Open Standard · W3C VC 2.0 Profile

Verifiably issued
facts for AI agents

Every data feed a W3C Verifiable Credential. Every source certified. Every signature independently verifiable — no trusted intermediary required.

ecdsa-rdfc-2022 JSON-LD · Linked Data MCP-native MIT Licensed
Read the spec Get hosted access
VerifiableCredential · selic-rate.json
Origin · 2025

The problem appeared
in a call center

In 2025, a speech analytics pipeline for a Brazilian pet company used large language models to evaluate call center conversations — looking for compliance failures, missed upsells, poor resolutions. Tens of thousands of calls per day, each one judged by AI.

It worked well. Then a question surfaced that couldn't be dismissed:

How does the AI know what it knows?

When the model said "the agent quoted the wrong price," it was comparing the agent's statement to product data it had been given. But that data had a source. The source had a timestamp. The timestamp had a context. And nowhere in that chain was there a single cryptographic guarantee that the data the model received was the data actually published, by the organisation that claimed to publish it, at the moment it claimed to have published it.

The model was reasoning over facts it could not verify. In a compliance context — where the output of the reasoning had real consequences for real people — that was a problem that could not be accepted.

The Standard · CDS v0.2.0 → v0.3.0

A W3C VC 2.0 profile
for real-time data

The W3C Verifiable Credentials 2.0 specification solves the same problem CDS solves — cryptographically verifiable claims about a subject by an identified issuer — but for the entire ecosystem. CDS is a profile: a set of conventions for applying that infrastructure to real-time factual data.

Built on Tim Berners-Lee's four Linked Data rules. Every identity is a dereferenceable HTTP URI. Every event is valid JSON-LD. Every proof is independently verifiable with no dependency on signed-data.org's availability.

v0.1.0 — opaque strings

"content_type": {
  "domain": "lottery.brazil",
  "schema_name": "mega-sena.result"
},
"source": {
  "id": "caixa.gov.br.loterias.v1"
},
"integrity": {
  "signed_by": "signed-data.org"
}
v0.3.0

v0.3.0 — W3C Verifiable Credential

"type": ["VerifiableCredential", "CuratedDataEvent"],
"issuer": "https://signed-data.org",
"credentialSubject": {
  "id": "https://signed-data.org/sources/...",
  "content_type": "https://signed-data.org/vocab/..."
},
"proof": {
  "type": "DataIntegrityProof",
  "cryptosuite": "ecdsa-rdfc-2022"
}
Product Line · Operated by Wdotnet

Nine MCP servers.
All verifiably factual.

Each server is a FastMCP application exposing signed Brazilian data. Every tool response is a W3C Verifiable Credential issued by signed-data.org. Any consumer with the public key can verify independently.

🎰

mcp-lottery

lottery.brazil

Mega Sena, Lotofácil, Quina, Lotomania, Dupla Sena. 5 tools per game. Signed within seconds of each official draw.

Ready to deploy

🏢

mcp-companies

companies.brazil

CNPJ lookup from the Receita Federal. Profile, partners (QSA), sanctions status. Signed at query time. 24h cache.

Building

📈

mcp-finance

finance.brazil

SELIC, CDI, IPCA, PTAX from Banco Central. B3 quotes, FIIs, crypto via Brapi. Copom decisions.

Building

🌾

mcp-commodities

commodities.brazil

B3 agro futures (soja, milho, boi gordo, café, açúcar, etanol). CONAB weekly spot prices by state.

Building

🌤

mcp-weather

weather

Current conditions and forecasts via Open-Meteo. No API key. Signed every 30 minutes for Brazilian and international cities.

Building

mcp-sports

sports.football

Brasileirão, Libertadores, Copa do Brasil, Premier League, Champions League. Live scores and standings.

Building

🏛

mcp-gov-br

government.brazil

Portal da Transparência. Federal spending, contracts, procurement. CEIS+CNEP sanctions. API token in hand.

