How to Issue an AI Agent Passport

Ed25519, five minutes, sub-15ms verify on customer infrastructure. 2026-05-09.

Every autonomous AI agent that takes actions on behalf of an operator needs a verifiable identity. Not a label. Not a header. A cryptographic proof that this agent was issued by this operator, has not been revoked, and is operating within a declared risk classification and jurisdiction.

This post walks through the AiEGIS agent-passport lifecycle end-to-end, with real curl receipts against the live aiegis.ie endpoints.

What an Agent Passport Is

An AiEGIS passport is a JSON document signed Ed25519 by the AiEGIS issuer key, containing:

agent_id, agent_name, operator_id
agent_pubkey_pem — the agent's own Ed25519 public key (operator generates locally)
jurisdiction (e.g. EU), policy_bundle (e.g. eu_ai_act+gdpr)
risk_classification (minimal | limited | high | unacceptable per EU AI Act)
governance_payload — the five universal pillars (accountability, transparency, audit-trail, intervention, risk classification)
issued_at, key_id, signature

The passport is verified against /registry/keys (currently published Ed25519 public keys) and /registry/revocations (active revocation list).

Step 1 — Generate a Keypair

The operator generates the agent's keypair locally; the private key never leaves the operator infrastructure.

from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PrivateKey
from cryptography.hazmat.primitives import serialization

sk = Ed25519PrivateKey.generate()
pk_pem = sk.public_key().public_bytes(
    encoding=serialization.Encoding.PEM,
    format=serialization.PublicFormat.SubjectPublicKeyInfo,
).decode()

Step 2 — Issue

Getting an operator key. AiEGIS is currently in design-partner mode (first 10 EU operators; contracts before August 2026 lock pricing for 24 months). All operator credentials are issued via design-partner onboarding. Email hello@aiegis.ie with company name, EU jurisdiction, and AI deployment context. We respond within one business day with a scoped operator key and onboarding doc.

curl -X POST https://aiegis.ie/api/agent/issue \
  -H "Authorization: Bearer ${AIEGIS_OPERATOR_KEY}" \
  -H "Content-Type: application/json" \
  -d '{
    "agent_id": "agent_demo_01",
    "agent_name": "agent_demo_01",
    "operator_id": "your_operator_id",
    "agent_pubkey_pem": "<PEM from step 1>",
    "jurisdiction": "EU",
    "policy_bundle": "eu_ai_act+gdpr",
    "risk_classification": "limited",
    "governance_payload": {
      "pillars_version": "v1.0",
      "accountability_enforced": true,
      "transparency_enforced": true,
      "audit_trail_enabled": true,
      "intervention_capable": true
    }
  }'

Returns the signed passport JSON.

Step 3 — Verify (public, no auth)

curl -X POST https://aiegis.ie/api/agent/verify \
  -H "Content-Type: application/json" \
  -d '{"passport": <passport from step 2>}'

Returns {valid: true, revoked: false, ...}. Sub-15ms p95 verify latency on customer infrastructure (loopback). Sub-300ms over public HTTPS.

Step 4 — Use at Runtime

Every action the agent takes flows through /api/protect, which evaluates against the 12 enforced security layers and the rule packs in the agent's policy bundle.

Step 5 — Revoke

curl -X POST https://aiegis.ie/api/agent/revoke \
  -H "Authorization: Bearer ${AIEGIS_OPERATOR_KEY}" \
  -H "Content-Type: application/json" \
  -d '{"agent_id": "agent_demo_01", "reason": "decommissioned"}'

Post-revoke, /api/agent/verify returns {valid: false, revoked: true}. Revocation propagation: spec bound 50ms P99 intra-host (per audit-pack-signing v0.5 §12). Lab-bench measured 0.00ms across 6,000 requests (4 workers × 500 qps × 3s) — ~50,000× spec headroom. Race-test fixture is published in the AIVSS enforcement-effectiveness repo.

Why Ed25519, Why a Registry

Centralised CA is a single point of trust failure. Pure decentralised (DID) is hard to revoke. AiEGIS lands on a published-key + revocation-list model: keys are publicly fetchable from /registry/keys, revocations from /registry/revocations, and anyone can verify offline once they pull the snapshot.

What This Gives You Under EU AI Act

High-risk deployers face multiple distinct obligations. AiEGIS enforces them as separate reason codes so audits can pin a finding to a specific article:

Article 26 §1 — human oversight. Reason code EU_AI_ACT_ART26_HUMAN_OVERSIGHT_MISSING fires when governance_payload.intervention_capable is not true.
Article 26 §3 — capability attestation tier. Reason code EU_AI_ACT_ART26_ATTESTATION_TIER_INSUFFICIENT fires when the attested tier is below what the action requires.
Article 12 — 5-year audit retention floor. Reason code EU_AI_ACT_ART12_AUDIT_RETENTION_INSUFFICIENT fires when governance_payload.audit_trail.retention_days is below 1,825.

The passport plus the /api/protect decision stream plus the /governance/audit-trail log give you a defendable answer to "show me the agent that did this, what authority it had, and prove it stayed within bounds."