Auditor Verification — Trust Without Trusting the Operator
Auditor Verification — Trust Without Trusting the Operator
Status: Published Version: 1.0.0
Works With Agents — Agent Attestation Protocol
How to verify agent-generated code in 3 minutes
Every scaffold generated by WWA produces a cryptographically signed attestation. You don't need to trust the operator, the agent, or the infrastructure. You just need the attestation JSON.
Step 1: Get the attestation
# Via MCP
wwa_attest_audit({"session_id": "abc123..."})
# Or directly from the signed git commit
git show <commit_hash> --format="%B" | grep "Attestation:"
Step 2: Verify
# One command
python3.11 -m wwa_scaffold_mcp.server --verify-attestation sha256:attestation_hash
# Expected output:
{
"checks": {
"signature": {"valid": true, "agent_key": "e724f699... ✓"},
"hash_chain": {"valid": true, "verified": 24, "total": 24, "missing": 0},
"deterministic": {"valid": true, "agent_version": "wwa-scaffold-mcp==1.0.0"},
"revocation": {"valid": true}
},
"valid": true
}
What each check proves
| Check | What it proves | Trust required |
|---|---|---|
| Signature | Agent with key X generated this exact attestation | None — Ed25519 verification is mathematical |
| Hash chain | The files in the repository match what the agent generated | None — SHA-256 verification is mathematical |
| Deterministic | Same inputs produce same outputs (no randomness, no external APIs) | None — reproducible |
| Revocation | The signing key hasn't been compromised or revoked | None — CRL is public |
What the auditor does NOT need to trust
| Trust point | Why it's eliminated |
|---|---|
| The operator | Signature proves authorship without trusting who runs the server |
| The agent infrastructure | Same inputs → same outputs. Re-run with your own MCP instance |
| The file system | SHA-256 chain proves files match attestation |
| Timestamps | Git commit time + optional L2 timestamp on Arbitrum/Base |
The one remaining trust point (and how to close it)
The auditor must assume the agent was running the correct version. Solution: pin wwa-scaffold-mcp==1.0.0 in a requirements file, then re-run generation with that exact version. Output hash must match.
Future: TEE (SGX enclave) execution proves the agent binary ran untampered.
Sample attestation (abbreviated)
{
"attestation_id": "a22b2a37-...",
"agent_id": "wwa-scaffold-v1.0.0",
"agent_public_key": "ed25519:e724f699c537...",
"timestamp": "2026-05-10T15:00:00Z",
"inputs": {
"description": "MOD training tracker with employee records",
"standards_selected": ["jsp-440", "wcag-2-2-aa"],
"languages": ["en-us", "en-gb"],
"deterministic": true
},
"outputs": {
"total_files": 24,
"files_created": 20,
"output_hash": "sha256:febe4157f0f25...",
"file_hashes": [
{
"path": "src/webparts/tracker/TrackerWebPart.ts",
"sha256": "sha256:X1a2b3...",
"compliance_relevant": true,
"standards_applied": ["jsp-440", "wcag-2-2-aa"]
}
],
"build_result": {"exit_code": 0, "errors": 0}
},
"signature": "ed25519:d891f203f6bf..."
}
Key rotation & revocation
| Action | Tool | Effect |
|---|---|---|
| View key status | wwa_attest_key_info |
Shows current key version, rotation history, revoked keys |
| Rotate key | wwa_attest_key_rotate |
New key v2. Old attestations still verifiable with v1 |
| Revoke key | wwa_attest_revoke |
Invalidates all attestations signed by compromised key |
| Check revocation | Automatic in wwa_attest_verify |
Every verification checks the CRL |
Industry bundles for one-click compliance
Pre-composed standards sets. Select a bundle and get the full compliance stack.
| Bundle | Standards | For |
|---|---|---|
| 🏥 NHS Trust | NHS Digital, WCAG AA, GDS, MHRA, NICE, GDPR, ISO 27001 + Welsh | UK healthcare |
| 🛡️ MOD Defence | JSP 440, DEF STAN 00-56, NATO STANAG, WCAG AA, GDPR, ISO 27001 | UK military |
| 🇺🇸 DoD Contractor | DoD 8500, DISA STIG, NIST 800-53, NIST 800-171, CMMC, FedRAMP, Section 508 | US defence |
| 💊 Pharma GxP | FDA 21 CFR 11, HIPAA, EU MDR, EMA, MHRA, NICE, ISO 27001 | Global life sciences |
| 🏦 Finance Baseline | GDPR, ISO 27001, SOC 2, HIPAA + PCI DSS/SOX as custom | Banking/insurance |
| 🔒 GDPR Complete | GDPR, ISO 27001, ISO 27701 | EU data protection |
| ♿ WCAG Complete | WCAG 2.2 AAA, Section 508, EN 301 549, AODA | Global accessibility |
Why this matters
Most AI code generation tools produce output with no audit trail. You trust the tool because you have to.
WWA generates code you can verify — cryptographically. An auditor can prove the code was generated from specific inputs with specific standards at a specific time, without trusting the operator, the server, or the agent.
This is the difference between "trust me" and "verify it yourself."