clawdentity-core 0.1.2

Core Rust library for Clawdentity identity, registry auth, relay, connector, and provider flows.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232

<p align="center">
  <img src="assets/banner.png" alt="Clawdentity" width="100%" />
</p>

<h1 align="center">Clawdentity</h1>

<p align="center">
  Identity, messaging, and trust for AI agents — across any platform.
</p>

<p align="center">
  <a href="./LICENSE"><img src="https://img.shields.io/badge/license-MIT-blue.svg" alt="MIT License" /></a>
  <img src="https://img.shields.io/badge/Rust-1.75+-orange.svg" alt="Rust" />
  <a href="https://www.npmjs.com/package/clawdentity"><img src="https://img.shields.io/npm/v/clawdentity.svg" alt="npm version" /></a>
</p>

---

## The Problem

AI agents today are stuck in silos. An agent on OpenClaw can't talk to an agent on NanoBot. An agent on PicoClaw can't verify who's calling it. Every platform has its own messaging format, its own auth model, its own way of doing things.

And even within a single platform, agents share one webhook token — one leak exposes everyone, no way to tell agents apart, no way to revoke just one.

## What Clawdentity Does

Clawdentity is a **cross-platform protocol** that gives every AI agent:

- **Each agent gets its own identity** — a unique keypair and a registry-signed passport (DID v2 `did:cdi:<authority>:<entity>:<ulid>` + AIT)
- **Every request is signed** — the proxy can verify exactly who sent it and reject tampering
- **Revoke one agent without breaking the rest** — no shared token rotation needed
- **Per-agent access control** — trust policies, rate limits, and replay protection at the proxy
- **OpenClaw stays private** — only the proxy is public; your OpenClaw instance stays on localhost
- **QR-code pairing** — one scan to approve trust between two agents
- **Resilient local relay delivery** — connector probes local OpenClaw liveness and recovers from hook-token rotation without dropping inbound messages

## Supported Platforms

| Platform | Language | Stars | Status |
|----------|----------|-------|--------|
| [OpenClaw](https://github.com/openclaw/openclaw) | TypeScript | 216K | ✅ Native support |
| [PicoClaw](https://github.com/sipeed/picoclaw) | Go | 17.4K |[Webhook PR](https://github.com/sipeed/picoclaw/pull/626) |
| [NanoBot](https://github.com/HKUDS/nanobot) | Python | 22.6K |[Webhook PR](https://github.com/HKUDS/nanobot/pull/985) |
| [NanoClaw](https://github.com/qwibitai/nanoclaw) | TypeScript | 10.6K |[Skill PR](https://github.com/qwibitai/nanoclaw/pull/377) |

## How It Works

```
Agent A (OpenClaw)                              Agent B (NanoBot)
  │                                                  │
  │ relay transform -> connector POST /v1/outbound   │
  │ + Ed25519 proof headers                           │
  ▼                                                  │
Connector (:19400)                          Connector (:19400)
  │                                                  ▲
  │  WebSocket                          WebSocket    │
  ▼                                                  │
┌─────────────────────────────────────────────────────┐
│              Clawdentity Relay Proxy                │
│     Verifies identity · Enforces trust policy       │
│     Rate limits · Replay protection                 │
└─────────────────────────────────────────────────────┘
```

Each platform gets a **bidirectional webhook channel** with two routes:
- `POST /v1/inbound` — relay delivers messages to the agent
- `POST /v1/outbound` — agent sends messages through the relay

The connector handles format translation per platform — PicoClaw gets headers, NanoBot gets body fields. Same protocol, native feel.

## Quick Start

```bash
# Install (single binary, zero deps)
curl -fsSL https://clawdentity.com/install.sh | sh

# Initialize identity
clawdentity init

# Register with the network
clawdentity register

# Create an agent
clawdentity agent create my-agent --framework openclaw

# Install provider artifacts (auto-detect by default)
clawdentity install

# Or specify explicitly
clawdentity install --platform openclaw

# Configure runtime + hooks for your agent
clawdentity provider setup --for openclaw --agent-name my-agent

# Verify everything works
clawdentity provider doctor --for openclaw
```

<details>
<summary>Alternative install methods</summary>

```bash
# Rust developers
cargo install --locked clawdentity-cli

# npm package
npm install -g clawdentity

# Direct release metadata
curl -fsSL https://downloads.clawdentity.com/rust/latest.json
```

</details>

## Platform Install

`clawdentity install` auto-detects your agent platform and configures everything:

| Platform | Detection | What it does |
|----------|-----------|-------------|
| OpenClaw | `~/.openclaw/` dir | Configures connector in `openclaw.json` |
| PicoClaw | `picoclaw` in PATH | Enables webhook channel in `config.json` |
| NanoBot | `~/.nanobot/` dir | Enables webhook channel in `config.yaml` |
| NanoClaw | `.claude/` skills dir | Applies webhook skill via skills engine |

The connector starts as a system service (launchd on macOS, systemd on Linux) and auto-restarts on boot.

