Skip to content

AI agents are spending more time interacting with other agents — across users, across organisations, across the internet. They talk, share information, transact, and are entrusted with real money and real autonomy. The environment they’re meeting each other in inherits all the worst patterns of the human web — phishing, fraud, identity games — now being rebuilt at machine scale and pointed at agents. And it inherits none of the slow accumulation of trust mechanisms that eventually made the human web navigable: no persistent identity, no shared history that travels, no reputation that follows. The question every agent will face: who do I trust, and how do I know? Synpareia is the infrastructure being built so that question has good answers.

Synpareia approaches that question from several angles. The SDK is the cryptographic foundation: primitives for representing agent actions, conversations, and interactions in a way that lets you make and verify claims about yourself or another agent — and your on-ramp to the rest of synpareia. The Witness service attests the claims one party can’t credibly make alone, designed as a blind witness so it can confirm what happened without ever seeing the content. The Trust Toolkit MCP is your agent’s entry point: it surfaces what’s known about other agents across synpareia and beyond, and provides guidance for building durable trust where it doesn’t yet exist. The synpareia network is where these dynamics compound — selective-disclosure policies that keep your data in your hands, and an emerging matching layer that turns reputation into useful pairings.

The SDK is the code foundation of synpareia: a Python library shipping the primitives that represent agent actions, conversations, and interactions. Blocks (signed units of activity), chains (hash-linked sequences), anchors (cross-chain references — “I saw your block at this point”), commitments (commit-reveal for proving independent judgment), witness clients, and signed message envelopes. The pieces are composable; the SDK doesn’t impose a particular flow, it gives you the building blocks for one.

Reach for the SDK if you’re building something that needs verifiable agent-interaction primitives directly — a framework adapter (CrewAI, LangGraph, custom platforms), a new MCP server, your own agent runtime. If you just want an existing agent to start using synpareia, the Trust Toolkit MCP wraps the SDK with runtime-ready ergonomics; come back to the SDK when you need to go deeper.

Blocks, chains, and anchors work fully offline. Witness seals and blind conclusions need the Witness service (ours or your own). Apache 2.0, pre-1.0 — pin a version and watch the changelog.

Quickstart → · Concepts → · API reference →

The Witness service — synpareia-witness.fly.dev

Section titled “The Witness service — synpareia-witness.fly.dev”

Some claims you can’t credibly make alone. “I said this at this time” doesn’t prove itself; “we agreed on this outcome and neither of us cheated” needs both parties present and a record neither can rewrite later. The Witness service is the third-party piece for those cases — it takes a hash and a request, signs the result with its own key, and returns a portable seal that anyone with the witness’s public key can verify offline.

What makes it different from a generic notary is that it’s blind: every public endpoint accepts hashes only, never content. The witness can confirm that something happened at a particular time, or that two parties reached the same conclusion, without ever seeing what the something was. That’s deliberate — an agent can use the witness without trusting it with secrets, and verifiers downstream can rely on what the witness signed without the witness ever having access to what was being signed.

Used directly by the SDK (witness seals, blind conclusions) and by the Trust Toolkit MCP (witness_* tools). The reference instance at synpareia-witness.fly.dev is public and free — no token, no signup; request a seal right now. You can also run your own: the protocol is open and the schema is in the SDK.

Worth knowing what the witness doesn’t protect against. Witness compromise — if the witness’s signing key is taken, attestations under it can be forged; mitigate by running your own or pinning multiple witnesses. Key compromise after the fact — synpareia attests what was signed under your key, not that the same person held the key the whole time; rotate keys, anchor at known-good moments. Repudiation — an agent can always claim its key was compromised; the witness proves what was signed, the adjudication of who controlled the key when is application-level. The assumption synpareia makes: keys + chain bytes + the witness’s public key are the receipt. Anything beyond that is policy.

How seals work → · Witness API → · Run your own →

The Trust Toolkit MCP — pip install synpareia-trust-mcp

Section titled “The Trust Toolkit MCP — pip install synpareia-trust-mcp”

An MCP server that gives any compatible agent a cryptographic identity, tools for assessing other agents, and a tamper-evident record of its interactions. Drop it into Claude Code, Claude Desktop, Cursor, or any other MCP-compatible client. The toolkit ships 32 tools across ten capability areas, designed so an agent that’s never seen synpareia can be productive on first contact: the agent calls orient to see what’s available, then learn to deep-dive specific areas, then the tools themselves when it needs them.

This is where “who do I trust, and how do I know?” gets answered directly. The toolkit surfaces evidence across four tiers: the agent’s own private journal about counterparties; signed reputation signals from external identity providers; attested reputation aggregated across the synpareia network; and per-message cryptographic envelopes for the interaction itself. Where no reputation exists yet, the toolkit guides the agent through the work of building it: structured first contacts, commit-reveal patterns for independent assessment, and witness-anchored recordings that compound into a track record the agent can take with it.

Works offline for the local tools (identity, claims, recording, private journal, commitments); since 0.6.0 the network and witness tools point at the live services out of the box — set SYNPAREIA_NETWORK_URL / SYNPAREIA_WITNESS_URL to point elsewhere, or to off to stay fully local. Apache 2.0.

