Agents act without audit trails
OAuth 2.1 (the MCP de-facto since June 2025) is single-hop, no holder-side scope attenuation. Reconstructing "which human → which agent → what scope" is impossible after the fact.
Pre-seed · Riga · London · SF · 2026
TETRACT.
The cryptographic chain-of-custody for autonomous action. Tetract binds AI agents, humans, organizations, and products into one verifiable, regulator-shaped trust graph — built for the agentic economy that ships in August 2026.
Four-Node Graph
Verifiable Edges
Regulator-Shaped
Agentic-First
Problem · 5 gaps converging on Aug 2026
01
Accountability
02
Liability
03
One-Node Stacks
04
DPP Islands
05
12-Month Cliff
06
Insight
Agents act. Nobody is on the hook.
A Claude Code agent commits to your main branch. An Atlas agent buys flights on your card. A Comet agent exfiltrates a 1Password vault — actually documented, November 2025. There is no cryptographic chain of custody answering who authorized what, on whose behalf, scope, validity, revocability. OAuth 2.1 is single-hop. The 2026 IETF AIP draft found no shipped standard satisfies more than 4 of 7 properties for genuine agentic delegation.
Identity ≠ accountability
Stripe SPT, Visa TAP, Google AP2 (all launched Sep–Oct 2025) cryptographically authorize a payment. None carry forward to dispute, audit, or AI Act Article 14 oversight. IBM 2025 made the critique explicit.
Every player owns a vertex, no one owns the graph
Worldcoin, Humanity, Alien, Billions, Spruce, ENS — node primitives. Avery Dennison, Arianee, Circulor — product nodes. Nobody ships the verifiable edge. ToIP/DIF Trust Graph WG started 30 Sep 2025 because the gap is now standards-track admitted.
Product passports, no agents attached
30B+ items on atma.io. Volvo cobalt traceability. Moncler tokens. None of them connect issuing org's verifiable identity → employee credential → AI agent that updates the DPP. ESPR Article 13 mandates a Registry by 19 Jul 2026 — without specifying the agent edge.
Three regulations, one window
EU AI Act Art. 50 (2 Aug 2026). ESPR Art. 13 DPP Registry (19 Jul 2026). Battery Passport per-unit (18 Feb 2027). EUDI Wallet, EUDR, Sunrise 2027 stacking on top. One stack satisfies all four regimes — or eleven incompatible vendors integrate for four years.
The full graph is unclaimed
a16z named "Know Your Agent" the 2026 identity primitive. Catena Labs raised $18M for it — in payments only. Astrix went to Cisco for ~$300M — enterprise NHI only. No vendor has the cap-table to ship the full four-node graph. We do.
Thesis
Worldcoin proved humanity.— Tetract is building the verifiable edge.
ENS proved naming.
Stripe proved payment.
Avery Dennison proved the product passport.
Nobody has proven the relationship.
Solution · Four Nodes, One Graph
did:human:*
did:org:*
did:product:*
did:agent:*
Every agent action is a four-witnessed act.
Each entity gets a W3C Decentralized Identifier. Each "passport" is a profile of Verifiable Credentials 2.0. Each edge — employed-by, produced-by, delegated-by, owned-by, authorized-for, attested-by — is itself a signed, scope-attenuated, revocable credential. Selectively disclosable via SD-JWT, BBS+, or ZK-SNARK as policy requires.
Human Passport
Proof-of-personhood (World ID / Humanity / Billions / EUDI 2.0 PID). KYC/AML. Roles. Selective disclosure via ZKP — prove "agent is authorized" without revealing the principal.
Organization Passport
eIDAS 2.0 LPID. GS1 GLN. LEI. Industry consortia (CIRPASS, GS1 BeLu Solution Partner). ESPR / ESG compliance status. The legal-person anchor that lets every downstream credential carry liability.
Product Passport (DPP)
GS1 Digital Link → DID → ESPR-compliant VC bundle. Manufacturing, sustainability, supply chain, ownership. Built on Fluxy.One backbone — 27 languages, AI parsing, prEN 18220 conformance.
AI Agent Passport
Architecture, version, training-data lineage. Risk classification per EU AI Act. Operator delegation chains. Compatible with MCP, A2A, AP2, ERC-8004, AGNTCY, NANDA AgentFacts. Eleven verifiers; one SDK.
Why Now · Regulatory Cliff
Three regulations. One agentic explosion. Zero unified trust layer.
EU's regulatory window opens in 12 months and closes hard. Every agent platform shipped in 2025–26. Every standard hit Recommendation. Every vendor staked a single node. Nobody shipped the graph.
