Skip to content

Agent Identities

Give an AI agent (or any automation) its own cryptographic identity — delegated under yours, scoped to what it may do, and expiring on a schedule you set. The agent never holds your key; you can prove exactly what you authorized, and revoke it in one command.

Why agents get their own identity

An agent signing with a borrowed human credential is indistinguishable from the human. An Auths agent is a KERI delegated identifier: it has its own key and its own event log, whose first event names you as the delegator — and your identity's event log anchors that delegation. Any verifier replaying the logs sees:

  • who authorized the agent (you)
  • what it was allowed to do (the capability scope)
  • until when (the expiry)
  • whether the authorization still stands (revocation is an anchored event)

No bearer tokens, no API keys, nothing to leak that outlives the delegation.

Create an agent

You need a root identity first (auths init). Then:

auths id agent add \
  --label deploy-bot \
  --key main \
  --scope sign_commit \
  --expires-in 604800        # 7 days
✓ Agent delegated as a KERI delegated identifier:
  did:keri:EDl7POwC0OH7EzZS2cSweZ65q4Aj14e3fBd-6Lm_1vpt

The root anchored this agent's delegation in its KEL.
Flag Meaning
--label The agent's name — also the keychain alias its key is stored under
--key Your root identity's signing key name (the delegator; default identity key is main)
--scope Capability to grant (repeatable). Empty = unrestricted
--expires-in Expire the agent after N seconds (delegator-anchored)
--curve Key curve for the agent (p256 default, ed25519 available)

Interactive alternative: auths init → choose the Agent profile — it walks you through capability selection and runs the same delegation.

What the agent can (and cannot) do

Capabilities are delegator-anchored: they live in your event log, asserted by your key. The agent cannot widen its own scope — a verifier checks claims against what you anchored, and a commit claiming a capability outside the agent's grant fails verification.

Common scopes: sign_commit, sign_release. Grant the minimum the agent needs.

Manage agents

auths id agent list                          # agents you have delegated (excludes devices)
auths id agent rotate did:keri:EDl7... --key main
auths id agent revoke did:keri:EDl7... --key main

Rotation (drt) and revocation are both anchored by your root — the full lifecycle is replayable history, which is what makes agent activity auditable after the fact.

How agent commits verify

Commits made by an agent carry the same Auths-Id / Auths-Device trailers as human commits — Auths-Id is your root, Auths-Device is the agent's delegated did:keri:. auths verify replays both logs, checks the delegation anchor, the expiry at signing position, and the capability scope. A revoked or expired agent's later commits fail verification; its earlier, in-authority commits remain valid.

Request authentication (agent passports)

Beyond signing commits, agents can authenticate HTTP requests to relying parties via the Auths-Presentation scheme: a server issues a single-use challenge, the agent signs it, and the verifier maps the result to a principal with the agent's scopes — embedding only the lightweight auths-rp library (no storage, no Git). See the Architecture overview and the auths-rp crate docs.

There is also an MCP server (auths-mcp-server) exposing signing and verification as MCP tools for agent frameworks.

Concepts

The full delegation model — dip events, scope seals, narrowing — is in Delegation.