WIMSE Workload Attestation

Workload attestation is a WIMSE issuance policy. It is controlled by the org’s attestation_policy setting.

WIMSE tokens prove which agent workload is calling. Attestation adds an API-level issuer check for where that workload runs. For example, a customer deployment can require the WIMSE issuer to accept only workloads running on approved infrastructure.

Policy

attestation_policy has three values:

This setting affects WIMSE issuance. It does not change Agent Access Token (at_...) introspection, Runtime Session checks, or Guardian policy decisions.

Public SDK Boundary

Public SDKs do not handle workload attestation.

Public SDKs do handle WIMSE and DPoP. They expose WIMSE issuance, verification, challenge, issue-with-proof, DPoP proof creation, and key-store based signing. Those features stay public.

They do not expose:

• Attestation evidence types
• Attestation providers
• Environment variables for attestation tokens
• Request fields for attestation evidence
• Helpers that attach platform identity tokens

SDK users issue WIMSE tokens through the normal WIMSE APIs. They can add proof-of-possession with the SDK KeyStore helpers. They cannot supply attestation evidence through the public SDK surface.

API Boundary

The API layer does support workload attestation. POST /api/v1/wimse/token accepts attestation evidence, and /api/v1/attestation/oidc-issuers manages trusted OIDC issuers for the authenticated org.

The OpenAPI contract documents those API fields and routes because it describes the API, not the SDKs. Use API-level integrations for attestation when a deployment requires provenance. Do not add public SDK helpers unless the product decision changes.

How It Fits With Tokens