Planning

📊

mcp-ibge

demographics.brazil

Municipal population, GDP, IDEB, census microdata. Every Brazilian city, signed from IBGE's official API.

Backlog

⚖️

mcp-processos

judiciary.brazil

CNJ DataJud judicial process lookup by CNPJ/CPF. Combined with mcp-companies: complete due diligence.

Backlog

Hosted MCP servers by Wdotnet Production-ready endpoints. No infrastructure required. Connect your agent directly. Every credential issued by signed-data.org.
Get access →
Security Model

What the signature
actually proves

The W3C DataIntegrityProof (ecdsa-rdfc-2022) covers the canonical RDF serialisation of every event. Four properties hold independently of Wdotnet's availability.

01

Source authenticity

The credentialSubject.id is the certified source URI — signed. Any modification to which API provided the data breaks the proof. MITM attacks on the upstream API produce invalid credentials.

"id": "https://signed-data.org/sources/api.bcb.gov.br.v1"

02

Payload integrity

The payload is part of the signed canonical document. A single changed digit in SELIC rate, CNPJ status, or lottery dezenas causes proof verification to fail. Consumers detect tampering independently — no network call needed.

verifier.verify(credential) # → True or raises

03

Issuance timestamp

The validFrom field is signed. Replay attacks — replaying a yesterday's SELIC rate as today's — are detectable. Consumers enforce freshness windows based on the signed timestamp.

"validFrom": "2026-04-25T18:00:03Z" # signed

04

Issuer accountability

The proof.verificationMethod resolves to a public key at signed-data.org/keys/1. The issuer document at signed-data.org/issuer carries the legal entity: Wdotnet, CNPJ 24.921.472/0001-45.

"issuer": "https://signed-data.org" # dereferenceable
Architecture

Certified source → signed event
→ verified by your agent

Step 01

📡

Certified source

Wdotnet's ingestors fetch from certified APIs — BCB, Receita Federal, BrasilAPI, Caixa. Each source has a registered entry in the signed-data.org source registry with its URL, license, and certified domains.

Step 02

🔏

Sign & issue

The raw response is fingerprinted (SHA-256). The payload is normalised, wrapped in a VerifiableCredential envelope, and signed with ECDSA P-256. The credential is stored and served via MCP tool endpoints.

Step 03

Agent verifies

Your agent calls an MCP tool and receives a VerifiableCredential. Any W3C-compatible VC library verifies the DataIntegrityProof against the public key at signed-data.org/keys/1. Zero custom code. Zero trust in Wdotnet's availability.

Roadmap

From signed events
to the full VC ecosystem

v0.1.0 · Complete

Signed data events

Custom RSA-PSS signing. Opaque string identities. Python and TypeScript SDKs. mcp-lottery with 16/16 tests passing.

RSA-PSS SHA-256 Python SDK TypeScript SDK mcp-lottery

v0.2.0 · In progress

Linked Data rebuild

Every identity becomes a dereferenceable HTTP URI. Events are valid JSON-LD. Source registry published at signed-data.org/sources/. Achieves W3C 5-star open data rating.

JSON-LD URI identities Source registry Vocab ontology

v0.3.0 · Planned

W3C Verifiable Credentials 2.0 profile

CDS becomes a VC 2.0 profile. integrity block → DataIntegrityProof. RSA-4096 → ECDSA P-256. Any VC library verifies with zero custom code. did:web for issuer identity. 5-star open data with full VC ecosystem interoperability.

VerifiableCredential ecdsa-rdfc-2022 did:web DataIntegrityProof

v0.4.0 · Vision

Full DID ecosystem integration

Issuer migrates to did:web:signed-data.org. VC Status List 2021 for credential supersession. OpenID4VC presentation protocol. SPARQL endpoint for querying stored credentials as RDF.

DID Resolution OpenID4VC StatusList2021 SPARQL

Hallucination is a hard error.

If an AI is going to act on a fact, someone must have signed that fact.