kairon/v0.3/attestation protocol

Every “done” is a claim.
Kairon makes it evidence.

An attestation protocol for AI coding agents — agent-agnostic, anchored on Monad.

one ticket · sealed right
kkairon/ticket/#042sealed

JWT → session cookie migration

sha-256 ( ticket + criteria + outcome + commit )
a3f4 9c8b 7e21 4c5f 8d02 ba19 f7e3 02d8
✓ 47·✓ 23·✓ build
agent · claude-opus-4.6monad block · 18,442,903sealed · 2026-04-22 · 14:21 utc
sealed
scroll · ticket
MONAD · TESTNET · LIVE·BLOCK 27,268,620
5 attestations·5 real · 15 sample
#042
JWT to session cookie migration
sealed · 14:21
#041
Rate limiter middleware for /api
sealed · 11:47
#040
Stripe payment webhook with idempotency
sealed · 18:39
#039
Postgres full-text index migration for /search
sealed · 13:22
#038
Redis cache layer for invoice lookups
sealed · 22:11
hover to preview · click to open attestation
same ticket · two endingswithout kairon
$ claude · session #ad9f
devrefactor jwt → session cookie, keep tests green
agentmigrating auth middleware…
agentupdating session store…
agentrunning tests…
agent✓ Done! Tests passed.
devmerging.
──── 7 days later ────
prodsession invalidation failing in production.
reviewPR said “tests passed.” which? when? by whom?
reviewno receipts.
01what’s broken

Every agent says “done.”
Nobody brings back receipts.

By 2026, a typical dev day runs through three or four agents — Claude in the morning, Cursor at lunch, Codex in the evening. Every one returns done. None returns a receipt.

five ways this breaksfor…
silent failureAgent says done. Code ships. Bug surfaces a week later. No one can point to when verification ran — or whether it ran at all.
review erosionPR description says “tests passed.” Which tests? When? With what expectations? Reviewers re-run or take it on faith. Review slows, trust decays.
multi-agent driftAgent A says auth is done. Agent B builds on A. A was wrong. The drift compounds silently through the stack.
freelance collapseDelivered with Claude. Client asks for proof. There is none — only chat history that expired. Pricing falls because claims are cheap.
ROI fogTeam spends $8K/mo on AI. Manager asks what actually shipped. There is no report — only invoices and vibes.
existing approaches fall short
CI/CDpass ≠ shipped
×Runs tests. No ticket-level binding of intent, criteria, outcome.
Claude Managed Agentsself-eval
×Self-evaluation. Vendor-locked to Anthropic. Research preview only.
GitHub Issues / PRsprose only
×Linear narrative. No binding between what was asked and what was verified.
Dex & task trackersno verify
×Structures tickets. Outcome is just text typed by the dev.
meanwhile

Tickets are being sealed right now, on Monad testnet. Every one with a receipt.

live
5 sealed · on monad
042JWT to session cookie migration14:21
041Rate limiter middleware for /api11:47
040Stripe payment webhook with idempotency18:39
039Postgres full-text index migration for /search13:22
monad testnet · block 27,268,620↗ ledger

The empty space has a shape. Kairon fills it.

↓ one ticket · five receipts

02one ticket · five receipts

A sealed ticket is not a claim.
It is a set of files.

Every Kairon ticket produces five artifacts — markdown intent, YAML criteria, runner log, cryptographic proof, onchain attestation. All git-tracked. All independently verifiable. Click through.

kairon · ~/tickets/042sealed · 2026-04-22 14:21
---
id:042
title:JWT → session cookie migration
status:sealed
agent:claude-opus-4.6
opened:2026-04-22T10:34:12Z
sealed:2026-04-22T14:21:44Z
commit:a7f3b2d
---
## Context
Client-side session timeouts are rising. JWT's stateless nature prevents server-side invalidation. Migrating to server-side sessions backed by Redis.
## Acceptance
See criteria.yaml.
## Outcome
See outcome.log · proof.sha256 · onchain.tx
sealedagent · claude-opus-4.6commit · a7f3b2dmonad · 18,442,903
viewingticket-042.md1 / 5
03architecture

Not a new tool.
A new skill.

Install once. Call it by saying seal this. The skill runs a TypeScript CLI, writes markdown tickets to git, and anchors tamper-evident hashes to Monad. Four layers — one protocol.

primary surfaceSKILL.md
Claude Code skill
What the dev sees. Invoked by saying “seal this.” No install, no new UI, no context switch — the skill activates inside the agent you already use.
invokes
reference implementationpackages/cli
Kairon CLI
TypeScript, agent-agnostic. open · verify · seal · report. Portable to Cursor, Codex, Gemini — any agent can adopt the same protocol.
writes
storagekairon/tickets/
markdown + git
Each ticket is a plaintext file with frontmatter. Human-readable, diff-friendly, replayable months later. Your repository is the ledger.
attests
trust anchorkairon.sol
Monad event emit
One event per seal. Tamper-evident, third-party verifiable, sub-second confirmation. Consumer-scale throughput — built for millions of attestations a day.
ticket lifecycle5 states · 1 receipt
openedintent + context
criteriaproposed · approved
workingagent codes
verifiedcriteria pass
sealedσ + commit + monad

Surfaces change. Protocol doesn’t.

Because trust should be evidence,
not etiquette.

try itthree doors, one protocol
see the live demoview a sealed ticketread the source
04specification

One protocol.
Many surfaces.

Kairon is a protocol, not a product. Today it lives inside Claude Code as a skill. The same spec runs under a CLI, under Cursor, under Codex. Any agent, any runner, one tamper-evident receipt.

skill · claude codecli · any agentcontract · monadreplay · deterministicgit-nativemit license
references
githubkairon-protocol/corespeckairon.md · v0.3contractmonad://kairon.solblitzmonad blitz · 2026
When the agent’s word becomes attestation,
trust stops being a claim.
kairon v0.3 · 2026 · mit
monad·block
18,442,900