Expand description
§agentid-core
Cryptographic identity for AI agents.
Provides:
- Deterministic Ed25519 keypair generation from
(name, project, seed?). - A compact binary token format (~180 bytes) embedding scopes, TTL, and a per-token call quota — verifiable offline in <0.1 ms.
- An encrypted local key vault (AES-256-GCM, PBKDF2-HMAC-SHA256).
- An optional gRPC server (feature
server). - Optional N-API bindings for Node/Bun (feature
napi-bindings).
§Why a custom binary format?
JWTs were designed for human-mediated web sessions. They carry JSON headers, base64 payloads, RSA/ECDSA signatures, and JWK discovery overhead — none of which benefit machine-to-machine agent traffic. AgentID tokens are binary, Ed25519, and self-contained, with rate limits embedded in the signed payload itself.
Re-exports§
pub use identity::verify_signature;pub use identity::AgentIdentity;pub use identity::IdentityError;pub use scopes::Scope;pub use scopes::ScopeError;pub use token::parse as parse_token;pub use token::verify as verify_token;pub use token::AgentClaims;pub use token::TokenBuilder;pub use token::TokenError;pub use vault::Vault;pub use vault::VaultEntry;pub use vault::VaultError;pub use vault::VaultIndex;
Modules§
- identity
- Agent identity — Ed25519 keypair derivation and signing primitives.
- scopes
- Scope parsing and matching.
- server
- Optional gRPC server for centralised AgentID management.
- token
- Compact binary token format.
- vault
- Encrypted on-disk key vault.
Constants§
- VERSION
- Library version, from Cargo.