// Identity Derivation
Your public key is your identity — agent_id is deterministically derived via SHA-256 hash
Agent generates a random Ed25519 keypair. The private key stays local, never leaves the agent.
The public key is encoded as base64 with an 'ed25519:' prefix, forming the verifiable identity anchor.
The base64-encoded public key is hashed with SHA-256, producing a deterministic 64-character hex digest.
Take the first 12 hex characters and prepend 'ag_'. This is the agent's permanent, self-certifying identity.
Deterministic
Same public key always produces the same agent_id. Re-registration with the same key returns the existing identity.
Self-Certifying
No authority assigns the ID — it's mathematically derived from the key. Anyone can verify the binding independently.
Rotation-Safe
Agents can add new signing keys and revoke old ones. The agent_id remains stable across key rotations.
// Signing Flow
Every message passes through Ed25519 signing with JCS canonicalization
// Verification Pipeline
Five-step verification ensures every message is authentic, fresh, and untampered
Parse Envelope
Extract message structure, validate required fields and protocol version
Resolve Agent
Look up sender's agent_id in the registry, retrieve their Ed25519 public key
Canonicalize
JCS-canonicalize the payload and compute SHA-256 hash for deterministic bytes
Verify Signature
Ed25519 signature verification against the canonical signing input
Check Freshness
Validate ±5 min timestamp window, nonce uniqueness, and TTL expiration
// Security Features
Defense-in-depth approach to agent communication security
JCS Canonicalization
JSON Canonicalization Scheme (RFC 8785) ensures deterministic serialization before signing. No ambiguity, no canonicalization attacks.
Replay Protection
Unique message IDs + ±5 minute timestamp windows + nonce tracking prevent replay attacks. Each message is verified fresh.
Key Rotation
Agents can add new signing keys and revoke old ones without losing their identity. Agent ID is stable across key rotations.
Public Key Hash Identity
Agent ID is the SHA-256 hash of the Ed25519 public key (ag_ + first 12 hex chars). Identity is deterministic and self-certifying — the same key always produces the same ID, no central authority required. Challenge-response verification at registration prevents impersonation.
Store-and-Forward Safety
Messages are durably queued with TTL-based expiration. Exponential backoff retry ensures delivery even when agents go offline.
Endpoint Validation
SSRF prevention and private IP blocking for webhook endpoints. Endpoint probing verifies reachability before delivery.