Skip to main content
An agent identity claim passed around as plain fields gives a verifier nothing to pin: who the agent is, who issued the claim, what scope it covers, and how long it is valid can all drift, and an old reference gives no signal. Agent Passport (lite) closes that gap. It content-addresses the public fields of an agent credential into a deterministic, recomputable passport_ref. It asserts no authority by itself; it is a recomputable handle to the identity claim, so two parties can pin and compare the same passport_ref byte for byte. Crucially, passport_ref is exactly the agent_ref that Spend Guardrail (lite) binds, so an agent identity composes straight into the pre-payment decision. It is strictly additive over the frozen Layer 1: no new cryptographic primitive, the same RFC 8785 JCS + SHA-256.
Apache-2.0 open source. Install via pip install algovoi-agent-passport-lite or npm install @algovoi/agent-passport-lite. Python and TypeScript are byte-for-byte identical on the same input. This is the lite tier, content-addressed with no signature; the commercial Agent Passport issues and verifies Falcon-1024 post-quantum trust credentials, binds spend limits, and supports revocation.

How it works

One reference, computed with RFC 8785 JCS canonicalisation and SHA-256: 
passport_ref = "sha256:" + SHA-256(JCS({ agent_id, issuer, scope, validity_window }))
  • agent_id identifies the agent.
  • issuer is who issued the identity claim.
  • scope is what the claim covers.
  • validity_window is the period the claim holds within.
All four fields are byte-load-bearing: change the agent, the issuer, the scope, or the window and the passport_ref diverges. An empty field is rejected, not hashed.

What a verifier can check

Verifier holdsWhat they can check
A passport_ref + the four fieldsThat the reference is for exactly this agent, issuer, scope and window (passport_ref recomputes)
The same, with any one field changedThe change is detected — each field is byte-load-bearing
A passport_ref and a guardrail_refThat the pre-payment decision was made for exactly this agent — passport_ref is the agent_ref the decision binds
No issuer call. No registry lookup. No AlgoVoi service. RFC 8785 JCS, SHA-256, and a JSON parser are the entire dependency.

Use

from algovoi_agent_passport_lite import passport_ref

ref = passport_ref(
    agent_id="agent-001",
    issuer="did:algo:issuer",
    scope="payments",
    validity_window="2026-06-23/2026-12-23",
)
# ref is the agent_ref a Spend Guardrail (lite) decision binds

import { passportRef } from '@algovoi/agent-passport-lite';

const ref = passportRef({
  agent_id: 'agent-001',
  issuer: 'did:algo:issuer',
  scope: 'payments',
  validity_window: '2026-06-23/2026-12-23',
});

Conformance

The agent_passport_lite_v1 vector set (11 vectors) is published in the public corpus — chopmob-cloud/algovoi-jcs-conformance-vectors — with Python and Node runners. It covers the positive references, field-divergence and empty-field rejection, and the field-distinctness invariant. passport_1 and passport_2 equal agent_ref_1 / agent_ref_2 in spend_guardrail_lite_v1. Python and TypeScript reproduce every value byte-for-byte.

The decision chain

Agent Passport (lite) is the identity input to the open, pinned pre-payment decision chain. Spend Guardrail (lite) composes the agent (this passport_ref), the spend authority (a mandate reference), and the policy in force (a Policy Binding reference) into one recomputable decision. Because passport_ref is the same agent_ref the decision binds, identity, authority, and policy chain into a single offline-verifiable address.

Lite vs commercial

Lite (this package)Agent Passport (commercial)
LicenceApache-2.0, openCommercial OEM
Identity referencecontent-addressed passport_refthe same, Falcon-1024 signed credential
Enforcementbring your own verifierissuer trust lists, revocation, validity-window enforcement
Verifierrecompute offlinemaintained verifier
Best foropen integrations, evaluationregulated production, enterprise terms

Adopters

If you build on algovoi-agent-passport-lite, pin ==0.1.0, anchor a canonical passport_ref vector hash from agent_passport_lite_v1, and keep the NOTICE, you qualify for a free v0 licence key for algovoi-mandate-auditor. The gate is scripts/check_v0_adoption.py (dependency + canonical hash anchor + NOTICE + version pin → ISSUE_V0_KEY). Apply: email chopmob@gmail.com with your import-by-hash evidence and a copy of the NOTICE.

Relationship to the open substrate

Agent Passport (lite) sits directly on top of the open JCS Canonicalisation Substrate and composes with Spend Guardrail (lite) and Policy Binding. It uses the same RFC 8785 JCS and SHA-256 primitives — no additional cryptographic dependencies.

Specification

passport_ref is a content-addressed agent-identity reference: the agent_ref consumed by the Spend Guardrail pre-payment decision. It is an instance of the same content-addressed binding construction used across the substrate (a set of fields canonicalised under RFC 8785 JCS and bound by SHA-256). The normative byte-level artifact is the published agent_passport_lite_v1 conformance set. Additive over the frozen canonicalisation substrate, sole AlgoVoi authorship.