# Auditor Verification — Trust Without Trusting the Operator
**Status:** Published
**Version:** 1.0.0
**Works With Agents — Agent Attestation Protocol**
## How to verify agent-generated code in 3 minutes
Every scaffold generated by WWA produces a cryptographically signed attestation. You don't need to trust the operator, the agent, or the infrastructure. You just need the attestation JSON.
### Step 1: Get the attestation
```bash
# Via MCP
wwa_attest_audit({"session_id": "abc123..."})
# Or directly from the signed git commit
git show --format="%B" | grep "Attestation:"
```
### Step 2: Verify
```bash
# One command
python3.11 -m wwa_scaffold_mcp.server --verify-attestation sha256:attestation_hash
# Expected output:
{
"checks": {
"signature": {"valid": true, "agent_key": "e724f699... ✓"},
"hash_chain": {"valid": true, "verified": 24, "total": 24, "missing": 0},
"deterministic": {"valid": true, "agent_version": "wwa-scaffold-mcp==1.0.0"},
"revocation": {"valid": true}
},
"valid": true
}
```
### What each check proves
| Check | What it proves | Trust required |
|-------|---------------|:---:|
| **Signature** | Agent with key X generated this exact attestation | None — Ed25519 verification is mathematical |
| **Hash chain** | The files in the repository match what the agent generated | None — SHA-256 verification is mathematical |
| **Deterministic** | Same inputs produce same outputs (no randomness, no external APIs) | None — reproducible |
| **Revocation** | The signing key hasn't been compromised or revoked | None — CRL is public |
### What the auditor does NOT need to trust
| Trust point | Why it's eliminated |
|-------------|-------------------|
| The operator | Signature proves authorship without trusting who runs the server |
| The agent infrastructure | Same inputs → same outputs. Re-run with your own MCP instance |
| The file system | SHA-256 chain proves files match attestation |
| Timestamps | Git commit time + optional L2 timestamp on Arbitrum/Base |
### The one remaining trust point (and how to close it)
The auditor must assume the agent was running the correct version. Solution: pin `wwa-scaffold-mcp==1.0.0` in a requirements file, then re-run generation with that exact version. Output hash must match.
Future: TEE (SGX enclave) execution proves the agent binary ran untampered.
## Sample attestation (abbreviated)
```json
{
"attestation_id": "a22b2a37-...",
"agent_id": "wwa-scaffold-v1.0.0",
"agent_public_key": "ed25519:e724f699c537...",
"timestamp": "2026-05-10T15:00:00Z",
"inputs": {
"description": "MOD training tracker with employee records",
"standards_selected": ["jsp-440", "wcag-2-2-aa"],
"languages": ["en-us", "en-gb"],
"deterministic": true
},
"outputs": {
"total_files": 24,
"files_created": 20,
"output_hash": "sha256:febe4157f0f25...",
"file_hashes": [
{
"path": "src/webparts/tracker/TrackerWebPart.ts",
"sha256": "sha256:X1a2b3...",
"compliance_relevant": true,
"standards_applied": ["jsp-440", "wcag-2-2-aa"]
}
],
"build_result": {"exit_code": 0, "errors": 0}
},
"signature": "ed25519:d891f203f6bf..."
}
```
## Key rotation & revocation
| Action | Tool | Effect |
|--------|------|--------|
| View key status | `wwa_attest_key_info` | Shows current key version, rotation history, revoked keys |
| Rotate key | `wwa_attest_key_rotate` | New key v2. Old attestations still verifiable with v1 |
| Revoke key | `wwa_attest_revoke` | Invalidates all attestations signed by compromised key |
| Check revocation | Automatic in `wwa_attest_verify` | Every verification checks the CRL |
## Industry bundles for one-click compliance
Pre-composed standards sets. Select a bundle and get the full compliance stack.
| Bundle | Standards | For |
|--------|-----------|-----|
| 🏥 NHS Trust | NHS Digital, WCAG AA, GDS, MHRA, NICE, GDPR, ISO 27001 + Welsh | UK healthcare |
| 🛡️ MOD Defence | JSP 440, DEF STAN 00-56, NATO STANAG, WCAG AA, GDPR, ISO 27001 | UK military |
| 🇺🇸 DoD Contractor | DoD 8500, DISA STIG, NIST 800-53, NIST 800-171, CMMC, FedRAMP, Section 508 | US defence |
| 💊 Pharma GxP | FDA 21 CFR 11, HIPAA, EU MDR, EMA, MHRA, NICE, ISO 27001 | Global life sciences |
| 🏦 Finance Baseline | GDPR, ISO 27001, SOC 2, HIPAA + PCI DSS/SOX as custom | Banking/insurance |
| 🔒 GDPR Complete | GDPR, ISO 27001, ISO 27701 | EU data protection |
| ♿ WCAG Complete | WCAG 2.2 AAA, Section 508, EN 301 549, AODA | Global accessibility |
## Why this matters
Most AI code generation tools produce output with no audit trail. You trust the tool because you have to.
WWA generates code you can verify — cryptographically. An auditor can prove the code was generated from specific inputs with specific standards at a specific time, without trusting the operator, the server, or the agent.
This is the difference between "trust me" and "verify it yourself."