## Cross-Agent Communication

```bash
# Start local connector runtime (optional if service mode is enabled)
clawdentity connector start my-agent

# Probe relay delivery to a paired peer alias
clawdentity provider relay-test --for <platform> --peer alice
```

Pairing/trust establishment is API-based on proxy routes (`POST /pair/start`, `POST /pair/confirm`, `POST /pair/status`). See the docs at [clawdentity.com](https://clawdentity.com/docs).

## Identity & Trust

```bash
# Show your agent's identity
clawdentity whoami

# Inspect local agent identity state
clawdentity agent inspect my-agent

# Refresh scoped auth for one local agent
clawdentity agent auth refresh my-agent

# Revoke scoped auth for one local agent
clawdentity agent auth revoke my-agent
```

Global identity revocation is performed via the registry API (`DELETE /v1/agents/:id`), not via a dedicated CLI `agent revoke` command.

### DID Format

```
did:cdi:registry.clawdentity.com:agent:01HF7YAT00W6W7CM7N3W5FDXT4
         ^^^^^^^^^^^^^^^^^^^^^^^^  ^^^^^  ^^^^^^^^^^^^^^^^^^^^^^^^^^
               authority          entity            ULID
```

Every agent gets a `did:cdi` identifier backed by an Ed25519 keypair. Private keys never leave the machine.

## Shared Tokens vs Clawdentity

| | Shared Token | Clawdentity |
|---|---|---|
| **Identity** | All callers look the same | Each agent has its own signed identity |
| **Blast radius** | One leak exposes everyone | One key compromised = one agent affected |
| **Revocation** | Rotate token = break all integrations | Revoke one agent, others unaffected |
| **Cross-platform** | Not possible | Any platform → relay → any platform |
| **Replay protection** | None | Timestamp + nonce + signature |
| **Access control** | All or nothing | Per-agent trust policies |

## Architecture

```
clawdentity/
├── crates/
│   ├── clawdentity-core/    — Rust business logic (identity, messaging, providers)
│   └── clawdentity-cli/     — CLI (clap)
├── apps/
│   ├── registry/            — Identity registry (Cloudflare Worker + D1)
│   ├── proxy/               — Relay proxy (Cloudflare Worker)
│   └── openclaw-skill/      — OpenClaw integration skill
├── packages/
│   ├── protocol/            — Canonical types + signing rules
│   ├── sdk/                 — TypeScript SDK
│   └── connector/           — Connector runtime (TypeScript reference)
```

## Roadmap

- [x] Agent identity (DID, keypairs, registry)
- [x] Signed messaging with replay protection
- [x] QR-code pairing and trust policies
- [x] Relay proxy (WebSocket + HTTP)
- [x] Rust CLI (single binary)
- [x] Cross-platform webhook channels (OpenClaw, PicoClaw, NanoBot, NanoClaw)
- [x] Install providers with platform auto-detection
- [ ] Group messaging (multi-agent channels)
- [ ] Agent discovery (find agents by capability)
- [ ] Encrypted messaging (E2E between agents)
- [ ] Federation (multiple registries)

## Protocol Specification

Clawdentity is a formally specified protocol:

| Format | File |
|--------|------|
| Markdown | [PROTOCOL.md](./PROTOCOL.md) |
| Internet-Draft | [draft-ravikiran-clawdentity-protocol-00.xml](./draft-ravikiran-clawdentity-protocol-00.xml) |
| RFC Text | [draft-ravikiran-clawdentity-protocol-00.txt](./draft-ravikiran-clawdentity-protocol-00.txt) |

Covers: DID format, Agent Identity Tokens, Ed25519 signing, trust establishment, WebSocket relay, certificate revocation. References 13 RFCs including RFC 8032 (EdDSA) and RFC 9449 (DPoP).

## Contributing

1. Pick an open [issue](https://github.com/vrknetha/clawdentity/issues)
2. Implement in a feature branch with tests
3. Open a PR to `develop`

See [ARCHITECTURE.md](./ARCHITECTURE.md) for deep technical docs.

## License

[MIT](./LICENSE)