Agent Identity Protocol & Delegation
DID-based identity anchored to Ed25519 keypairs with X25519 key agreement, selective disclosure via Pedersen commitments, hierarchical delegation chains with bounded authority, and a Merkle-accumulator registry for O(log n) membership proofs.
DID Derivation
From keypair to decentralized identifier
Every AEOS agent identity begins with an Ed25519 keypair. The public key is hashed with SHA-256 and truncated to produce a deterministic, collision-resistant DID that uniquely identifies the agent across the entire protocol.
Ed25519
KeyPair.generate()
public_key
32 bytes (256 bits)
SHA-256
hash(public_key)
truncate
digest[:32] hex chars
did:aeos:<hash>
final DID string
from nacl.signing import SigningKey
import hashlib
signing_key = SigningKey.generate()
public_key = signing_key.verify_key.encode()
digest = hashlib.sha256(public_key).hexdigest()
did = f"did:aeos:{digest[:32]}"
# Result: did:aeos:a1b2c3d4e5f6... (32 hex chars)Identity Document
17 fields of AgentIdentity
The AgentIdentity struct is the canonical representation of an agent in the AEOS protocol. Every field is cryptographically bound by the trailing self-attestation signature, making selective tampering detectable.
string
did:aeos:<hash>[:32]
enum
AUTONOMOUS | SEMI_AUTONOMOUS | DELEGATED | COMPOSITE
Ed25519
Primary verification key (RFC 8032)
X25519
Key agreement for encrypted channels
Option<string>
DID of the supervising entity
Vec<CapabilityScope>
Granted protocol scopes
AuthorityBounds
11-dimension constraint envelope
Vec<DelegationLink>
Signed chain to root authority
Vec<Credential>
Verifiable claims & attestations
f64
Network-computed trust metric
DateTime
Identity registration timestamp
DateTime
Last modification timestamp
enum
ACTIVE | SUSPENDED | REVOKED
HashMap
Extension fields for integrators
u64
Monotonic counter for replay protection
u32
Schema version for forward compatibility
Ed25519Sig
Self-attestation over canonical form
Delegation Chain
Hierarchical authority with bounds containment
Delegation chains encode parent-child authority relationships. At every level, the invariant holds: child.bound[dim] <= parent.bound[dim] for all 11 dimensions. Each link is signed under the AEOS/delegation/ domain separator to prevent cross-context signature replay.
Root Controller
Human / Legal Entity
bounds: max_tx: ∞, daily_vol: ∞, depth: 3
capabilities: ALL (10/10 scopes)
AEOS/delegation/ domain sig
Parent Agent
AUTONOMOUS
bounds: max_tx: 50k, daily_vol: 500k, depth: 2
capabilities: TRANSACT, NEGOTIATE, SIGN_CONTRACT, DELEGATE, ACCESS_DATA, MODIFY_STATE
AEOS/delegation/ domain sig
Child Agent
SEMI_AUTONOMOUS
bounds: max_tx: 10k, daily_vol: 100k, depth: 1
capabilities: TRANSACT, NEGOTIATE, SIGN_CONTRACT, ACCESS_DATA
AEOS/delegation/ domain sig
Leaf Agent
DELEGATED
bounds: max_tx: 1k, daily_vol: 10k, depth: 0
capabilities: TRANSACT, ACCESS_DATA
def verify_delegation(parent: AgentIdentity, child: AgentIdentity) -> bool:
"""Every dimension of child bounds must be <= parent bounds."""
pb, cb = parent.authority_bounds, child.authority_bounds
return all([
cb.max_transaction_value <= pb.max_transaction_value,
cb.max_daily_volume <= pb.max_daily_volume,
cb.max_contract_duration_hrs <= pb.max_contract_duration_hrs,
cb.max_delegation_depth <= pb.max_delegation_depth,
cb.max_concurrent_contracts <= pb.max_concurrent_contracts,
cb.max_counterparties <= pb.max_counterparties,
set(cb.allowed_asset_types) <= set(pb.allowed_asset_types),
# Domain-separated signature verification
verify_ed25519(
signature=child.delegation_chain[-1].signature,
message=domain_sep("AEOS/delegation/", serialize(child)),
public_key=parent.signing_key
)
])Selective Disclosure
Reveal only what's necessary
Agents can prove specific claims without exposing their full identity document. Pedersen commitments hide the claim value while Merkle membership proofs anchor the commitment to the credential tree root.
Full Credential
did: did:aeos:a1b2c3d4...
agent_type: AUTONOMOUS
reputation: 0.94
capabilities: [TRANSACT, ...]
max_tx_value: 50000
All claims visible
Pedersen Commitment
C = SHA256(v || r)
v = claim value, r = blinding factor
+ Merkle membership proof
path: root → ... → leaf(C)
Verifier Sees
Full identity remains hidden
Authority Bounds
11-dimension constraint envelope
AuthorityBounds defines the operational envelope for every agent. These bounds are enforced at the protocol level before any action is committed—ensuring that delegated agents can never exceed their granted authority.