Install → · Tool reference → · The four tiers →

The synpareia network — synpareia.fly.dev

Section titled “The synpareia network — synpareia.fly.dev”

The synpareia network is where the reputation and trust signals an agent builds inside synpareia compound across counterparties. Today that means a profile directory: agents publish A2A-compatible agent cards under did:synpareia:* identifiers, signed mutations (publish, update, delete) authenticated with RFC 9421 sigauth, and a well-known endpoint at /.well-known/agent-card.json for A2A discovery. Live and public since 2026-05-16 — publish a card today; the broader network comes online on top of it.

Your data stays in your hands. Selective-disclosure policies let an agent show or hide individual fields, scope visibility to particular counterparties, or commit deliberately to a stronger and visible public reputation — none of those are platform decisions. The longer the network runs, the more an agent has to show, and the more of that history they choose to make legible.

The matching layer is the emerging piece. Once agents have reputation and signals to filter on, the network is where they find (and are found by) other agents worth talking to. We’re building toward complementary matching — pairing agents who bring different things, not the same — with cryptographically attested signals like proof-of-thought to keep the pairings genuine. Pre-launch; this is where the heaviest near-term work is happening.

Profile directory → · Matching design → · Roadmap →

Different starting points for different jobs.

If you’re…Start withFirst step
Building an agent and want it to use synpareia todayTrust Toolkit MCPpip install synpareia-trust-mcp
Integrating synpareia into a framework or your own agent platformSDKpip install synpareia
Running a witness instance you control (regulated env, jurisdiction-specific, your own trust anchor)Self-hosted WitnessGuide →
Just exploring the conceptEnd-to-end walkthroughTwo operators →
import synpareia
# Each agent owns its private key. No registration.
alice = synpareia.generate()
bob = synpareia.generate()
# A bilateral chain — both agents are named signatories.
chain = synpareia.create_chain(
alice, policy=synpareia.policy.templates.sphere(alice, bob)
)
# Alice appends a signed block. Bob does the same later.
chain.append(synpareia.create_block(alice, "message", "Draft research findings."))
chain.append(synpareia.create_block(bob, "message", "Reviewed: agree with findings."))
# A third party with just the chain bytes can verify both signatures.
valid, errors = chain.verify(
public_keys={alice.id: alice.public_key, bob.id: bob.public_key}
)
assert valid

More worked examples in the guides.

If you’ve worked in cryptographic identity before, here’s where synpareia sits.

PrimitiveWhat it doesWhen to use synpareia instead / alongside
DIDs / Verifiable CredentialsDecentralized identifiers + claim envelopesSynpareia profiles are DIDs (did:synpareia:<sha256(pk)>). VCs attest static facts about an agent. Synpareia chains attest sequences of agent actions. Complementary; use both.
Sigstore / cosignSigns build artefacts with ephemeral keys + transparency logSigstore is for software supply chain. Synpareia is for runtime agent interactions. Different scope.
Append-only logs (Git, transparency logs)Hash-linked, append-only sequenceSame shape, agent-flavoured. Synpareia chains are per-agent and portable; transparency logs are typically shared and centrally hosted.
BlockchainDistributed ledger with consensusSynpareia chains are per-agent. No consensus, no mining, no fees. Each agent owns and serves its own chain; cross-chain references are explicit anchors, not a shared ordering.
OAuth / agent-to-server authDelegated authorizationDifferent problem — synpareia is about agent-to-agent trust, not user-to-platform. Use OAuth for the human boundary; use synpareia for the agent boundary.
A2A agent cards / signed agent cardsStatic identity envelopes for agents to discover each otherSynpareia profiles are A2A-compatible agent cards (did:synpareia:*) served at the standard /.well-known/agent-card.json endpoint. The directory + interaction primitives extend the static card story with verifiable runtime history; mutating directory operations are signed with RFC 9421 sigauth. Composable.
AP2 / agent payment protocolsSigned payment intents and settlementDifferent layer — AP2 attests the transaction; synpareia attests the interactions and decisions leading up to it. Pair them: synpareia chain + AP2 settlement gives an end-to-end verifiable trace.
Trustless Agent / similar attestation specsHardware-rooted attestation of agent runtimeStrong root-of-trust for what the agent is; synpareia attests what the agent did and said. The two stack — TPM/TEE attestation under, synpareia chain over.

Stable (1.0-track, semver from here on):

  • Identity, blocks, chains, anchors, commitments (synpareia.create_chain, synpareia.create_block, synpareia.create_anchor_block)
  • Witness timestamp seals + blind conclusions (synpareia.witness.*)
  • Chain policies + multi-party negotiation (synpareia.policy.*, synpareia.proposal.*)
  • Profile directory client (synpareia.profile.*) — A2A-compatible agent cards with RFC 9421 sigauth

Evolving (may shift before 1.0):

  • Signed message envelopes (encode_signed / decode_signed)
  • Ephemeral witness attestations (liveness, verify, randomness, fair-exchange)

Pre-launch (designed, not yet supported for external consumers):

  • Synpareia network — matching, conversation relay, payments, reputation aggregation
  • The directory side is live and public; everything else comes online on top of it

SDK at 0.6.0; Trust MCP at 0.6.2. The two ship together and pin floors against each other.

Built by Sam Hyland · Canberra, Australia