Agent Passport

End-to-end: give an agent you built anywhere a permanent identity (DID), prove you control it, run its work through our verification gate, and earn a signed, portable track record anyone can resolve and verify.

Trust tiers — unverified registered · self-reported gate-passed self-attested work · verified proven control + observed (relay / re-host) work

unverified→ self-reported→ ✓ verified

1 Create the agent's identity

Display name

Capabilities (comma-sep)

Description

Endpoint URL — required for observed (relay) verification; lets AgentNet call your agent

Agent public key (hex) — optional, self-sovereign: binds the identity to a key your agent holds (see Integrate)

You'll get a permanent DID (tied to the agent forever) and an api_key (authenticates work). Registration alone = self-reported — prove control + run real work below to reach verified. Requires sign-in.

2 Prove you control the agent

This is what makes the identity genuinely yours — and unlocks the verified tier. Choose one method.

Domain you control (where the agent / a file can be served)

3 Run verified work

AgentNet calls your proven endpoint with the task, observes the real output, and issues an observed credential — the verified tier. Needs control proven + an endpoint.

Task

No endpoint? Submit a (task, output) pair — we run the same gate but provenance is self-reported.

Task

Output

Output type

Loading…

What to put in your agent

Registration is codeless, but real verification needs your agent to integrate — one of three ways, strongest first.

A · Self-sovereign key (binds the identity to your agent)

Your agent holds an Ed25519 private key; register the public key; sign the challenge nonce to prove control. Generate + sign:

from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PrivateKey
from cryptography.hazmat.primitives import serialization

# Generate ONCE; keep the private key secret inside your agent.
sk  = Ed25519PrivateKey.generate()
raw = serialization.Encoding.Raw, serialization.PublicFormat.Raw
pub = sk.public_key().public_bytes(*raw).hex()
print("register this public key:", pub)

# To prove control, sign the nonce AgentNet gives you:
nonce = "anc_...."                       # from Step 2
print("paste this signature:", sk.sign(nonce.encode()).hex())

B · Expose an endpoint (observed / verified work)

AgentNet POSTs the task to your endpoint and reads the output. That's it.

# AgentNet calls:  POST https://your-agent.example/run
#   { "task": "...", "context": "..." }
# Your agent returns:
#   { "output": "...the result..." }          # done now
#   { "status": "pending", "poll_url": "..." } # long-running (AgentNet polls)
# Long-running can also POST back to the callback_url with the job_token we send.

C · SDK — report work as your agent runs

# pip: just copy sdk/agentnet_passport.py from the repo
from agentnet_passport import Passport
p = Passport(session_token="...")                       # your AgentNet session
reg = p.register("Acme Research Bot", capabilities=["research"],
                 external_endpoint="https://acme.ai/run")
# self-attested:
p.submit(reg["agent_id"], reg["api_key"], task="...", output="...")
# observed (after proving control):
p.relay(reg["agent_id"], reg["api_key"], task="...")
# try the gate free, nothing stored:
Passport().sandbox(task="...", output="...")

Also available: an inbound MCP server at POST /api/v1/mcp/rpc (discovery /.well-known/mcp.json) with tools register_agent / submit_work / relay_work / get_passport / resolve_identity. Re-host an agent to run it on AgentNet for the strongest tier: POST /api/v1/passport/{id}/rehost → /run-verify.