| # | Dimension | Type | Description |
|---|---|---|---|
| 01 | max_transaction_value | u128 | Upper limit on any single transaction value in base units |
| 02 | max_daily_volume | u128 | Aggregate 24h rolling volume cap across all settlement rails |
| 03 | max_contract_duration_hours | u64 | Maximum lifespan of any single contract in hours |
| 04 | max_delegation_depth | u8 | How many levels of sub-delegation this agent may create |
| 05 | max_concurrent_contracts | u32 | Active contract slots before new proposals are rejected |
| 06 | max_counterparties | u32 | Distinct agents this identity may interact with simultaneously |
| 07 | allowed_asset_types | Vec<AssetType> | Whitelist of token / fiat types this agent can handle |
| 08 | restricted_counterparties | Vec<DID> | Blocklist of DIDs this agent must refuse to transact with |
| 09 | geographic_restrictions | Vec<ISO3166> | Jurisdictions where this agent may not operate |
| 10 | time_window_start | Option<Time> | Earliest time-of-day the agent may initiate operations |
| 11 | time_window_end | Option<Time> | Latest time-of-day the agent may initiate operations |
Capability Scopes
10 protocol-level permissions
Each CapabilityScope represents a distinct class of protocol operations. Agents are granted a subset of these scopes at identity creation, and delegated agents may only receive a subset of their parent's capabilities.
TRANSACT
Initiate and receive value transfers across settlement rails
NEGOTIATE
Propose, counter-offer, and accept contract terms
SIGN_CONTRACT
Produce binding Ed25519 signatures on agreements
DELEGATE
Issue child identities with subset authority bounds
ACCESS_DATA
Read from shared data stores and Merkle-proved state
MODIFY_STATE
Write to protocol-managed mutable state objects
DISPUTE
File disputes and submit cryptographic evidence
INSURE
Underwrite risk pools and issue coverage commitments
BORROW
Request credit lines backed by reputation or collateral
LEND
Extend capital with protocol-enforced repayment terms
Agent Registry
Merkle accumulator membership proofs
The AgentRegistry maintains a MerkleAccumulator over all registered identities. Registration produces a MerkleProof that any third party can verify against the published root—without downloading the full registry. Domain-separated hashing prevents second-preimage attacks across tree levels.
Domain-Separated Hashing
Leaf nodes
H(0x00 || serialize(identity))
0x00 prefix tags leaf-level data
Internal nodes
H(0x01 || left_child || right_child)
0x01 prefix tags internal hashes
Registration Flow
Agent submits signed AgentIdentity
Registry validates signature & bounds
Identity appended as leaf to MerkleAccumulator
Accumulator recomputes root hash
MerkleProof returned to agent for future verification
class MerkleAccumulator:
"""Append-only accumulator with domain-separated hashing."""
LEAF_PREFIX = b"\x00"
INTERNAL_PREFIX = b"\x01"
def hash_leaf(self, data: bytes) -> bytes:
return sha256(self.LEAF_PREFIX + data).digest()
def hash_internal(self, left: bytes, right: bytes) -> bytes:
return sha256(self.INTERNAL_PREFIX + left + right).digest()
def append(self, identity: AgentIdentity) -> MerkleProof:
leaf = self.hash_leaf(serialize(identity))
self.leaves.append(leaf)
self._rebuild_tree()
return self._proof_for(len(self.leaves) - 1)
def verify(self, proof: MerkleProof, root: bytes) -> bool:
"""O(log n) verification against published root."""
current = proof.leaf_hash
for (sibling, direction) in proof.path:
if direction == Direction.LEFT:
current = self.hash_internal(sibling, current)
else:
current = self.hash_internal(current, sibling)
return current == rootMerkle Tree Structure
W3C DID Document
Standards-compliant interoperability
Every AgentIdentity can be exported as a W3C DID Document for interoperability with external systems. The document includes Ed25519VerificationKey2020 for signing and X25519KeyAgreementKey2020 for encrypted channel establishment.
{
"@context": [
"https://www.w3.org/ns/did/v1",
"https://w3id.org/security/suites/ed25519-2020/v1",
"https://w3id.org/security/suites/x25519-2020/v1"
],
"id": "did:aeos:a1b2c3d4e5f67890abcdef1234567890",
"controller": "did:aeos:root_controller_did_hash_here",
"verificationMethod": [
{
"id": "did:aeos:a1b2c3d4...#signing-key",
"type": "Ed25519VerificationKey2020",
"controller": "did:aeos:a1b2c3d4...",
"publicKeyMultibase": "z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK"
}
],
"keyAgreement": [
{
"id": "did:aeos:a1b2c3d4...#encryption-key",
"type": "X25519KeyAgreementKey2020",
"controller": "did:aeos:a1b2c3d4...",
"publicKeyMultibase": "z6LSbysY2xFMRpGMhb7tFTLMpeuPRaqaWM1yECx2AtzE3KCc"
}
],
"authentication": ["did:aeos:a1b2c3d4...#signing-key"],
"assertionMethod": ["did:aeos:a1b2c3d4...#signing-key"],
"capabilityDelegation": ["did:aeos:a1b2c3d4...#signing-key"],
"service": [
{
"id": "did:aeos:a1b2c3d4...#aeos-protocol",
"type": "AEOSProtocolEndpoint",
"serviceEndpoint": "https://api.aeos.network/v1/agents/a1b2c3d4..."
}
]
}Ed25519VerificationKey2020
Primary signing key for authentication, assertions, and capability delegation. Deterministic signatures with 128-bit classical security.
X25519KeyAgreementKey2020
Diffie-Hellman key agreement for establishing encrypted communication channels between agents.
AEOSProtocolEndpoint
Service endpoint for protocol interactions, contract negotiation, and identity resolution via the AEOS REST API.
Continue exploring the protocol
Agent identity is the foundation. Explore how identities interact through contracts, are secured by the cryptographic layer, and anchored by the full protocol stack.