Quickstart

The 60-second test: install the SDK in your language of choice, run the conformance suite, see the 59 canonical fixtures pass. If they pass on your machine, you’ve proven byte-for-byte interop with every other Ratify implementation.

Go

# Install as a module in your project
go get github.com/identities-ai/ratify-protocol@v1.0.0-alpha.6

# Or clone and run the full conformance suite
git clone https://github.com/identities-ai/ratify-protocol
cd ratify-protocol
go test ./...
# → ok  github.com/identities-ai/ratify-protocol  0.5s

Full Go quickstart →

TypeScript

# npm publish coming once the @identities-ai org is approved.
# For now, install from source:
git clone https://github.com/identities-ai/ratify-protocol
cd ratify-protocol/sdks/typescript
npm install
npm run test:conformance
# → 59/59 fixtures pass

Full TypeScript quickstart →

Python

pip install ratify-protocol==1.0.0a6

Or run the conformance suite yourself:

git clone https://github.com/identities-ai/ratify-protocol
cd ratify-protocol/sdks/python
pip install -e '.[dev]'
pytest
# → 59 passed

Full Python quickstart →

Rust

cargo add ratify-protocol@1.0.0-alpha.6

Or run the conformance suite yourself:

git clone https://github.com/identities-ai/ratify-protocol
cd ratify-protocol/sdks/rust
cargo test
# → test result: ok. 1 passed (loads all 59 fixtures)

Full Rust quickstart →

What “the conformance suite” means

Every Ratify SDK ships a test that loads testvectors/v1/*.json — 59 fixtures generated deterministically by the Go reference implementation — and verifies each one. The fixtures cover:

• Valid delegations of various scopes, durations, and chain depths
• Tampered delegations (modified scope, modified expiry, modified subject)
• Expired certs (clock-skew scenarios)
• Out-of-scope requests (requested scope not granted by chain)
• Revoked certs (against signed revocation lists)
• Hybrid signature edge cases (Ed25519 valid + ML-DSA-65 invalid, both invalid, etc.)
• Sub-delegation chains (Alice → Agent-A → Agent-B)
• Constraint enforcement (geo, time, version)

If all 59 pass in your SDK, your SDK produces and verifies the same bytes as every other Ratify SDK on the planet. That is the interoperability contract.

Run the end-to-end demo

The conformance suite proves the bytes are correct. The demos prove the protocol does what it claims. Each runs nine scenarios — five positive (authorized → verified), four negative (tampered / out-of-scope / expired / revoked) — and prints what happened and why.

Go

cd ratify-protocol
go run ./demos/go

Python

cd sdks/python && pip install -e . && cd ../..
python demos/python/demo.py

TypeScript

cd sdks/typescript && npm install && npm run build && cd ../..
cd demos/typescript && npm install && npm run demo

Rust

cargo run --manifest-path demos/rust/Cargo.toml

The demos are a single repository directory with an identical script structure per language. Reading one demo and watching it run is the fastest way to understand what the protocol does.

Next steps

• Want to ship an integration? Start with the language-specific guide (Go / TypeScript / Python / Rust).
• Want to understand the protocol? Concepts: Delegate, Present, Verify.
• Building a surface-specific integration? Jump to the integration guides.
• Need managed revocation and audit? Ratify Verify overview.