Enterprise platform architect — Quickstart
Run Attestix as a service behind your own ingress. Multi-tenant context, idempotent REST, hash-chained audit. Honest about what's not in v0.4.0.
You're here because…
You're evaluating whether Attestix can sit inside an enterprise platform as a deployable service, not a CLI. The funnel evaluation flagged that enterprise evaluators got past install but dropped at integration — file-based storage, one signing key, no RBAC, no multi-tenant isolation, no KMS. Most of that is still true in v0.4.0. What v0.4.0 does ship: a proper Python package, idempotent REST endpoints, audit events per service, and an in-process tenant context. The honest gaps are listed at the bottom of this page so your architecture review can land on them now.
60-second install
pip install --pre 'attestix[api]'Run as a service:
uvicorn attestix.api.main:app --host 0.0.0.0 --port 8000Or as an MCP server over HTTP for AI workloads:
attestix mcp --transport http --port 8501First 30 lines that actually do something
# A minimal multi-tenant call against the running service.
# Idempotency is honoured via the Idempotency-Key header (Stripe-style).
import os, requests, uuid
BASE = os.environ.get("ATTESTIX_URL", "http://localhost:8000")
resp = requests.post(
f"{BASE}/identities",
json={
"display_name": "platform-issued-agent",
"source_protocol": "manual",
"capabilities": ["data_analysis"],
"issuer_name": "VibeTensor",
},
headers={
"Idempotency-Key": str(uuid.uuid4()),
# In a multi-tenant deployment, your gateway maps an authenticated
# principal to a tenant id and stamps this header before forwarding.
"X-Tenant-Id": "tenant_a",
},
timeout=10,
)
resp.raise_for_status()
agent = resp.json()
print(agent["agent_id"], agent["issuer"]["did"])
# Subsequent reads scope to the same tenant.
trail = requests.get(
f"{BASE}/audit/{agent['agent_id']}",
headers={"X-Tenant-Id": "tenant_a"},
).json()
print(len(trail), "audit rows so far")What you just got
- An HTTP service exposing the 44 REST endpoints (
/identities,/credentials,/compliance,/audit,/delegations, …) — same surface as the 47 MCP tools. - An idempotency middleware: repeating the same
Idempotency-Keyreturns the cached response, not a duplicate write. - A tenant context header (
X-Tenant-Id) that is plumbed through every service and stamped onto audit events. Pair it with your existing OIDC / mTLS edge.
Next step (5 minutes)
Wire structured audit shipping to your SIEM. Audit events emit as JSON lines into audit_log.jsonl (rotateable); the simplest path is a sidecar tailing it:
tail -F audit_log.jsonl | your-siem-shipper --type attestixThe deeper architecture guide covers the service decomposition (9 services), the on-disk format, and the hash-chain layout.
Open caveats for enterprise production
These are explicit gaps in v0.4.0; track them on the roadmap:
| Concern | v0.4.0 reality |
|---|---|
| Storage | Flat JSON files. Postgres / S3 backend is planned. |
| Signing key | .signing_key.json, plaintext by default. Encrypted-at-rest is opt-in via ATTESTIX_KEY_PASSPHRASE. KMS / HSM / Vault is planned. |
| RBAC / IAM | Tenant header is honoured by services; full RBAC + OIDC / SAML mapping is not in scope for v0.4.0. |
| HA | Single-process. Multi-replica with shared state needs the pluggable storage backend first. |
| Third-party security audit | None to date. |
| Anchoring | Base L2 testnet only (Sepolia). Mainnet schema registration on the roadmap. |
Healthcare ML lead — Quickstart
Record training-data provenance, model lineage, and an Annex III high-risk profile for a clinical decision-support agent. GDPR Article 17 erasure included; DPDP / HIPAA-adjacent obligations called out honestly.
EU AI Act / GRC consultant — Quickstart
Generate Annex IV technical documentation and an Annex V Declaration of Conformity for a client's high-risk AI system. Honest about where cryptographic integrity ends and human / notified-body sign-off begins.