For developers
AgentPKI is an open protocol with a working reference implementation deployed on Cloudflare Workers. Everything is Apache 2.0, every spec version is published, every endpoint is documented, and the entire stack is live at edge latency.
30-second quickstart
# mint a passport, verify it
TOKEN=$(curl -s https://demo.agentpki.dev/mint | jq -r .token)
curl -s -X POST https://verify.agentpki.dev/v1/verify \
-H 'content-type: application/json' \
-d '{"token":"'$TOKEN'"}' | jq .verdict
# → "allow"Three product lines (core identity, declared intent, content provenance) and the tooling around them. Pick whichever surface matches what you're building.
v0.1 core (passport, signing, verification), v0.2 operational (CRL, replay, abuse), v0.3-intent (bot intent registry). Plus AgentPKI Provenance v0.1 as a separate product line (agent-signed C2PA content).
Live on Cloudflare Workers. KV-backed directory cache, Durable Object replay cache, public stats and audit-log endpoints. Demo issuer at demo.agentpki.dev mints test passports with no auth.
@agentpki/sdk (TypeScript), agentpki (Python), agentpki CLI with mint / verify / decode / diff / batch / intent / provenance subcommands. Browser SDK CDN, MCP server, GitHub Action, VS Code extension.
Mint a token, paste it, verify it, tamper it, watch it fail. Build an intent policy visually. Sign content and tamper it. Watch the Mode B replay cache fire.
Public stats counter, status page with edge health probe, hash-chained intent audit log, issuer directory aggregator, revocation Atom feed + webhook subscribe.
<agentpki-verify> web component for live verification badges on any page. Browser SDK CDN with SRI pinning. Chrome extension for verifying tokens encountered in the wild.
Every release with date, scope, and links. Reverse-chronological. If you want to track what's coming, the spec drafts and GitHub issues are the right places.