Agent Passport

​

What it is

Agent Passport gives an AI agent a verifiable, revocable identity you can check before you let it move money. You issue a passport that binds the agent to a set of scopes and a spend limit, sign it with a post-quantum key, and hand it to the agent. A counterparty verifies that passport offline — with nothing but the issuer’s public key — and decides whether to grant the agent spend authority. It is the answer to a question agentic commerce keeps asking: can I trust this autonomous agent, and is it allowed to do this? The credential is the proof — there is no callback to the issuer at verification time, and no shared infrastructure to stand up. It is self-contained: bundled Falcon-1024 signing, a pluggable credential store (in-memory and SQLite included), and an injected issuer key. It holds no funds and makes no spend decisions of its own — it produces the authorisation evidence the spending platform checks.

​

What you get

• Agent identity as a payments primitive. A passport is the thing a platform checks before letting an autonomous agent spend — scopes, a spend limit, and an expiry, bound into one post-quantum-signed credential.
• Future-proof trust. Falcon-1024 signing means a long-lived agent identity stays verifiable after classical signatures are no longer safe to rely on.
• Verify anywhere, with no infrastructure. The credential is offline-verifiable from the issuer’s public key alone. A counterparty embeds verification without standing up a service or calling back to you.
• Revocation that actually ships. Instant revoke plus a cacheable revocation list, so authority can be withdrawn in real time — not left as a future enhancement.
• One thing to integrate. A uniform issue / verify / revoke surface with a pluggable store, so it drops into your backend and persists where you already persist.
• Optionally Substrate 2-bound. Pair a verified passport with a Substrate 2 receipt to turn “this agent is trusted” into a signed, offline-verifiable, audit-ready attestation — and to layer on zero-knowledge reputation and cross-issuer federation.

​

How it works

​

Cryptography

• Post-quantum signing. Passports are signed with Falcon-1024 (NIST Level 5) and verify offline against the issuer’s public key — evidence signed today stays unforgeable after the migration to post-quantum cryptography.
• The passport itself carries no zero-knowledge proof; reputation proven in zero-knowledge is a separate capability (see Proofs).

​

Why commercial

The issuer and verifier layer was never published as open source — there is no free tier to fall back on. It is offered as a commercial product because the value is in the maintained, correct, payments-grade trust layer:

• Embed without attribution overhead. A commercial OEM licence lets you ship it inside your own product with no open-source notice obligations to carry through distribution.
• Enterprise terms. Support, warranty, and a defined relationship — the terms procurement and risk teams expect for a trust-critical dependency.
• Maintained crypto suite. Post-quantum primitives, key rotation, and revocation hosting are ongoing work, bundled into the licence rather than inherited.

​

Who it’s for

• Agentic-commerce and autonomous-procurement platforms that grant, bound, and revoke spend authority for AI agents.
• Agent marketplaces and registries that need verifiable, revocable agent identity with a trust scope.
• x402 and machine-payment systems that need a portable credential an agent can present across counterparties.
• Anyone who needs trustworthy, revocable agent identity without building a post-quantum credential stack themselves.

​

Get Agent Passport

Agent Passport is an additional, separately-licensed package — an add-on that binds to Substrate 2, not part of Substrate 2 itself. It is available self-serve as a Starter licence (see below) and as a commercial OEM SDK and is included in the AlgoVoi Enterprise and On-premise plans. It is not distributed on public package registries.