VeriCID
FVM Calibration
Publish a tool
CONTENT-ADDRESSED TOOL INTEGRITY

The CID isn't a pointer to your tool.
It is your tool.

Every tool an AI agent runs is pinned to IPFS and registered on-chain by its content hash. Agents resolve, verify, and execute the exact code that was registered — or they don't execute at all.

Explore the registryPublish a tool
@demo/weather@1.0.0
$ vericid publish examples/weather-tool
bafkreiecu2cnyyhynkccublzqh7gsfsjjln74kqn…tamq
// change one byte →
bafkreie7ux4abgicudqjae3bxrypbp2phvmu4rq…jngq
hash matches on-chain CID — execute
01 — HOW IT WORKS
TOOL AUTHOR
Publish → get CID

Seal the tool and its full dependency closure into one artifact. The CID becomes the permanent identity of that exact version.

VERICID REGISTRY
Commit CID on-chain

An FVM contract stores creator, name, version & CID. Immutable. No rug pulls, no description swaps.

AI AGENT RUNTIME
Resolve → verify → run

Look up by name, resolve the CID, verify the content hash natively, execute the exact code — sandboxed. Mismatch = refuse.

02 — WHAT THIS PREVENTS
ATTACK VECTOR
WITHOUT VERICID
WITH VERICID
Tool poisoning (description swap)
Undetectable until scan
Description is part of the CID
Rug pull (code swap)
No detection
Code is the CID — swap = new entry
DNS / domain takeover
Full compromise
CID resolves independently of DNS
MITM on tool endpoint
Silent
Content-hash verification fails
Supply-chain injection
Hard to detect
Every dependency sealed in the CID
AGENT-NATIVE INTEGRITY

Integrity built into the protocol agents already use to discover and invoke tools.

Not another audit tool for developers who read logs. The agent cannot run unverified code, because verification is the resolution step itself.

Browse verified tools