AT1C SDK — Developer Implementation Guide (Complete)
Ship Accountable AI Agents with Cryptographic Proof The Challenge
You're building AI agents—tools that make decisions and take actions on behalf of users. Whether it's a GPT-6 wrapper, an autonomous trading system, or a personal assistant, the same problem emerges:
Regulatory Requirement: The EU AI Act (effective August 2, 2026) and similar regulations worldwide now mandate human oversight of high-risk AI decisions. If your agent makes a mistake—transferring funds to the wrong address, approving an unauthorized action—you need proof that the user explicitly authorized that specific action.
The Risk: Without a verifiable audit trail, you face:
Regulatory exposure: Fines up to €35 million or 7% of annual revenue
Liability disputes: "He said/She said" conflicts with users claiming they never approved an action
Operational paralysis: No clear way to prove compliance with oversight requirements
The AT1C Solution: Cryptographic Accountability Layer
The AT1C SDK wraps your AI agent in transparent, verifiable authorization. Every action is signed by the user with specific limits, creating an immutable receipt that proves exactly what was approved and when. What This Means for Each Stakeholder Stakeholder What They Get End User A unified digital identity they fully control, with transparent visibility into what they're authorizing. No hidden permissions. You (Developer) A "Compliance Engine": Every action is logged with cryptographic proof, turning vague consent into parameter-locked authorization. Regulators Clear evidence that your system enforces human oversight and respects user boundaries. Quick Start: Five-Minute Integration 1. Install and Initialize python
import at1c_sdk
Connect your agent to the user's AT1C identity
(AT1C = "One Human, One Identity, Infinite Agents")
agent = at1c_sdk.Agent( at1c_id="AT1C:qrl:0x1a2b...", # User's unique identity on QRL network="qrl" # Quantum-resistant ledger (see note below) )
What's QRL? The Quantum Resistant Ledger is a blockchain engineered from inception to resist both classical and quantum computing attacks. It uses XMSS (eXtended Merkle Signature Scheme), a hash-based signature algorithm that remains secure even against hypothetical quantum computers. This is critical for long-term compliance: your authorization proofs won't become worthless if quantum computing advances. 2. Define the Authorization Scope (Policy)
This is critical: Define precise limits, not broad permissions. python
policy = at1c_sdk.Policy( # What action is allowed? actions=["transfer"],
# What are the hard limits?
limits={
"max_value": 1000, # Maximum amount per transaction
"currency": "USD", # Currency type
"max_recipients": 1, # Only one recipient per authorization
"recipient_whitelist": ["0xabc123"], # Approved addresses only
},
# How long is this authorization valid?
duration="24h",
# (Optional) Require additional approval for certain thresholds
require_approval_above=500, # Transactions > $500 need manual review
# (Optional) Restrict to specific times (e.g., business hours)
time_window="09:00-17:00 UTC",
)
Why this matters: If the user authorizes "transfer up to $1,000," but your agent tries to send $1,500, the AT1C SDK blocks it locally before the transaction even reaches the network. The signature is mathematically invalid for that amount. This prevents failed transactions, saves on network fees, and ensures compliance in real-time. 3. Request User Authorization
This triggers a secure prompt on the user's device (mobile app, browser, or wallet). python
try: # Request the user to sign the policy auth_request = agent.request_scope(policy)
# The user sees exactly what they're signing:
# "Authorize transfer of up to $1,000 USD to whitelisted addresses for 24 hours"
# They approve with biometric (FaceID/TouchID) or passkey authentication
except at1c_sdk.AuthorizationError as e: # Handle authorization failures gracefully print(f"Authorization failed: {e.reason}") # Possible reasons: User denied, policy too broad, network error, invalid AT1C ID return None
Behind the scenes (handled automatically):
The SDK generates a Post-Quantum hybrid signature (resistant to both classical and quantum attacks)
The signature cryptographically binds to the specific policy parameters
No user secrets leave their device
The authorization receipt is timestamped and immutable
- Execute with Proof python
if auth_request.is_signed: try: # SUCCESS: You now have cryptographic proof of authorization result = agent.execute( action="transfer", amount=500, recipient="0xabc123", auth_receipt=auth_request.receipt # Immutable proof )
# Log the receipt for compliance and audit trails
compliance_log.record(
user_id=agent.at1c_id,
action="transfer",
amount=500,
authorized_limit=1000,
timestamp=result.timestamp,
receipt_hash=auth_request.receipt.hash,
policy_version=policy.version
)
print(f"✓ Transfer approved. Receipt: {auth_request.receipt.hash}")
return result
except at1c_sdk.PolicyViolationError as e:
# Agent tried to violate the policy (e.g., transfer $1,500 when limit is $1,000)
print(f"✗ Policy violation blocked: {e.violation_type}")
print(f" Attempted: ${e.attempted_value}, Authorized: ${e.authorized_limit}")
# The SDK prevents this at the client level — it never reaches the network
# Log this for security monitoring
security_log.record(
event="policy_violation_attempted",
user_id=agent.at1c_id,
violation_type=e.violation_type,
timestamp=datetime.now()
)
return None
except at1c_sdk.NetworkError as e:
# Handle network failures gracefully
print(f"✗ Network error: {e.message}")
# Retry logic or fallback mechanism
return None
else: # FAILURE: User denied authorization or policy was too broad print("✗ Authorization denied. Agent cannot proceed.")
# Log this for audit purposes
audit_log.record(
event="authorization_denied",
user_id=agent.at1c_id,
policy_requested=policy.to_dict(),
timestamp=datetime.now()
)
return None
Key Features: How AT1C Solves Real Problems A. The "Passport Wrapper" Strategy: Proprietary AI Compatibility
The Problem: OpenAI, Google, Claude, and other proprietary AI providers won't integrate AT1C natively into their APIs.
The AT1C Solution: Run the SDK client-side as a local proxy.
User's Device: ┌─────────────────────────────────────────────────┐ │ Your App / Browser Extension / Desktop Client │ │ ┌──────────────────────────────────────────┐ │ │ │ AT1C SDK (Local Proxy) │ │ │ │ ✓ Checks authorization against policy │ │ │ │ ✓ Validates policy compliance │ │ │ │ ✓ Signs requests with user's identity │ │ │ │ ✓ Generates compliance receipts │ │ │ └──────────────────────────────────────────┘ │ │ ↓ (encrypted, user-signed) │ │ ┌──────────────────────────────────────────┐ │ │ │ OpenAI API / Google API / Claude API │ │ │ │ (Proprietary, non-AT1C integrated) │ │ │ └──────────────────────────────────────────┘ │ └─────────────────────────────────────────────────┘
AT1C Network (Decentralized): ┌─────────────────────────────────────────────────┐ │ QRL (Root Hash Anchor) │ │ Nillion (Secret Vault) │ │ Walrus (Public Asset Storage) │ │ Glass Archive (Permanent Legacy) │ └─────────────────────────────────────────────────┘
Key security property: The user's API keys for OpenAI never leave their device. The SDK:
Intercepts requests from your agent
Verifies they comply with the user's policy
Signs them with the user's AT1C identity
Routes them securely to the proprietary API
AT1C only sees the authorization receipt, not the user's secrets.
Result: You turn proprietary AI into a transparent "utility pipe" while keeping the identity layer fully open and user-controlled. Users trust you because they know their secrets stay private. B. "Accountability Standard": Evidence Over Immunity
The Reality: Disputes happen. Users claim, "I didn't authorize that." Without proof, you're exposed to regulatory fines and lawsuits.
The AT1C Solution: Replace vague consent with parameter-locked signatures. Scenario Before AT1C With AT1C What user signs "I authorize transfer" (vague) "Transfer maximum $500 to Address 0xabc123 within 24 hours" (specific) User dispute "I never approved that." "I never approved that." Your defense "Our logs show you clicked 'approve.'" (weak) "Here's your cryptographic signature proving you authorized exactly $500 to this address." (strong) Regulatory stance Inconclusive; fines possible Clear evidence of user responsibility; compliance demonstrated Outcome Legal costs, uncertainty Clear liability assignment, regulatory approval
For regulators: You can demonstrate compliance with EU AI Act Article 14 (human oversight requirement) by showing:
Cryptographic proof of explicit user authorization
Specific parameters the user approved
Timestamp of authorization
Immutable receipt showing what action was actually executed
This transforms a potential "negligence" lawsuit into a clear-cut case of user responsibility. C. Granular Authorization Controls: Parameter Locking
Users don't just approve actions—they approve specific parameters. The SDK enforces these limits mathematically. python
User authorizes:
policy = at1c_sdk.Policy( actions=["transfer"], limits={ "max_value": 500, "recipient_whitelist": ["0xabc123", "0xdef456"], "duration": "24h" } )
Scenario 1: Agent tries to exceed value limit
try: agent.execute( action="transfer", amount=600, # ❌ BLOCKED: Exceeds $500 limit recipient="0xabc123" ) except at1c_sdk.PolicyViolationError as e: print(f"Blocked: {e.reason}") # Output: "Amount exceeds authorized limit"
Scenario 2: Agent respects the limit
result = agent.execute( action="transfer", amount=400, # ✓ ALLOWED: Within limit recipient="0xabc123" ) print(f"Success: {result.receipt_hash}")
Scenario 3: Agent tries unapproved recipient
try: agent.execute( action="transfer", amount=400, recipient="0xunknown" # ❌ BLOCKED: Not whitelisted ) except at1c_sdk.PolicyViolationError as e: print(f"Blocked: {e.reason}") # Output: "Recipient not in whitelist"
Key benefit: Enforcement happens locally in the SDK before any transaction reaches the network. This:
Prevents failed transactions
Saves on network fees
Ensures real-time compliance
Provides immediate feedback to users and developers
D. Zero-Friction Onboarding: No Seed Phrases Required
The Old Way: "Save your 24-word seed phrase in a safe place."
