World ID closed the proof-of-human layer in April 2026. The agent-specific layer above it — authority, Agent Passport, constraint, human-in-loop — is commercially open. zkRune is the open-source cryptographic primitive set for that layer. No closed ecosystem, no Orb hardware, no token gate. Drop into any agent runtime.
Already using World ID, Reclaim, or EUDI Wallet for human identity? zkRune slots above them as the agent-attestation layer — see the comparison table below. Deploying agents in the US? Colorado AI Act is binding 1 February 2026.
The agent runtime is well-served (LangChain, Claude Agent SDK, Vercel AI SDK). The human-identity layer is well-served (World ID 4.0, EUDI Wallet, KYC vendors). The web-data attestation layer is well-served (Reclaim Protocol). What is missing is the layer in between: the cryptographic primitives that make an agent's actions independently verifiable as authorised, in-scope, sourced from licensed data, and human-reviewed where required.
We do not build an agent runtime. Your agents keep running where they already do. We do not compete with World ID on proof-of-human or with Reclaim on web-data attestation. We provide the cryptographic primitives for the agent-specific attestation layer — the bit that turns "the agent did X" into a proof a regulator or counterparty can independently re-verify.
Browserbase, Exa, Anthropic Claude Agent SDK, OpenAI Agents, Vercel AI SDK, Cohere, LangChain, Cline, agent-runtime infra
Drop-in attestation layer underneath your existing agent runtime. The agent runs in your platform; the proof that it was authorised, in-scope, and human-reviewed lives in the user's browser and is verified independently. Open-source MIT — no Orb hardware, no token gate, no closed ecosystem.
In-house agent deployments at regulated enterprises — banks, healthcare providers, public-sector portals, insurance, large SaaS — that need an auditable trail of agent decisions
Each agent action becomes a cryptographic proof: who authorised the agent, what its scope was, whether a human reviewed it, what data licence backed its model. Maps directly to EU AI Act Article 12 logging obligations for high-risk systems and to internal SOX-grade audit requirements.
Credo AI, Holistic AI, Fiddler, Arize, AI risk-management platforms, model-card and policy-orchestration vendors
ZK as a pluggable evidence layer in your existing GRC / model-card pipeline. You keep policy orchestration and dashboards; we provide the cryptographic primitives that turn 'we asserted compliance' into 'here is a proof a regulator can re-verify'.
The four questions every agent deployment has to answer, and the circuits zkRune ships today that produce a re-verifiable cryptographic answer for each. Mapping is informational; consult your conformity assessor and DPO before claiming certification.
Pillar
Authority
Does this agent legitimately act for the user it claims to represent?
zkRune circuit
signature-verification · credential-proofNotes
User signs a delegation token bound to the agent's public key, scope, and expiry. The agent proves possession of the signed delegation without exposing the user's private key. Selective disclosure lets the relying party verify the binding without seeing unrelated user attributes.
Pillar
Agent Passport
Does this agent hold a current, issuer-signed Passport for the data, licences, and credentials it claims to operate under?
zkRune circuit
membership-proof · hash-preimage · signature-verificationNotes
Data licensors and credential issuers sign Agent Passports — attestations binding the agent's identity to authorised corpora, licences, or external credentials. The agent presents a zero-knowledge proof that it holds a current Passport; the relying party verifies the issuer's signature chain against on-chain anchors. **zkRune verifies the Passport. It does not generate proof that the model was actually trained on a given corpus — that responsibility stays with the issuer (the data licensor or attesting authority).** Maps to GPAI Code of Practice training-data transparency expectations and to EU AI Act Article 50 provenance obligations.
Pillar
Constraint
Is the agent acting within its authorised permission and resource limits?
zkRune circuit
range-proof · balance-proofNotes
Range-proof binds spending caps, token budgets, rate limits, or tool-call counts. Balance-proof verifies the agent has not exceeded its authorised principal balance. Useful for autonomous payment agents, RPA agents, and any agent with a budget envelope.
Pillar
Human-in-loop
Did a designated human reviewer authorise this specific decision before it executed?
zkRune circuit
signature-verification · patience-proofNotes
A human reviewer signs the decision hash. Patience-proof enforces minimum review intervals (anti-rubber-stamping). Maps directly to EU AI Act Article 14 human-oversight requirements and to internal four-eyes / maker-checker controls in regulated workflows.
Layer
Proof of Human (insan kimliği)
Incumbent
World ID 4.0 (Worldcoin)
April 2026 'Lift Off' launch — proof-of-human SDK with Browserbase, Exa, Okta, Vercel partners. Closed ecosystem, Orb hardware, WLD token. Strong distribution.
zkRune fit
We do not compete here. zkRune slots above the human-identity layer — wherever your user already verified personhood (World ID, civil registry, KYC vendor, EUDI Wallet), zkRune adds the agent-specific attestations on top.
Layer
Web data attestation (zkTLS)
Incumbent
Reclaim Protocol
3M+ verifications, 0% fraud, SOC 2 + ISO 27001 + GDPR. 10K+ payroll, 29K+ universities, 100+ airlines integrated. Effectively the production incumbent.
zkRune fit
We do not compete head-on. Where Reclaim provides the web-data proof, zkRune can act as the policy-and-binding layer that takes their attestation and turns it into an agent-scoped credential.
Layer
Agent attestation (authority · Agent Passport · constraint · oversight)
Incumbent
(no dominant incumbent)
Worldcoin holds the human side but the agent-specific attestation layer is commercially open. AI governance vendors (Credo AI, Holistic AI) provide policy and dashboarding but not cryptographic evidence.
zkRune fit
This is where zkRune leads. 14 production Groth16 circuits, mainnet on three chains, MIT-licensed. The Proof of Agent framework is what we ship today.
Existing circuits
4 of 14 directly map
signature-verification, credential-proof, membership-proof, range-proof — the Proof of Agent framework requires zero new circuit work to ship a v1 integration.
Proof generation
0.4–5 seconds in-browser
Agent attestations run client-side at human speed. For high-throughput autonomous agents, a server-side proving fallback is straightforward to add — proofs themselves remain ~200 bytes.
Open source
MIT / Apache-2.0
No closed-ecosystem capture. Customers fork, self-host, audit. Critical for enterprise procurement and increasingly demanded by AI governance frameworks (NIST AI RMF, ISO 42001).
Mainnet anchors
Solana · Base · Sui
Verification keys are immutable on three chains. An auditor, a regulator, or a downstream agent platform can re-verify any attestation against the on-chain key — no dependency on zkRune or the agent operator as a vendor.
Licence
No token gate · No hardware
Unlike alternatives that require a proprietary token, hardware device, or closed onboarding path, zkRune integration is a single npm install plus the OpenAPI spec.
Audit
Q3–Q4 2026 (planned)
Third-party security audit scheduled. SOC 2 / ISO 27001 roadmap follows. Honest disclosure of current posture at /trust — including what we have not yet proved.
The list below is what your existing agent stack already handles. zkRune slots underneath as the cryptographic attestation layer — not as a replacement for the runtimes, vendors, or platforms you already trust.
Counterparties, internal audit, AI governance teams, and supervisors can independently re-verify any Proof of Agent attestation against the on-chain key — no dependency on the agent operator or zkRune as a vendor.
We work directly with engineering teams at agent platforms, in-house AI ops, and AI governance vendors. The fastest path is a 30-minute technical session with the OpenAPI spec, trust documentation, and a tailored Proof-of-Agent integration sketch ready to forward to your security team.
zkruneprotocol@gmail.com · @rune_zk on X · github.com/louisstein94/zkrune