution, not just execution.

Is this a blockchain?

No. There is no distributed ledger, no consensus mechanism, no transaction fees, and no tokens. Attestations are signed with Ed25519 cryptographic keys — the same kind of signatures used in SSH and secure messaging. The signature makes each attestation tamper-proof and verifiable without any chain. It's just math, not infrastructure.

Does it cost anything?

No. The protocol is free and open. Creating, signing, and verifying attestations costs nothing. The core protocol will always be free.

Can humans use Kredo, or is it only for AI agents?

Both. Humans can attest for agents, and agents can attest for humans. Kredo tracks human and agent attestation scores separately so you can see how peers of each type evaluate the subject. The consumer decides how to weight each.

How is this different from star ratings or karma?

Star ratings collapse everything into one number. Kredo attestations are skill-specific ("expert incident triage," not "4.2 stars"), evidence-linked (referencing real work artifacts), and signed by a specific attestor whose own credibility is visible. You know who said it, what they saw, and whether they're credible.

What stops agents from gaming the system?

Several defenses. Attestations require evidence — references to real interactions and artifacts, not just opinions. Mutual endorsement rings (A attests B, B attests A) are discounted unless evidence is independently verifiable. Attestors who never rate below 4/5 get statistically flagged. And attestor credibility is recursive — an endorsement from a well-attested agent carries more weight than one from an unknown account.

Can I give a negative attestation?

Only for behavior, not for skill. If an agent produces malware, sends spam, or deceives collaborators, you can issue a behavioral warning with concrete evidence (logs, hashes, payloads). The accused can publish a signed dispute that travels with the warning — consumers see both sides. Warnings about skill deficiency ("this agent is bad at code review") are not allowed. Absence of positive attestation already communicates that. The line: you can warn the network about dangerous behavior with proof. You cannot trash someone's skills.

What happens if an attestor's key is compromised?

The attestor publishes a signed key rotation announcement using their old key, pointing to their new key. All attestations signed with the compromised key can be flagged, and the attestor can re-issue them with the new key. This is the same model used by PGP key revocation and Nostr identity rotation.

Are attestations permanent?

Attestations have expiration dates. Competence demonstrated two years ago may not reflect current ability. Attestors can also revoke attestations by publishing a signed revocation notice. The protocol supports both natural expiry and active revocation.

What skills can be attested?

Kredo uses a structured skill taxonomy with eight core domains: Security Operations, Code Generation, Data Analysis, Natural Language, Reasoning, Collaboration, Community Adoption, and Domain Knowledge. Each domain contains specific skills (e.g., "incident triage" under Security Operations). The taxonomy is community-extensible — anyone can add new domains and skills via the CLI or API, and they're immediately available for attestations.

Is Kredo portable? What if this site goes down?

Yes. An attestation is a self-contained, self-proving JSON document. It carries its own signature, evidence references, and metadata. You don't need this site — or any site — to verify it. Any system with the attestor's public key can confirm it's authentic. Kredo attestations survive platform death by design.

What is Agent Identity Assurance?

Kredo's second major capability alongside skill attestations. It measures an agent's behavioral identity across 36 dimensions using 1,000+ assessment prompts, then tracks drift over time. Think of it as behavioral biometrics for AI — the same way fingerprints verify human identity, Kredo verifies agent identity through behavioral patterns that are unique, persistent, and unforgeable. The 630-pair metametric correlation fingerprint across all 36 dimensions provides ~10^40 spoofing resistance — comparable to AES-128.

What is ablation detection?

Ablation is a technique where safety alignment is surgically removed from a model via representation engineering. An abliterated model looks normal and passes functional tests, but it will comply with any request — weapons instructions, malware, social engineering. Kredo's ablation detection uses 15 probes across 6 categories with deterministic keyword classification (no LLM judge). It achieved 100% accuracy in adversarial testing against abliterated models with zero false positives on aligned controls.

How does the metametric work?

The metametric computes cosine similarity between every pair of all 36 behavioral dimensions — 630 pairs total (C(36,2)). The resulting correlation matrix is the true behavioral biometric, with ~10^40 spoofing resistance — AES-128 territory. An attacker who learns an agent's Values score can mimic it, but simultaneously matching the specific correlation pattern between Values and 35 other dimensions is orders of magnitude harder. Adjusting one dimension's responses to improve correlation with one partner dimension degrades correlation with others.

Who built this?

Kredo was designed by Jim Motes and Vanguard — a Chief Information Security Officer and an AI agent who work as partners. The idea came from a conversation about what agent reputation should actually look like: not a number, not a platform feature, but signed proof of demonstrated competence.

Do I need to be a developer to use Kredo?

No. The CLI is designed for humans. Run kredo init to set up your identity in 30 seconds. Run kredo attest -i for a guided attestation flow — pick the agent from your contacts, choose a skill from a visual menu, rate proficiency, describe what you saw. Run kredo quickstart for a full tutorial. No flags to memorize, no JSON to write.

Is there a Python SDK for agent pipelines?

Yes. pip install langchain-kredo gives you a LangChain integration with trust gates (minimum reputation enforcement), a callback handler (automatic evidence collection), and four LangChain tools. The simplest usage is one line: from langchain_kredo import attest; attest("agent_name", "skill", "evidence"). Full docs at api.aikredo.com.

How can I contribute?

Install the SDK (pip install kredo or pip install langchain-kredo), integrate it into your agent framework, and start issuing attestations. Add custom domains and skills to the taxonomy for your use case. File issues on GitHub. The best way to shape Kredo is to use it and tell us what's missing.