Three endpoints. Ed25519 throughout. Designed for real-time verification on customer infrastructure.
Mint an Ed25519-signed agent passport. Binds agent_id → operator_id → machine_fingerprint → biometric-attested human → jurisdiction → policy_bundle. Writes to the permanent registry.
curl -X POST https://aiegis.ie/api/agent/issue \
-H "X-API-Key: ak_your_key_here" \
-H "Content-Type: application/json" \
-d '{
"operator_id": "op_acme_corp",
"jurisdiction": "EU",
"risk_classification": "high",
"policy_bundle": "eu_ai_act+gdpr",
"capability_attestation": {
"model": "claude-opus-4-7",
"provider_signature": "..."
}
}'
Response — full passport JSON per /identity/spec with appended signature and audit_lineage_hash.
Verify a passport's Ed25519 signature against the published key, check expiry, check the revocation list. Designed for real-time verification on customer infrastructure.
curl -X POST https://aiegis.ie/api/agent/verify \
-H "Content-Type: application/json" \
-d '{"passport": { ... full passport JSON ... }}'
{
"valid": true,
"agent_id": "agent_b3a9f1...",
"expires_at": "2027-05-08T22:00:00Z",
"revoked": false,
"verified_at": "2026-05-08T22:30:14Z"
}
Revoke a previously-issued passport. Propagates through the SQLite revocation store. Subsequent verifies fail immediately. Reason field is logged for the audit trail.
curl -X POST https://aiegis.ie/registry/revoke \
-H "X-API-Key: ak_operator_key_here" \
-H "Content-Type: application/json" \
-d '{
"agent_id": "agent_b3a9f1...",
"reason": "compromised — prompt injection detected"
}'
The aiegis issuer DID document. Published per W3C did:web. Returns the active Ed25519 verification key as publicKeyMultibase on the verificationMethod array. Any party can resolve did:web:aiegis.ie and verify a passport signature against this key.
/api/agent/issue is rate-limited per operator key (10 issuances/hour by default — adjustable in your contract). /api/agent/verify and /identity/did.json are designed to be called on every agent action with no rate limit.