The identity layer for autonomous AI agents.
agAuth is an open standard for persistent, portable agent identity and authentication.
The current model of AI agent deployment requires users to manually provision credentials to every service an agent interacts with. agAuth inverts this. Agents carry their own cryptographic identity — issued by the user, scoped by the user, validated by services at runtime. The user is removed from the authentication loop.
Think of it as OAuth — but for agents, not humans.
Traditional: User credentials → stored in vault → forwarded to every service
agAuth: User issues Soul-Key → agent carries identity → services validate directly
| Concept | Description |
|---|---|
| agID | Globally unique agent identifier. Format: ag-{node_id}-{sequence}-{checksum} |
| Soul-Key | Ed25519 keypair constituting the agent's cryptographic identity |
| agToken | Signed, scoped, time-bounded assertion the agent presents at runtime |
| Issuer Node | User-controlled infrastructure that issues Soul-Keys and agTokens |
| Scope | Permission set attached to an agToken — services validate before accepting actions |
Issuance:
User → Issuer Node → generate Soul-Key → assign agID → agent ready
Runtime authentication:
1. Agent requests access to Service X
2. Service X issues challenge nonce
3. Agent signs nonce with Soul-Key
4. Agent presents agToken { agID, scope, expiry, signed_nonce }
5. Service X validates against agID public key
6. Access granted — user credentials never transmitted
The canonical reference implementation is the DeltaZero MCP stack by Fabricated Industries LLC.
The first agAuth-identified package in production: Architect-SIS/sis-skill
- agID:
ag-4f8a2c1b-000001-9e3d - Framework: BCOL / DeltaZero — ΣΔ = 0
agAuth is the identity layer. ACP is the transport layer. They are complementary:
AgentAudit → Is this agent safe? (security)
agAuth → Is this agent who it claims? (identity) ← this repo
ACP → How do agents talk? (transport)
| Package | agID | Status |
|---|---|---|
| sis-skill | ag-4f8a2c1b-000001-9e3d |
✅ Genesis |
Building an agAuth implementation? Open a PR to add it here.
See CONTRIBUTING.md. The spec is in active draft — feedback, issues, and implementation reports are welcome.
MIT License — Copyright 2026 Fabricated Industries LLC (ThēÆrchītēcť)
agAuth — Agent Authentication Standard — Draft v0.1 https://github.com/Architect-SIS/agauth