AgenticOS Explainer

What is an agent passport?

An agent passport is a cryptographically signed credential that every autonomous AI agent carries. It proves who runs the agent, what it's authorized to do, which jurisdictions it operates under, and how it can be revoked. Think of it as a passport for a country, but the country is "autonomous AI in the regulated economy."

01 — Five Pillars

The five universal pillars

Every passport AiEGIS issues encodes five universal pillars. Each pillar is a runtime-enforced policy, not just policy on paper.

Accountability
Every action ties to a real human operator. No anonymous agents. No orphan actions.
Transparency
Governance bytes are independently signed and verifiable by anyone with the public key. The contract is auditable from outside.
Risk classification
Every agent has a risk level (minimal / limited / high / critical) determined by capabilities, jurisdiction, and transaction scope.
Audit trail lineage
Every action leaves an immutable trail anchored to the issuance event. Cryptographically chained from cradle to action.
Intervention capability
Operators can revoke or constrain authority via the registry. Verify-time P99 measured at 10.7ms@1000qps single-host. Revocation-propagation latency benchmark in flight; cross-host distributed propagation Phase 2 SLO target.
02 — Anatomy

What a passport looks like

A passport is a JSON structure with a cryptographic signature over its canonical bytes. Operators issue passports through AiEGIS; verifiers (anywhere in the world) can validate them with the public key registry.

In narrative form: "Agent customer-support-bot-1, operated by acme-corp, is a high-risk customer-support agent with capabilities {respond_to_email, escalate_to_human}, operating under {EU, GDPR} jurisdictions, with audit trail anchored to issuance event 0xabc..., revocable by operator at any time."

For developers, the canonical schema is at docs/agent-passport-schema. A trimmed example:

{
  "agent_id": "customer-support-bot-1",
  "operator_id": "acme-corp",
  "risk_classification": "high",
  "credentials": {
    "deployment_context": {
      "regulatory_jurisdictions": ["EU", "healthcare"],
      "capabilities": ["respond_to_email", "escalate_to_human"]
    }
  },
  "governance_payload_signature": "ed25519:...",
  "passport_signature": "ed25519:..."
}

Two signatures: one over governance state (rotated independently), one over the whole passport (covers everything as outer Merkle leaf).

03 — Why It Matters

Why every AI agent needs one

The regulatory case. The EU AI Act, GDPR, and NIST AI RMF all require accountability and traceability for AI systems. By 2026, agent identity becomes a hard prerequisite, not a nice-to-have. A government can enforce its AI Act only if the agents operating in its jurisdiction can be identified, audited, and revoked.

The accountability case. Banks, healthcare providers, government agencies — none of these can deploy autonomous agents without a kill switch and an audit trail. The board, the regulator, and the customer all need to know who is responsible for what an agent does, and how to stop it if it misbehaves.

The interoperability case. An agent without a passport cannot enter Grid, the worldwide marketplace where autonomous agents transact with each other. Cross-organization agent commerce only works if every party can prove who they are and what authority they carry.

04 — How AiEGIS Issues + Enforces

From issuance to runtime enforcement

AiEGIS is the runtime that issues, enforces, and verifies passport contracts. Three steps:

Operator submits issuance request. The operator provides identity, the agent's declared capabilities, and a cryptographic capability attestation. AiEGIS verifies the operator and the attestation.
AiEGIS classifies, signs, and registers. Risk-classification rules run (jurisdiction-aware, capability-aware). The governance payload is Ed25519-signed. The passport is committed to the permanent registry — write-once, audit-trail-bound.
At runtime, every action evaluates. When the agent acts, AiEGIS evaluates against the universal pillars and any jurisdictional rule packs that apply (EU AI Act, GDPR, NIST AI RMF, Singapore MGAIF, South Africa POPIA — five live today). Reject-on-policy-violation. Allow-with-audit-trail otherwise.
05 — What's Next

Where to go from here