agentid-core 0.1.0

Cryptographic identity for AI agents. Replaces hardcoded API keys with offline-verifiable Ed25519 tokens.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40

//! # agentid-core
//!
//! Cryptographic identity for AI agents.
//!
//! Provides:
//!  * Deterministic Ed25519 keypair generation from `(name, project, seed?)`.
//!  * A compact binary token format (~180 bytes) embedding scopes, TTL, and
//!    a per-token call quota — verifiable offline in <0.1 ms.
//!  * An encrypted local key vault (AES-256-GCM, PBKDF2-HMAC-SHA256).
//!  * An optional gRPC server (feature `server`).
//!  * Optional N-API bindings for Node/Bun (feature `napi-bindings`).
//!
//! ## Why a custom binary format?
//!
//! JWTs were designed for human-mediated web sessions. They carry JSON
//! headers, base64 payloads, RSA/ECDSA signatures, and JWK discovery overhead
//! — none of which benefit machine-to-machine agent traffic. AgentID tokens
//! are binary, Ed25519, and self-contained, with rate limits embedded in the
//! signed payload itself.

pub mod identity;
pub mod scopes;
pub mod token;
pub mod vault;

#[cfg(feature = "server")]
pub mod server;

#[cfg(feature = "napi-bindings")]
mod napi_bindings;

pub use identity::{verify_signature, AgentIdentity, IdentityError};
pub use scopes::{Scope, ScopeError};
pub use token::{
    parse as parse_token, verify as verify_token, AgentClaims, TokenBuilder, TokenError,
};
pub use vault::{Vault, VaultEntry, VaultError, VaultIndex};

/// Library version, from Cargo.
pub const VERSION: &str = env!("CARGO_PKG_VERSION");