Result: Users lose access, forget passphrases, get hacked, or accidentally expose secrets.
The AT1C Way: Account abstraction with biometric recovery. python
User logs in with:
Option 1: Passkey (FaceID / TouchID) — fastest, most secure
user = at1c_sdk.login_with_passkey()
Option 2: Email + verification code — accessible
user = at1c_sdk.login_with_email("user@example.com")
Option 3: Phone + SMS — fallback
user = at1c_sdk.login_with_phone("+1-555-0123")
No seed phrases to manage, lose, or compromise
If user loses their device:
Recovery via trusted guardians (family, friends)
recovery = at1c_sdk.initiate_recovery( guardians=["friend@example.com", "family@example.com"], threshold=2 # Require 2 of 3 guardians to approve )
Guardians receive recovery requests
After approval, user regains access to their identity
Identity persists even if device is lost or stolen
Why this matters:
Regulatory compliance: You're not storing master passwords; users maintain sovereignty
User trust: Users know they can leave your app without losing their identity
Security: Biometric authentication is more secure than passwords
Accessibility: Doesn't require technical knowledge to recover access
Why Build on AT1C? The Strategic Advantages Advantage What It Means Interoperability One identity works across all your apps and partners. No vendor lock-in. Users can switch services without losing their identity. Cost Efficiency QRL uses deterministic fees—no surprise $50 gas spikes. Predictable compliance costs for your business. Quantum-Ready Your users' data is protected from future quantum decryption via Nillion integration. Your compliance won't become obsolete. Sovereignty If your app shuts down, users keep their identity. They trust you more because they can leave. This reduces churn and builds loyalty. Regulatory Defense You have cryptographic proof of human oversight—the strongest possible defense against AI Act violations and fines. Auditability Every action is logged with immutable receipts. Regulators, auditors, and users can verify compliance independently. Implementation Checklist
Identify high-risk actions in your agent (transfers, approvals, data access, model calls)
Define granular policies for each action with specific limits (amount, recipient, time window, approval threshold)
Integrate AT1C SDK into your agent's decision loop
Test authorization flows with real users and edge cases
Log all receipts for compliance audit trails (include timestamp, user ID, policy version, action details)
Document your oversight mechanism for regulators (how AT1C ensures human oversight)
Train your team on policy design best practices (avoid overly broad permissions)
Set up monitoring for policy violations and authorization failures
Create recovery procedures for edge cases (network failures, lost devices, guardian recovery)
Prepare for audits by organizing compliance logs and receipts
Common Questions Q1: What if my agent needs to act in an emergency without waiting for user authorization?
A: Design a high-priority policy tier: python
emergency_policy = at1c_sdk.Policy( actions=["emergency_transfer"], limits={"max_value": 100}, # Limited scope duration="1h", pre_authorized=True # User pre-approves this once )
Agent can execute immediately, but still generates a receipt
User is notified post-action
Audit trail shows it was pre-authorized
This maintains accountability while allowing time-sensitive actions. Q2: What happens if the AT1C network is down?
A: The SDK includes a fallback mode: python
try: result = agent.execute(action, auth_receipt) except at1c_sdk.NetworkError: # Fallback: Check cached policy locally if policy_cache.is_valid(policy): result = agent.execute_offline(action, auth_receipt) # Mark as "pending verification" in logs compliance_log.mark_pending_verification(result) else: # Deny action; wait for network recovery return None
Once the network recovers, pending actions are verified and logged. Q3: How do I handle multi-signature scenarios (e.g., two executives must approve)?
A: Use the guardian threshold mechanism: python
policy = at1c_sdk.Policy( actions=["large_transfer"], limits={"max_value": 100000}, require_approval_from=[ "executive1@company.com", "executive2@company.com" ], threshold=2 # Both must approve )
Agent requests authorization from both parties
auth_request = agent.request_scope(