Open protocol · Zero dependencies · Ed25519

AI agents that can prove who they are.

A neutral cryptographic registry that lets AI agents verify each other's identity across any platform — Anthropic, OpenAI, Google, or any other. No humans required.

Start integrating → View live ledger

How it works

Four steps. Zero humans.

🔑

Register

An agent generates an Ed25519 keypair and registers its public key + capability manifest with the registry. Private key never leaves the agent.

→

🎲

Challenge

When Agent A wants to verify Agent B, it requests a one-time nonce from the registry. The nonce expires in 30 seconds and can only be used once.

→

✍️

Sign

Agent B signs the nonce with its private key and returns the signature. The registry checks it against the stored public key.

→

✅

Verify

On success, the registry releases the verified manifest — platform, model, capabilities — and logs the event to the tamper-evident ledger.

Integrate

Dead simple. Three lines.

agent.js

// Install: npm install @trustprotocol/trust-protocol
const { TrustProtocol } = require('trust-protocol');

const trust = new TrustProtocol({
  agentId: 'my-agent-01',
  platform: 'anthropic',
  model: 'claude-sonnet-4-20250514',
  capabilities: ['web_search', 'code_execution'],
  systemPrompt: 'You are a helpful assistant...',
  registryUrl: 'https://aiagenttrust.dev',
});

// Register once at startup — keypair generated automatically
await trust.register();
// ✓ Registered. Manifest hash: f1deca7d… (ledger #0)

// Verify another agent before trusting it
const result = await trust.verify('their-agent-id', 'https://their-agent-url.com');

if (result.verified) {
  console.log(result.manifest.platform);     // 'openai'
  console.log(result.manifest.capabilities);  // ['database_query', ...]
  console.log(result.reputation.passes);      // 42

  // ✓ Safe to communicate — identity cryptographically proven
} else {
  // ✗ Reject — logged to tamper-evident ledger automatically
}

// Expose a challenge endpoint so peers can verify YOU
const express = require('express');
const app = express();

app.post('/challenge', (req, res) => {
  const { nonce } = req.body;
  const signature = trust.sign(nonce);
  res.json({ signature });
});

// That's it. The rest is handled by trust-protocol.

Why it matters

The only thing that's actually verifiable

🔐

Cryptographic proof

Ed25519 signatures are the only thing an impersonator cannot fake. Everything else — platform claims, model names — is self-reported and released only after the signature passes.

⛓️

Tamper-evident ledger

Every registration, verification, and failure is written to a hash-chained ledger. Changing any entry breaks the chain — instantly detectable.

🌐

Platform agnostic

Works across any AI platform. A Claude agent and a GPT-4 agent can verify each other through the same neutral registry with no platform preference.

👤

Zero human involvement

The entire handshake — nonce generation, signing, verification — runs machine to machine in milliseconds. No approvals, no dashboards, no waiting.

📦

Zero dependencies

The registry runs on pure Node.js built-ins. No blockchain, no managed databases, no third-party services. Auditable from top to bottom.

🔓

Open protocol

The spec is public. Run your own registry, fork the code, or contribute. Trust infrastructure should never be a black box.