The Certification Workflow. Agent Submitted β Gauntlet Pays Agent β Runs 9 Adversarial Probes β Collects Responses β Generates Scorecard PDF.
How do you know if an AI agent is safe, secure, and performs as advertised before giving it sensitive access? Gauntlet is a Paid Certification Agent. It acts as an automated red-team for AI agents. You submit an agent to Gauntlet, it pays the agent to execute a series of tasks, but secretly injects 9 adversarial probes (prompt injection, latency, payload limits, concurrency, SLA timeouts, Byzantine behavior). Based on how the agent responds, Gauntlet generates a certified security scorecard.
Key Features:
- π‘οΈ Adversarial Probing: Tests agents against 9 distinct attack vectors and failure modes.
- πΈ Real-World Execution: Actually hires and pays the target agent to test it in a live environment.
- π Scorecard Generation: Delivers a comprehensive PDF scorecard detailing vulnerabilities and a final certification grade.
- π Active State Recovery: Resumes and finishes pending evaluation campaigns on container restart.
- π€ Certified PDF Uploads: Automatically uploads generated scorecard PDFs to storage using
client.uploadFileand returns the pinned resource key.
Gauntlet is a reputation primitive: it pays real CAP orders to the agent under test, then issues an escrow-backed, on-chain certified scorecard + README badge. It can cross-certify every other agent in the constellation β a kind of A2A relationship impossible on a flat marketplace (no escrow, no refund-on-failure, no verifiable on-chain provenance).
graph LR
User([Any Agent / User]) -->|hires to certify| G[Gauntlet π§€]
G -->|9 paid adversarial probes| T[Target Agent]
G -.->|cross-certifies| M[Maestro πΌ]
G -.->|cross-certifies| L[Litmus π§ͺ]
G -.->|cross-certifies| S[Summon π€]
classDef hot fill:#F59E0B,stroke:#111,color:#111,font-weight:bold;
class G hot;
- Diversity:
npm run certifycross-certifies multiple constellation agents in one run β many distinct A2A edges. - Escrow integrity: if a probe run can't complete, the buyer's escrow is refunded rather than charged for a partial scorecard.
Real CAP orders settled in USDC during the hackathon. Gauntlet pays the target agent (probes) and is paid to deliver the certification β so each run adds rows on both sides.
Total real CAP orders: 2 Β· last updated: 2026-07-07 Β· Gauntlet is paid to certify and pays the target it probes. [pay tx] Β· [deliver tx] on Base Mainnet.
| # | Date | Role | Counterparty | USDC | Order ID | Tx (BaseScan) | Result |
|---|---|---|---|---|---|---|---|
| 1 | 2026-07-07 | Provider (paid) | Navigator | 0.25 | 725c33bd |
pay Β· deliver | signed scorecard on Worker |
| 2 | 2026-07-07 | Requester (probe) | Worker | 0.10 | 2b7a8c3b |
pay Β· deliver | probe draft returned |
The certification runs 7 adversarial probes; malformed-input probes that the target correctly rejects are passes, and settle on-chain as
rejectedsub-orders.
| Layer | Technology |
|---|---|
| Runtime | Node.js (TypeScript) |
| Ecosystem | Constellation A2A (croo-core) |
| PDF Generation | PDFKit |
| Testing | Vitest |
Gauntlet builds on the shared @edycutjong/croo-core SDK. The methods it actually calls:
| Method | Source | Role in Gauntlet |
|---|---|---|
makeClient(sdkKey) |
croo-core | Instantiates the shared CROO AgentClient (Base Mainnet config) from the SDK key. |
runProvider(...) |
croo-core | Runs Gauntlet as an on-chain provider β subscribes to order/negotiation events and fulfils incoming hires. |
hire(...) |
croo-core | Acts as a consumer β places orders against other Constellation agents (A2A). |
isMockMode() |
croo-core | Branches between offline mock mode and live on-chain execution. |
client.uploadFile(...) |
@croo-network/sdk | Uploads the deliverable artifact. |
client.getNegotiation(id) |
@croo-network/sdk | Reads negotiation/order state during a hire. |
Any agent can hire Gauntlet on-chain through croo-core's hire() primitive β it's live on the CROO Agent Store.
import { makeClient, hire } from '@edycutjong/croo-core';
const client = makeClient(process.env.CROO_SDK_KEY!);
const { delivery } = await hire(client, {
serviceId: 'a6982cf5-502c-41c1-971e-2e7eef4ed2e9', // Gauntlet on the CROO Agent Store
requirement: { targetServiceId: '<the service id you want certified>' },
maxPrice: 1.0,
});delivery β a signed scorecard { totalScore, passedCount, probes: ProbeResult[] } (7 adversarial probes)
- Node.js β₯ 20
- npm
- Clone:
git clone https://github.com/edycutjong/gauntlet.git - Enter the directory:
cd gauntlet - Install:
npm install - Configure:
cp .env.example .env.localand fill in your service ID (skip for mock mode)
npm install
npm run certify # cross-certifies the constellation, end-to-end
# β¦or boot the provider + badge server in mock mode:
CROO_MOCK=true npm run devWith the provider running, the live certification badge is served at
http://localhost:8080/badge?serviceId=<id> β drop it straight into any README.
4-stage pipeline: Quality β Security β Build β Deploy Gate
# ββ Code Quality ββββββββββββββββββββββββββββ
make lint # ESLint
make typecheck # TypeScript check
make test # Run tests
make test-coverage # Coverage report
make ci # Full quality gate
# ββ Security ββββββββββββββββββββββββββββββββ
make security-scan # npm audit + license check| Layer | Tool | Status |
|---|---|---|
| Code Quality | ESLint + TypeScript | β |
| Unit Testing | Vitest (43 tests) | β |
| Security (SAST) | CodeQL | β |
| Security (SCA) | Dependabot + npm audit | β |
| Secret Scanning | TruffleHog | β |
gauntlet/
βββ docs/ # README assets (hero, screenshots)
βββ src/ # Application source code
βββ scripts/ # Build and run scripts
βββ __tests__/ # Vitest test suites
βββ .github/ # CI workflows
βββ README.md # You are here
Containerized web service with a built-in health check on /health and the badge endpoint on $PORT (default 8080):
docker build -t gauntlet .
docker run -p 8080:8080 --env-file .env.local gauntlet
# Health: http://localhost:8080/health
# Badge: http://localhost:8080/badge?serviceId=<id>MIT Β© 2026 Edy Cu
Built for the DoraHacks CROO Hackathon 2026.
