agentic-identity 0.1.0

AI agents have no identity.

Your agent makes decisions, calls APIs, deploys code, and accesses sensitive data. But there is no cryptographic proof it did any of it. No way to verify which agent acted. No way to audit what happened. No way to scope what an agent is allowed to do.

API keys are not identity -- they are shared secrets with no audit trail. OAuth tokens are not identity -- they expire and carry no action history. Logging is not identity -- logs can be tampered with and carry no signatures.

AgenticIdentity gives every AI agent a permanent, cryptographic identity rooted in Ed25519 key pairs. Agents sign every action they take, producing tamper-evident receipts. Trust between agents is granted, scoped, delegated, and revoked through signed trust grants. Everything is verifiable by anyone with the public key.

Problems Solved

• Problem: no way to prove which agent took an action. Solved: Ed25519 identity anchors produce non-repudiable signed receipts for every action.
• Problem: agents share API keys with no individual accountability. Solved: each agent has its own key pair; derived session and capability keys isolate operations.
• Problem: no audit trail survives agent restarts or model switches. Solved: chained receipts create a persistent, cryptographically linked history.
• Problem: no scoped permissions for multi-agent systems. Solved: trust grants with capability URIs, time bounds, use limits, and delegation depth.
• Problem: revoking agent access requires rotating shared secrets. Solved: individual trust grants are revoked independently without affecting other agents.
• Problem: private key material stored in plaintext. Solved: .aid files encrypt keys at rest with ChaCha20-Poly1305 + Argon2id.

Quickstart

CLI

# Install
curl -fsSL https://raw.githubusercontent.com/agentralabs/agentic-identity/main/install.sh | bash

# Create an identity
aid init --name my-agent

# Sign an action
aid sign --type decision --description "Approved deployment to production"

# Verify a receipt
aid verify receipt arec_7xK9mP2...

# Grant trust
aid trust grant --to aid_4Yn3kL... --capability "read:calendar" --expires 7d

Rust

use agentic_identity::identity::IdentityAnchor;
use agentic_identity::receipt::action::{ActionContent, ActionType};
use agentic_identity::receipt::receipt::ReceiptBuilder;
use agentic_identity::receipt::verify::verify_receipt;

// Create identity
let agent = IdentityAnchor::new(Some("my-agent".to_string()));

// Sign an action
let receipt = ReceiptBuilder::new(
    agent.id(),
    ActionType::Decision,
    ActionContent::new("Approved deployment to production"),
)
.sign(agent.signing_key())
.unwrap();

// Verify
let result = verify_receipt(&receipt).unwrap();
assert!(result.is_valid);

Python

from agentic_identity import Identity, Receipt

identity = Identity(name="my-agent")
receipt = Receipt.sign(identity, action_type="decision", description="Approved deployment")
assert receipt.verify()

Architecture

AgenticIdentity is built as a Rust workspace with four crates:

agentic-identity/
  crates/
    agentic-identity/        Core library (identity, receipts, trust, crypto, storage)
    agentic-identity-cli/    CLI tool (aid)
    agentic-identity-mcp/    MCP server for AI agent integration
    agentic-identity-ffi/    C FFI bindings for cross-language use
  python/                    Python package (wraps FFI)
  benches/                   Criterion benchmarks
  tests/                     Integration tests

289 tests. Zero unsafe in the core library.

Core Primitives

Identity Lifecycle

IdentityAnchor::new("my-agent")
    |
    ├── .id()                  -> aid_7xK9mP2...
    ├── .public_key_base64()   -> Ed25519 public key
    ├── .derive_session_key()  -> scoped signing key
    ├── .derive_capability_key() -> scoped signing key
    ├── .rotate(Scheduled)     -> new anchor with rotation history
    └── .to_document()         -> shareable public document

Receipt Chain

[Observation] ──chain_to──> [Decision] ──chain_to──> [Mutation]
  "Error spike"              "Rollback"               "Deployed v2.3"
   signed                     signed                    signed

Trust Delegation

Alice ──trust──> Bob ──delegate──> Carol
  "read:*"        "read:calendar"
  depth: 2        depth: 1

MCP Server

The MCP server exposes all identity operations as tools for AI agents. Add to your Claude Desktop config:

{
  "mcpServers": {
    "agentic-identity": {
      "command": "agentic-identity-mcp",
      "args": ["--identity-dir", "~/.agentic-identity"]
    }
  }
}

Available tools: identity_create, identity_info, action_sign, action_verify, chain_verify, trust_grant, trust_verify, trust_revoke, key_derive_session, key_derive_capability.

Benchmarks

Rust core. Ed25519 + HKDF-SHA256. Real numbers from Criterion statistical benchmarks:

Single-threaded. All operations are independent and scale linearly with cores.

Install

One-Line Install (CLI + MCP)

curl -fsSL https://raw.githubusercontent.com/agentralabs/agentic-identity/main/install.sh | bash

From Source

git clone https://github.com/agentralabs/agentic-identity.git
cd agentic-identity
cargo build --release

Rust Library

[dependencies]
agentic-identity = "0.1"

Python

pip install agentic-identity

Cryptography

No custom cryptography. All primitives are from audited, widely-used Rust crates (ed25519-dalek, hkdf, chacha20poly1305, argon2).

Documentation

Examples

cargo run --example basic_identity -p agentic-identity      # Create identity, derive keys, rotate
cargo run --example sign_action -p agentic-identity         # Sign actions, chain receipts, verify
cargo run --example trust_delegation -p agentic-identity    # Grant trust, delegate, verify chains

Project Status

v0.1.0 -- initial release. Core library, CLI, MCP server, FFI bindings, and Python package.

License

MIT -- see LICENSE.

Part of the AgenticOS Ecosystem

AgenticIdentity is the cryptographic trust anchor for the Agentra Labs AgenticOS ecosystem, alongside AgenticMemory, AgenticCodebase, and AgenticVision.