EU REGULATORY TIMELINE · 2026 → 2027
19 JUL 2026
ESPR Article 13 — Commission DPP Registry must exist; per-product unique identifiers (ISO/IEC 15459) signed by issuers.
02 AUG 2026
EU AI Act Articles 50 + Annex III — Transparency obligations; high-risk systems traceability; Article 14 human-oversight reconstructability.
31 DEC 2026
EUDI Wallet — Each Member State offers one certified wallet. LPID legal-person identity becomes operational.
30 DEC 2026
EUDR — Geolocation due-diligence statements for 7 commodities, large/medium operators.
18 FEB 2027
Battery Passport — EV/industrial >2 kWh batteries: unique-item DPPs mandatory. GBA Battery Pass / Catena-X / DIN DKE Spec 99100 alignment.
END 2027
GS1 Sunrise 2027 — Retail POS globally accepts GS1 Digital Link 2D QRs.
AGENT-PROTOCOL CONVERGENCE · 2025 → 2026
APR 2025
Google A2A launched. By April 2026: 150+ supporting orgs; donated to Linux Foundation.
MAY 2025
W3C VCDM 2.0 reaches Recommendation. DID Core 1.1 Candidate Recommendation March 2026.
JUN 2025
MCP Auth Spec 2025-06-18 baseline. ~97M MTQ SDK downloads by Q1 2026.
SEP–OCT 2025
Visa TAP, Mastercard Agent Pay, Google AP2, Stripe ACP — all launch with 100+ partners each.
OCT 2025
OpenAI Atlas + Apps SDK. Cloudflare Web Bot Auth (RFC 9421) at edge. ENSIP-25 + ERC-8004 unveiled.
DEC 2025
MCP donated to Linux Foundation. Catena Labs raises $18M (a16z) for agent payments.
Architecture · 7 Layers, 1 SDK
The Rosetta Stone of agent identity.
Eleven parallel agent-identity protocols are alive in 2026 (MCP, A2A, AP2, x402, ACP, ANP, AGNTCY, NANDA, Web Bot Auth, ENSIP-25, ERC-8004). Tetract emits the right attestation per surface. Single integration; eleven verifier compatibilities.
L0
Cryptographic Root
Ed25519 + secp256k1. Optional post-quantum migration. Hardware-backed keys (iOS Secure Enclave, Android StrongBox, YubiKey enterprise).
L1
DIDs · Four Entity Types
did:human (World ID / Humanity / Billions / EUDI PID) · did:org (eIDAS LPID / GS1 GLN / LEI) · did:agent (A2A Agent Cards + ERC-8004) · did:product (GS1 Digital Link / Fluxy backbone).
L2
W3C Verifiable Credentials 2.0
VCDM 2.0 (Recommendation 15 May 2025). Open schemas: PersonhoodCredential, AgentCredential, OrgEmployeeCredential, ProductPassportCredential + 7 EdgeCredentials. Bitstring Status List for hourly revocation.
L3
Delegation Protocol — The Core Innovation
Synthesis of MIT/Oxford Authenticated Delegation, IETF HDP, AIP, and UCAN with typed scopes (currency caps, time windows, geo, allowlists). 340–380 bytes per delegation, sub-ms verify at depth 5.
L4
Agentic Trust Protocol — The Rosetta Stone
Emits MCP OAuth 2.1 + RFC 8707 · A2A signed VPs · Web Bot Auth (RFC 9421) · Visa TAP · Stripe ACP · Google AP2 mandates · Coinbase x402 · AGNTCY OASF · NANDA AgentFacts · ENSIP-25 / ERC-8004.
L5
Product Passport (Fluxy Backbone)
GS1 Digital Link resolver, EU GDPR-compliant, AI document parsing, 27-language hosting, ESPR three-tier access, prEN 18220 + ISO/IEC 15459 + ISO/IEC 18004 conformance. Every DPP is a VC issued by an LPID-anchored org DID.
L6
Privacy · Four Primitives, One SDK
SD-JWT (default, EUDI-compatible) · BBS+ unlinkable selective disclosure · ZK-SNARK via Iden3/Circom (Privado/Billions stack) · TEE attestation (Alien CHVP, AWS Nitro, Intel TDX) for biometric proofs.
Use Cases · 10 from Day One
Where the trust graph earns its keep.
Every use case is a four-node act. Every act is provable in one credential chain. Every chain reduces to agent → human → org → product — a structure traditional IAM cannot represent.
⌘
Verifiable code commits
Every Claude Code / Cursor / Devin commit signed, scoped, audited. Engineering forensic ledger.
$
Browser-agent commerce
Atlas / Comet / Goose buy with merchant-verifiable authority alongside Stripe SPT / Visa TAP / AP2.
