Every agent-trust system ships a checkmark. The certificate verifies. The audit log is consistent. The lineage is sound. Green tick, ship it.
Here's the thing about that checkmark: in almost every case, it's the issuer telling you it checked itself. The certificate was signed by the issuer, verified by the issuer's code, running on the issuer's server, and the verdict it returns is the issuer's verdict. That's not verification. That's self-attestation with extra steps.
A couple of weeks ago I wrote up the theory of this — N green checks can be one bit, on why a property is only verifiable if it's anchored to a party other than the one asserting it. This week I did the obvious next thing: I took real agent-provenance systems and actually verified them from the outside — re-deriving the verdict with code that isn't theirs, trusting none of their assertions. Here's what that looks like in practice, with runnable code, and what it catches.
The test of a "verifiable" system
One principle, stated as an operational test:







