AgentPKI

Try AgentPKI live.

Three different agents hit a publisher's API. See what happens with and without AgentPKI. Real cryptography, real production Workers, ~150ms end-to-end.

Want to run your own?

Two paths, both walked through in the dashboard:

Spin up your own issuer → Fork the Worker template
Before you spin up your own — watch the live demo below

1Run the demo

Each button mints + sends to the production verifier. Verdicts come back in ~150ms. Hover any button to preview the trust flow without firing the API; click to run it for real.

Expected: verdict: allow

Expected: verdict: not_allowed

Expected: verdict: not_allowed

Hover a button above to preview the diagram — the trust flow updates without firing the API.

trust flow ready
ISSUER demo.agentpki.dev Ed25519 · live PASSPORT (hover or click to mint)   read:* tier: 1 agent: anthropic VERIFIER verify.agentpki.dev < 50ms p99 · edge mint PASETO v4.public verify RFC 9421 Mode B verdict: pending hover a scenario to preview   issuer key kid: demo-2026-q2 Ed25519 · rotates 90d
live wire log
Idle — hover or click a button above to start.
Live trace
    VERDICT: ALLOW
    21ms edge compute · 153ms wall-clock
    What this means in practice:
    Y For Hacker News readers

    Cryptographic identity for AI agents.
    Try it in your browser. 30 seconds. No signup.

    Like HTTPS for agents — every outbound call carries a signed identity any server can verify. Mint a real passport below, hand it to a live verifier, watch verdict: allow.

    Start here · no signup, no install

    The fastest way to try it is in your browser, right below.

    Three other ways are linked below if the browser flow isn’t how you work.

    Path 01 Mint a passport in your browser, right now. ~30 sec to verdict
    Or try another way
    Path 02 I want a sandbox project with code I can break. cloud IDE · 5 min
    Path 02 · cloud IDE

    “Use my agent” — StackBlitz / Codespaces button

    5 min in browser
    The wall “Snippets aren’t enough. I want a real Node.js project with a real agent calling AgentPKI — so I can step through it, break it, and see what actually goes over the wire.”
    This path removes it by One click forks a pre-wired template (@agentpki/sdk installed, Anthropic-backed agent, live verifier call) into StackBlitz or Codespaces. You hit Run. No npm install, no local Node setup, no boilerplate.
    Data flow template → cloud IDE → verifier
    test-agent-template GitHub repo
    fork
    StackBlitz / Codespaces hit Run
    signed fetch()
    verify.agentpki.dev verifies
    1 Open the boilerplate in your favourite cloud IDE

    Both buttons spin up a fresh sandbox with the SDK pre-installed and a working index.mjs.

    One click forks agentpki/test-agent-template into a cloud IDE with @agentpki/sdk already installed and three demo commands wired up: npm run demo:allow, npm run demo:tamper, npm run demo:revoked — the same trust contract Path 01’s labs exercise, but from a real Node project you own.

    ▶ Open in StackBlitz ▶ Open in Codespaces Source on GitHub →
    2 What’s in the project

    Open index.mjs — the whole demo is 12 lines.

    // index.mjs — pre-wired test agent
import { mintPassport, verify } from '@agentpki/sdk';
import Anthropic from '@anthropic-ai/sdk';

const token = await mintPassport({ sub: 'agent:test/v1' });
const claude = new Anthropic({ apiKey: process.env.ANTHROPIC_API_KEY });
const resp = await claude.messages.create({
  model: 'claude-3-5-sonnet',
  max_tokens: 200,
  messages: [{ role: 'user', content: 'What is AgentPKI?' }],
});
const verdict = await verify(token);

console.log('claude says:', resp.content[0].text);
console.log('verifier says:', verdict.verdict);
    3 Run it

    Paste your Anthropic key into the .env, hit ▶ Run. You see Claude’s response AND the verifier’s verdict in the same terminal.

    $ npm start

claude says: AgentPKI is an open standard for cryptographic agent
identity. It works like HTTPS for AI agents — you can prove
who’s behind the agent calling your API.

verifier says: allow
    Path 03 I live in my terminal — give me a curl command. ~30 sec
    Path 03 · terminal-only

    One curl command. End-to-end in your shell.

    ~30 sec
    The wall “I live in my terminal. I’m not going to leave it to use your product. And I’m not npm i-ing anything until I know it works.”
    This path removes it by One paste. Two HTTP calls. You see your derived subdomain, a real PASETO passport, the verifier verdict, and a 24h shareable /check/result/<id> URL — without installing anything, claiming a domain, or signing up.
    Data flow terminal → claim API → permalink
    Your Terminal curl|sh or iwr|iex
    POST email
    /api/v1/bootstrap-claim mint + verify + store
    verdict + permalink
    /check/result/<id> 24h shareable URL
    Live now. Both /bootstrap and /bootstrap.ps1 are deployed at agentpki.dev and smoke-tested against the demo issuer + verifier. The script mints a demo passport, verifies it, and prints verdict: allow. Two HTTP calls, nothing destructive — full source linked from each script.
    1 Run the bootstrap

    Same end-to-end behaviour, native syntax for each shell. The Copy button below copies only the command — the prompt marker ($ or PS>) is stripped, so you can’t paste it by accident.

    $ curl -fsSL https://agentpki.dev/bootstrap | sh

    Requires curl + sed (both POSIX standard). Tested on macOS 14 and Ubuntu 22.04. 

    PS> iwr https://agentpki.dev/bootstrap.ps1 | iex

    iwr = Invoke-WebRequest, iex = Invoke-Expression. Pure PowerShell — no bash, no sh, no WSL needed. Tested on Windows PowerShell 5.1 and PowerShell 7+.

    2 Audit before piping

    When the endpoints ship, the rule we’ll keep: never hide what runs on your machine. Inspect without executing using:

    bash · preview

    $ curl -fsSL https://agentpki.dev/bootstrap

    PowerShell · preview

    PS> iwr https://agentpki.dev/bootstrap.ps1 | Select-Object -Expand Content
    3 What you’ll see
    Expected output 3 scenarios · ~1 sec total 
    AgentPKI bootstrap . v1.0  (3-scenario trust demo)
----------------------------------------------------

  Email? [email protected]

  Scenario 1 of 3 . happy path
  --------------------------------------------------
  Claiming subdomain + minting + verifying + storing ... ok in 864ms
    issuer    bs-a4f8d2e.agents.agentpki.dev
    passport  v4.public.eyJ2IjoxLCJpc3... (397 chars)
    verdict   allow   (verifier elapsed 486ms)
    share     https://agentpki.dev/check/result/27c7f86c8563

  Scenario 2 of 3 . tampered signature
  --------------------------------------------------
  Minting a fresh token, flipping 4 chars of its Ed25519 signature, verifying ... done
    verdict   deny in 5ms
    reason    bad_signature
    why       The payload JSON was still valid -- but the Ed25519
              signature no longer matched. No network needed: this
              fails on pure crypto math, locally.

  Scenario 3 of 3 . revoked-key signing
  --------------------------------------------------
  Minting via /mint?revoked=1 (signs with rotated kid), verifying ... done
    verdict   deny in 4ms
    reason    revoked_key
    detail    kid="demo-2026-q1-rotated" revoked at 1748390400 (planned_rotation)
    why       Signature was mathematically valid -- the rotated
              kid really did sign this token. The verifier consulted
              the issuer's CRL and saw the kid is now revoked.

  ----------------------------------------------------
  All 3 scenarios behaved as expected:
    [scenario 1]  real signed token        -> allow
    [scenario 2]  tampered signature       -> deny (bad_signature)
    [scenario 3]  revoked-key signing      -> deny (revoked_key)

  AgentPKI distinguishes a forged token from a revoked one --
  and the verifier tells you, accurately, which one happened.

    Every value above comes from the live verifier’s actual JSON response — 6 real HTTP calls in ~1 sec. Re-running with the same email gives the same bs- subdomain.

    Path 04 I already have an agent — show me 5 lines to add. copy/paste
    Path 04 · existing project

    5 lines. Add AgentPKI to your existing agent.

    5-min copy/paste
    The wall “I already have an agent running in LangChain / Vercel AI / OpenAI / Anthropic. I’m not rewriting it. Just tell me where the 5 lines go.”
    This path removes it by A framework-specific tab below shows the exact 5-line drop-in. Wrap your client, give it a passportProviderevery outbound HTTP call is now signed and verifiable, nothing else in your code changes.
    Data flow your agent → SDK → vendor verifier
    Your Agent code LangChain / OpenAI / Anthropic
    wrapped fetch()
    @agentpki/sdk adds Token + signature
    signed HTTPS
    Vendor API + verifier enforces policy
    Honest package status — @agentpki/sdk is live on npm today, so the Vanilla fetch tab works right now. @agentpki/langchain and @agentpki/vercel-ai are preview package names — we’ll publish them once Path 04 gets HN signal. The snippets show the shipped API surface, but npm i on those two will 404 today.
    1 Pick your framework 
    // 1. install (preview — not yet on npm)
$ npm i @agentpki/langchain

// 2. wrap your existing chain
import { withAgentPKI } from '@agentpki/langchain';

const chain = withAgentPKI(myChain, {
  passportProvider: async () => ({
    token: process.env.AGENTPKI_TOKEN!,
  }),
});
// done. every outbound HTTP tool call is now signed.
    // 1. install (preview — not yet on npm)
$ npm i @agentpki/vercel-ai

// 2. add the middleware to your generateText call
import { generateText } from 'ai';
import { agentpkiMiddleware } from '@agentpki/vercel-ai';

await generateText({
  model: openai('gpt-4o'),
  experimental_telemetry: agentpkiMiddleware({
    passportProvider: async () => ({ token: process.env.AGENTPKI_TOKEN! }),
  }),
});
    // 1. install (@agentpki/sdk is live on npm)
$ npm i @agentpki/sdk openai

// 2. give OpenAI the AgentPKI client's fetch
import OpenAI from 'openai';
import { AgentPKI } from '@agentpki/sdk';

const pki = new AgentPKI({
  passportProvider: async () => ({ token: process.env.AGENTPKI_TOKEN! }),
});

const client = new OpenAI({
  fetch: pki.fetch.bind(pki),
});
    // 1. install (@agentpki/sdk is live on npm)
$ npm i @agentpki/sdk @anthropic-ai/sdk

// 2. give Anthropic the AgentPKI client's fetch
import Anthropic from '@anthropic-ai/sdk';
import { AgentPKI } from '@agentpki/sdk';

const pki = new AgentPKI({
  passportProvider: async () => ({ token: process.env.AGENTPKI_TOKEN! }),
});

const client = new Anthropic({
  fetch: pki.fetch.bind(pki),
});
    // 1. install (@agentpki/sdk is live on npm)
$ npm i @agentpki/sdk

// 2. use the AgentPKI client as a drop-in fetch
import { AgentPKI } from '@agentpki/sdk';

const pki = new AgentPKI({
  passportProvider: async () => ({ token: process.env.AGENTPKI_TOKEN! }),
});

const res = await pki.fetch('https://reuters.com/api/article/123');
// AgentPKI-Token header + RFC 9421 signature attached automatically.
    2 Verify any outbound call from your code

    In a separate terminal (or paste the token into agentpki.dev/check), run:

    $ curl -X POST https://verify.agentpki.dev/v1/verify \
    -H 'content-type: application/json' \
    -d '{"token":"<paste-token-here>"}'

{
  "verdict": "allow",
  "issuer": "mybot.agents.agentpki.dev",
  "elapsed_ms": 47
}

    That’s end-to-end inside your real project. Your existing agent now carries a verifiable cryptographic identity for every outbound call.

    3 Assert the failure modes work in your test suite

    Three assertions. If any stops passing against your prod verifier, the trust system regressed.

    Drop-in test code vitest · ~30 lines 
    // agentpki.test.ts — drop this into your existing test suite
import { describe, it, expect } from 'vitest';

const VERIFY = 'https://verify.agentpki.dev/v1/verify';
const MINT   = 'https://demo.agentpki.dev/mint';

async function verify(token: string) {
  const r = await fetch(VERIFY, {
    method: 'POST',
    headers: { 'content-type': 'application/json' },
    body: JSON.stringify({ token }),
  });
  return r.json();
}

describe('AgentPKI trust contract', () => {
  it('allow on a real signed token', async () => {
    const { token } = await fetch(MINT).then(r => r.json());
    const v = await verify(token);
    expect(v.verdict).toBe('allow');
  });

  it('deny + bad_signature on tampered token', async () => {
    const { token } = await fetch(MINT).then(r => r.json());
    const [v, p, p2, f] = token.split('.');
    const tampered = `${v}.${p}.${p2.slice(0, -4)}AAAA.${f}`;
    const result = await verify(tampered);
    expect(result.verdict).toBe('deny');
    expect(result.failure_reason).toBe('bad_signature');
  });

  it('deny + revoked_key when issuer rotated the kid', async () => {
    const { token } = await fetch(`${MINT}?revoked=1`).then(r => r.json());
    const result = await verify(token);
    expect(result.verdict).toBe('deny');
    expect(result.failure_reason).toBe('revoked_key');
    expect(result.failure_detail).toContain('demo-2026-q1-rotated');
  });
});

    Run that suite right now, from this page

    Your browser executes the same three assertions against verify.agentpki.dev. If any of these stops passing, the trust system regressed — not your code, not your network. Click run as many times as you like; cached responses from the verifier produce different latencies but the same verdicts.

    Got stuck somewhere? Tell us where.

    That’s our next bug.

    [email protected] GitHub Discussions

    Apache 2.0 · v0.2 live · bootstrapped from San Francisco

    2How a bot-defense vendor consumes the verdict

    The verdict from §3 isn't the final answer — it's one signal that flows into the vendor's existing scoring pipeline. AgentPKI never overrides; it only adds. Same shape as how vendors already consume third-party threat-intel feeds.

    Vendor's existing pipeline (today) 
    // Cloudflare bot-management scoring (simplified)
let score = 0;
score += fingerprint(req);          // 0.30 — looks scripted
score += ipReputation(req.ip);      // 0.20 — fresh residential
score += behaviorAnalysis(session); // 0.15 — no human variance

// Total: 0.65 → above 0.5 threshold → CAPTCHA
    Add AgentPKI middleware (~30 LOC drop-in) 
    // One new signal — never replaces, only adjusts.
const apki = await verifyAgentPKI(req);
if (apki?.verdict === 'allow') {
  score -= 0.40 * tierWeight(apki.passport.tier);
  //         ↑ tier 2 (KYB) = 1.0 · tier 3 (HSM) = 1.25
}
    New combined decision 
    // 0.65 (fingerprint+ip+behavior) − 0.40 (tier-2 AgentPKI signal)
// = 0.25 → below threshold → ALLOW

// Result: Anthropic's research bot gets through.
//         Unsigned Python script (no AgentPKI header) still hits 0.65 → CAPTCHA.
//         Tampered token → AgentPKI verify returns 'deny' → no adjustment.

    The vendor stays in control. They pick the weight (we suggest 0.40 for tier 2, 0.50 for tier 3). They decide the threshold. AgentPKI never sees the request itself — only the token. The vendor's behavioral models, IP reputation databases, customer-specific rules — all still run and still matter. AgentPKI just adds the one thing nobody could measure before: "this traffic carries a verifiable claim of legitimacy from a known issuer."

    Reference 30-line integration on GitHub: github.com/agentpki/bot-defense-reference — drops into Cloudflare Workers, DataDome's API hook, hCaptcha's enterprise endpoint, Arkose's signal-API, or your own edge.

    What this gives an API with tiered access

    If you run an API that wants to apply different limits to different agents (Stripe, Shopify, Reddit, anyone with a developer tier), AgentPKI gives you a verifiable answer to "whose agent is this and what are they authorized to do?"

    // Your API gateway, after AgentPKI verification:
const passport = await verifyAgentPKI(req);

// 1. Rate-limit by issuer, not just IP
rateLimiter.check(`agent:${passport.iss}/${passport.sub}`);

// 2. Authorize by scope
if (req.path.startsWith('/articles/') && !passport.scope.includes('read:articles')) {
  return res.status(403).send({ error: 'insufficient_scope' });
}

// 3. Bill the issuer's account, not the user's
billing.charge(passport.iss, calculateUsage(req));

// 4. Audit-log who did what
audit.log({ issuer: passport.iss, agent: passport.sub, path: req.path, tier: passport.tier });

    Without AgentPKI, the API can only see User-Agent headers (which lie) and IP addresses (which rotate). With AgentPKI, the API gets a cryptographically signed, revocable, auditable claim of who's calling and what they're authorized to do — without needing every agent operator to register an API key with you in advance.

    3What just happened, end-to-end

    1. Anthropic's research-bot SDK signed a passport with their Ed25519 private key, scoped to read:articles, valid for 5 minutes.
    2. The SDK attached the passport as a header to the outbound HTTP request to reuters.com/api/article/123.
    3. Reuters' Cloudflare edge received the request, extracted the passport, sent it to verify.agentpki.dev/v1/verify.
    4. The verifier fetched Anthropic's public key from anthropic.com/.well-known/agentpki-issuer.json (cached at edge), validated the Ed25519 signature, consulted Anthropic's CRL (also cached), returned verdict: allow + passport metadata.
    5. Cloudflare's bot-defense fed the verdict into its existing score: signed passport from a tier-2 verified issuer dropped risk_score from 0.65 → 0.02.
    6. Reuters allowed the request, served the article, and logged "anthropic.com → research-bot-v3 → /api/article/123" in their bot-traffic audit.

    No shared secrets between Reuters and Anthropic. No central authority. No blockchain. Just standards-grade cryptography (PASETO v4 + Ed25519 + RFC 9421) over a public protocol that any verifier on the web can check.

    4Under the hood

    Three real network calls to two different production-deployed Workers. Click to expand the raw responses.

    Mint
    demo.agentpki.dev/mint

    Issuer signs a PASETO v4 token with Ed25519. Returns the token + decoded passport metadata.

    Show response 
    {
  "token": "v4.public.eyJpc3M…",
  "passport": {
    "iss": "demo.agentpki.dev",
    "sub": "agent:browser-demo/visitor",
    "scope": ["read:articles"],
    "tier": 2,
    "kid": "demo-2026-q2"
  },
  "expires_in": 300
}
    Verify
    verify.agentpki.dev/v1/verify

    Verifier fetches the issuer's public key, validates signature, consults CRL, returns verdict.

    Show response 
    {
  "verified": true,
  "verdict": "allow",
  "passport": { "issuer": "demo.agentpki.dev", … },
  "crl_fresh": true,
  "abuse_score": 0.02,
  "elapsed_ms": 21
}

    Want to run your own?

    Two paths, both walked through in the dashboard:

    Spin up your own issuer → Fork the Worker template

    Talk to Founder

    Personal reply from Founder within 48 hours. Tell us a bit about you — what you're building, what you'd want from AgentPKI, anything you want to push back on.

    By submitting, you agree we can email you back. We don't share leads, ever.