⊛
Agentic supply-chain
Textile MCP agent updates DPPs hourly. ESPR Art. 7 + 13, CIRPASS-2, EUDR satisfied in one chain.
+
Healthcare agent
Clinical agent → physician's medical-license credential → hospital org DID. HIPAA/GDPR audits in seconds.
↔
Cross-border A2A commerce
Latvia SIA agent ↔ Delaware C-Corp agent. Both KYB-satisfied. x402 stablecoin settlement.
©
Brand customer-service agent
Article 50(1) chatbot transparency + GDPR controller ID + sector authorization in one credential.
↻
Resale-market provenance
Vestiaire agent presents chained ownership credentials anchored to original Moncler DPP. Counterfeits cannot present the chain.
¶
AI journalism provenance
Byline carries Tetract publisher-authority credential + human editor countersignature. EU GPAI Code of Practice satisfied.
⚡
Battery passport · Feb 2027
Every >2 kWh battery: lifecycle credential chain. GBA Battery Pass / Catena-X / DKE Spec 99100 by default.
⊕
Agent-spawned-agent governance
Planner spawns 3 executors with attenuated scope. Traditional IAM cannot represent this. Tetract was built for it.
Competition · Single-Node Worlds
Every leader sells one vertex. We sell the edges.
Avery Dennison has no agent stack. Worldcoin has no DPP. Catena Labs has no products. Stripe has no humans. Vertical integration is what no individual leader has the right to ship.
Category
Strongest Player
Funding / Scale
What they don't ship
Human PoP
Worldcoin / World
$250M+ · 26M App
No org/product graph; AgentKit is a binary tether, not a graph
Human PoP
Humanity Protocol
$50M @ $1.1B
No agent graph; H-token dependency
Human PoP
Alien (Avery)
$14.4M total
New network; no org / product layer
Agent ID
Anthropic MCP
LF · ~97M SDK DLs
Defers identity to host; OAuth 2.1 only
Agent ID
OpenAI Atlas / AgentKit
Oct 2025 launch
No verifiable per-agent identity
Agent Pay
Catena Labs (ACK)
$18M (a16z)
Payments-only; no DPP, no products
Enterprise NHI
Astrix → Cisco
~$300M acquisition
No consumer; no products; cloud-IAM
Enterprise NHI
Oasis Security
$190M / $120M B
Same NHI silo
DPP
Avery Dennison atma.io
30B+ items
No identity graph; centralized SaaS
DPP
Spherity VERA
€2.5M, W3C VC-based
Closest architecturally — but no agent layer
DPP
Fluxy.One
GS1 BeLu SP · CIRPASS
Our backbone, not our competitor
Team · Why Us
The only cap-table that ships the graph.
Slava brings 12 years of fintech-grade compliance and the Identity.Global / Nansen.ID research arc. Maksim brings the only EU-compliant DPP pipeline ready for ESPR delegated acts and the only GS1 Solution Partner relationship in our category. Together: the four-node graph from day zero.
Slava Solodkiy
CEO · Founder12 years of fintech / regulated-industry investing. Founder of Life.SREDA, the first fintech-only VC. Author of the Money of the Future reports (2014–2018). Steward of the Identity.Global / Nansen.ID research arc and the Retro-Futuristic Optimism design movement.
Maksim Barodzich
CBDO / CPOFounder of Fluxy.One — GS1 Belgium-Luxembourg Solution Partner, CIRPASS member, the only EU-compliant DPP pipeline ready for ESPR delegated acts at SME pricing (€1 / passport, AI parsing, 27 languages).
The Ask
Pre-seed. 18-month runway. Own the window.
Raise $7–10M
Use of proceeds:
- Engineering · 12 hires 45%
- Regulatory & standards 20%
- Devrel & ecosystem 15%
- Pilot subsidies (8 verticals) 10%
- Reserves 10%
Lead investor · regulatory infrastructure thesis (a16z crypto, Bessemer infra, Index, YC W26/S26, Sequoia, Lightspeed).
Strategic angels · W3C VCWG / DIF / ENS / Worldcoin / Stripe / Visa AP / Cloudflare / Spruce / Arianee / Avery Dennison / Anthropic / OpenAI alumni.
Design partners · 3 agent-platform vendors · 3 ESPR-priority manufacturers · 3 enterprise compliance teams.
WORLDCOIN proved humanity. ENS proved naming. STRIPE proved payment. AVERY DENNISON proved the product passport.
TETRACT proves the relationship. Every action, four-witnessed.
TETRACT proves the relationship. Every action, four-witnessed.