vouch git
Sign every git commit cryptographically. One command sets it up, then it is automatic, and your repo gets a verified badge.
vouch git initWhat we have built
Vouch Protocol™ is not one tool.
It is a whole set of them.
A command line, a standalone server your agents can call, SDKs in every major language, packages for your AI tools, media provenance, a guard for your repositories, and an open benchmark of the whole agent ecosystem. Everything here is open source and free.
Command line
Things you can run today
Install once with pip install vouch-protocol, then use any of these.
vouch scan
Find leaked Vouch key material in your code before it ships: a private key in a file, a seed in an env var, a DID document carrying a private key.
vouch scan .vouch sign and verify
Sign any payload and verify it from the command line.
vouch sign "hello"vouch media
Sign images so their origin can be verified, with C2PA support.
vouch media sign photo.jpgThe Rogue Agent demo
A sixty-second demo: a real agent is accepted, an impersonator is rejected, a tampered credential is rejected. All local, no setup.
python examples/00_the_rogue_agent.pyFor your agents
Give an agent an identity and keep it honest
The runtime pieces that let an agent prove who it is and stay within its bounds.
MCP server
A standalone Model Context Protocol server. Any MCP client (Claude Desktop, Cursor, any agent) can create an identity, sign and verify credentials, scan for leaked keys, and decode DIDs, with no extra setup.
vouch-mcpIdentity Sidecar
Holds signing keys outside the model context, so a prompt injection cannot read or misuse them.
Vouch Shield
A runtime check that inspects every tool call against your rules, like a customs officer at the door.
Continuous trust
Heartbeats and session vouchers, so trust is a live signal that has to be renewed, not a badge issued once and trusted forever.
SDKs
The language you already use
One shared crypto core, so every language produces byte-identical output, checked against shared test vectors.
Python
The full reference implementation.
pip install vouch-protocolTypeScript
For the browser and Node.
npm i @vouch-protocol-official/sdkGo
A high-throughput signing sidecar.
go-sidecarRust
The shared core that every wrapper is built on.
cargo add vouch-coreJava and Kotlin
On the JVM.
com.vouchprotocol:vouch-core-jvm.NET
PreviewFor C#.
VouchProtocol.CoreSwift
PreviewFor iOS and macOS.
VouchCoreC and WebAssembly
PreviewFor native, embedded, browser, and edge.
Inside your AI tools
Add Vouch from where you already work
Packages that teach your AI assistant how to wire Vouch into your code, running on your own subscription.
Claude Skill
Install it as a Claude Code plugin from the Vouch marketplace, then Claude knows how to add Vouch to your repo. It loads automatically when you mention Vouch.
/plugin marketplace add vouch-protocol/vouch
/plugin install vouch-protocol@vouchOpenAI Custom GPT
The same knowledge inside ChatGPT. Open the shared GPT and ask it to wire Vouch into your code.
How to use →Gemini Gem
The same knowledge inside Gemini. Open the shared Gem and ask it to wire Vouch into your code.
How to use →Media and the web
Prove where content came from
Provenance for images, audio, and the open web.
C2PA Content Credentials
Sign images so their origin and edits can be verified.
Vouch Sonic
An audio watermark that carries provenance through sound itself.
Browser extension
Sign and verify content on the page, for Chrome and Edge.
For your repositories
Guard the code itself
Catch problems at the pull request, before they merge.
Gatekeeper GitHub App
Verifies commit signatures on every pull request and blocks leaked Vouch keys before they land.
On GitHub →For the ecosystem
See the whole picture
An open benchmark of how trustworthy the agent world actually is.
Agent Trust Index
Scans agents in the wild and measures how many can actually prove who they are. In the first sweep of 11,168 public agents, just 1.3% could.
View the Index →