Module identity 

Agent identity — Ed25519 keypair derivation and signing primitives.

Identities are deterministic by default: given the same (name, project, seed?) triple, the same secret key is produced. This is intentional — it lets a developer recreate an identity on a new machine from the same inputs without copying secret material around. For one-off ephemeral identities, callers can pass a random seed.

Derivation:

  IKM   = name || 0x00 || project || 0x00 || seed?
  salt  = b"agentid-v1"
  info  = b"ed25519-signing-key"
  okm   = HKDF-SHA256(salt, IKM, info, len = 32)
  sk    = Ed25519 SigningKey::from_bytes(okm)

Structs

AgentIdentity

A cryptographic agent identity. Wraps an Ed25519 SigningKey alongside the human-readable (name, project) tuple that derives it.

Enums

IdentityError

Errors produced by the identity layer.

Functions

fingerprint_from_pubkey

Compute the fingerprint string from a raw public key.

verify_signature

Verify an Ed25519 signature.