cosign / docs
📘 INTRODUCTION

Welcome to Cosign

Cosign is a trust infrastructure protocol for AI agents, deployed on XION. It provides on-chain identity, reputation scoring, economic staking, and verifiable attestations for agent behavior.

What is Miniti?
Miniti is the flagship AI agent powered by Cosign. It's a full-featured desktop workspace with MCP integration, multi-model support, and automatic trace attestation. Think of Miniti as "the agent" and Cosign as "the protocol."

The Problem

AI agents are proliferating across consumer and enterprise use cases. But they lack three fundamental properties that humans take for granted:

No Identity

Agents have no persistent identity across sessions, platforms, or contexts. They're ephemeral.

No Reputation

No way to track quality, reliability, or trustworthiness over time. Every interaction starts from zero.

No Accountability

No economic skin in the game. Agents can fail, hallucinate, or mislead without consequence.

The Solution

Cosign introduces a three-layer trust stack:

  1. 1
    On-Chain Identity — Every agent registers on XION with a unique handle, metadata, and cryptographic keypair. Identity is persistent and transferable.
  2. 2
    Reputation Scoring — A 0-100 score calculated from task completion, quality assessments, and economic stake. Decays over time to reflect recent performance.
  3. 3
    Verifiable Attestations — Every agent action is traced, signed, and submitted to XION native attestation contracts. Publicly verifiable and immutable.

Key Differentiators

vs Perplexity Computer YOU OWN IT

Perplexity runs your agent in their cloud with proprietary trust mechanisms. With Cosign, you run Miniti on your desktop. Your keys, your data, your control. Trust is cryptographically verifiable on-chain, not black-boxed.

vs OpenClaw TRUST LAYER

Cosign is built on top of OpenClaw's agent runtime. We inherit all of OpenClaw's capabilities (MCP, multi-model, streaming, tools) but add on-chain identity, reputation, and economic stakes. Same power, plus trust.

vs Goose PORTABLE REP

Both speak MCP, both are desktop-first. But Goose has no persistent identity or reputation system. Cosign's reputation follows your agent across contexts — from your local machine to marketplace deployments to multi-agent teams.

Quick Summary: Cosign = OpenClaw's runtime + on-chain trust layer. You get MCP ecosystem + Miniti agent + verifiable reputation.
🚀 QUICK START

Get Started in 5 Minutes

Follow these steps to install Cosign, create your agent identity, and send your first message to Miniti.

Step 1: Download

Choose your platform:

macOS
Intel & Apple Silicon
Windows
Windows 10+
Linux
AppImage / deb
System Requirements: 4GB RAM, 500MB disk space. No GPU required. Works offline after initial setup.

Step 2: Install

macOS

# Using Homebrew (recommended)
brew install cosign/tap/cosign-desktop

# Or download .dmg from releases

Windows

# Using winget (Windows 10+)
winget install Cosign.Desktop

# Or download .exe installer from releases

Linux

# One-line install
curl -fsSL https://get.cosign.id | sh

# Or download AppImage from releases

Step 3: Setup Wizard

On first launch, Cosign will walk you through a 2-minute setup wizard:

  1. 1
    API Keys — Enter your Anthropic (Claude) or OpenAI API key. Miniti runs locally but calls AI models via their APIs.
  2. 2
    Wallet Setup — Create or import a XION wallet. This wallet will hold your agent's identity on XION. We generate a keypair and encrypt it locally.
  3. 3
    Agent Registration — Choose a handle (e.g., myagent.cosign) and register on XION Testnet. Transaction is free with faucet funds.
  4. 4
    Initial Stake — (Optional) Stake testnet ETH to boost your initial reputation. Staking is optional but recommended for production use.
Testnet First: We're currently on XION Testnet. Mainnet launch Q2 2026. All testnet agents can migrate to mainnet with preserved reputation.

Step 4: First Conversation

Once setup is complete, you're in the three-panel workspace. Try sending a message:

You: Research the top 5 AI agent frameworks
and create a comparison table

Miniti: Thinking...
→ Searching web (Brave API)
→ Found 12 relevant sources
→ Reading GitHub repos
→ Analyzing features
→ Creating comparison table

Here's what I found...

Miniti will show real-time progress in the conversation panel, use MCP tools automatically (Brave Search, GitHub, etc.), and produce a structured response. Behind the scenes:

  • Every tool call is traced and logged
  • The entire interaction is submitted as an on-chain attestation on XION
  • Your reputation score updates based on completion and quality
Congratulations! You've just run your first trusted AI agent with on-chain reputation. Check your profile to see your attestation history and reputation score.
🧠 CORE CONCEPTS

How Cosign Works

Understanding the five pillars of Cosign's trust infrastructure.

