Identity · Passport spec

Anatomy of a passport.

Five universal pillars. One Ed25519 signature. The credential every accountable agent carries.

The five pillars

Every passport encodes the same five things.

01

Accountability

agent_id, operator_id, machine_fingerprint, and biometric-attested human_email_hash required. Every action attributable to a real person on real hardware, under a real jurisdiction.

02

Transparency

Ed25519-signed governance_payload. Anyone holding the public key can verify what was claimed at issuance.

03

Risk Classification

4-level enum: minimal / limited / high / critical. Drives the rule pack the agent is governed against at runtime.

04

Audit Trail Lineage

Cryptographically chained issuance + amendment history. Tampering is detectable, not just disallowed.

05

Intervention

Revocable in real time via /registry/revoke. Stale passports fail verification at every downstream check.

JSON anatomy

What the credential actually looks like.

The passport is a JSON document signed by aiegis at issuance. The body carries the five pillars. The signature is Ed25519 over the canonical bytes. Every field below is required in production passports.

// Agent passport — issued by /api/agent/issue
{
  "agent_id": "agent_b3a9f1...",        // 01 — Accountability
  "operator_id": "op_acme_corp",
  "jurisdiction": "EU",                  // drives rule pack selection
  "risk_classification": "high",         // 03 — minimal | limited | high | critical
  "policy_bundle": "eu_ai_act+gdpr",
  "capability_attestation": {              // hardware + biometric proof
    "model": "claude-opus-4-7",
    "provider_signature": "..."
  },
  "audit_lineage_hash": "sha256:...",    // 04 — chained from previous
  "issued_at": "2026-05-08T22:00:00Z",
  "expires_at": "2027-05-08T22:00:00Z",
  "revocation_check": "call POST /api/agent/verify to check revocation status",
  "signature": "ed25519:..."           // 02 — over canonical bytes of body
}
Cryptography

Ed25519. Round-tripped at every verify.

Issuance generates an Ed25519 keypair. aiegis holds the issuer private key in a secure key store on customer infrastructure (HSM-ready, roadmap for production tiers). The public key is published at /identity/did.json (W3C did:web); verifiers can call /api/agent/verify server-side or check signatures locally against the published key.

Every verify is a real Ed25519 signature check against canonical bytes — non-negotiable from v1.0.

Designed for real-time verification on customer infrastructure.

See the issuance API →