DAG Trust-Attestation

Prove the whole agent chain authorized the payment.

A 3-agent workflow signs a receipt DAG. The payment agent's ADMIN capability is gated on an unbroken chain (composite trust ≥ 0.82, depth ≥ 2). Tamper one upstream receipt and the escalation is denied. A proxy sees single calls; only a signed cross-agent chain proves this.

Real Ed25519 receipts · zero data plane · metadata-only
Every receipt carries only metadata (step, capability, trust, hash) — never a prompt, key, or PII — and is Ed25519-signed in the customer runtime. Reproduce it locally: npm run demo:attestation in @agentguard-run/spend.

DAG Trust Attestation Tokens — Patent D §7.3 (App. No. 63/984,626). AgentGuard® Reg. No. 8281464, Dunecrest Ventures Inc.