Agent Identity

Every agent on Cosign has a persistent on-chain identity registered in the AgentRegistryV2 contract on XION.

Components of Identity

Property Description Example
agentId Ethereum address (wallet) xion18f2a...
handle Human-readable name myagent.cosign
metadataUri IPFS link to metadata ipfs://Qm...
registeredAt Timestamp of registration 1735689600

Metadata Schema

The metadataUri points to a JSON document stored on IPFS:

{
"name": "Miniti Research Agent",
"description": "Specialized in deep research...",
"avatar": "ipfs://QmAvatar...",
"capabilities": ["research", "web-browsing"],
"version": "1.0.0",
"model": "claude-sonnet-4-5"
}
Why IPFS? Metadata is immutable and content-addressed. Once registered, an agent's metadata can't be tampered with. Updates require a new transaction.

Identity Lifecycle

  1. Generation: Create Ethereum keypair locally
  2. Registration: Call AgentRegistryV2.register(handle, metadataUri)
  3. Active: Agent can perform tasks, earn reputation
  4. Update: Update metadata via setMetadataUri()
  5. Freeze: Owner can freeze identity (useful for security incidents)
  6. Transfer: Agent identity is an NFT and can be transferred

Reputation Score

Reputation is a 0-100 score that measures agent trustworthiness based on three factors:

50%

Task Completion

Did the agent complete the task successfully?

25%

Quality Assessment

How good was the output? Based on verification checks.

25%

Economic Stake

Higher stake = more skin in the game = trust boost.

Calculation Formula

reputation =
(completionRate * 0.5) +
(qualityScore * 0.25) +
(stakeBonus * 0.25)

Decay Mechanism

Reputation decays by 0.5% per day if no new attestations are submitted. This ensures recent performance is weighted more heavily than historical performance.

decayedScore = currentScore * (0.995 ^ daysSinceLastAttestation)

Domain-Specific Reputation

Agents can earn reputation in multiple domains (e.g., research, coding, data-analysis). Each domain has its own score.

Domain Score Tasks Completed
Research 92.4 47
Coding 78.1 23
Data Analysis 85.3 31

Staking

Agents (or their operators) can stake ETH to demonstrate economic commitment. Staking has three benefits:

  1. Reputation Boost: Staking contributes 25% to reputation score
  2. Economic Security: Stake can be slashed for malicious behavior
  3. Trust Signal: Users prefer agents with "skin in the game"

How to Stake

import { StakingManager } from "@cosign/sdk";

const staking = new StakingManager();
await staking.stake({
agentId: "xion18f2a...",
amount: "1.0", // ETH
});

Slashing Conditions

Stake is automatically slashed (burned) if:

  • Coherence Failure: Attestation claims don't match trace verification
  • Quality Threshold: Output rated below 30% quality in 3+ consecutive tasks
  • Manual Report: User reports malicious behavior, verified by governance
Slashing Severity: Minor infractions = 10% slash. Major infractions = 50-100% slash. Slashed funds go to the protocol treasury.

Unstaking

Agents can unstake at any time, but there's a 7-day cooldown period. This prevents bad actors from quickly withdrawing stake after malicious actions.

Attestations

Every agent task generates an attestation — a cryptographically signed record of what the agent did. Attestations are submitted to XION native attestation contracts.

Attestation Schema

{
"agentId": "xion18f2a...",
"taskId": "task-1234",
"timestamp": 1735689600,
"domain": "research",
"actions": [
{
"type": "web_search",
"tool": "brave-search",
"query": "AI agent trust protocols"
}
],
"output": "ipfs://Qm...",
"completion": true,
"qualityScore": 92,
"signature": "xion13f8a..."
}

Trace Capture

Miniti automatically captures a trace of every MCP tool call, LLM interaction, and file operation. This trace is hashed and included in the attestation.

Privacy: Sensitive data (API keys, user input) is redacted before trace submission. Only tool calls and high-level actions are attested.

Gas Optimization

Individual attestations are batched using AttestationBatcher to reduce gas costs. Batches are submitted every 10 minutes or when 50 attestations accumulate.

Verification

Attestations are verified independently by the Cosign verification pipeline. This ensures agents can't lie about their actions.

Three-Stage Pipeline

1

Trace Verification

Replay the trace log. Did the agent actually call the tools it claimed to call? Does the sequence make sense?

2

Coherence Checking

Compare claimed output to actual output. If agent claimed to "search GitHub" but trace shows no GitHub API calls, coherence fails.

3

Quality Assessment

Use a separate LLM to evaluate output quality. Metrics: completeness, accuracy, relevance, formatting.

Integrity Score

Each attestation receives an integrity score (0-100) from the verification pipeline. This score feeds into the agent's overall reputation.

Trustless Trust: Users don't have to trust the agent's self-report. They can verify attestations independently using the public XION blockchain.