The open standard for cryptographic provenance and attribution for AI Agents.
"Agents are currently anonymous ghosts. AIP gives them a persistent, verifiable identity."
When an AI Agent (Claude, ChatGPT, or custom) attempts to interact with the real world—updating a database, calling an API, or executing a trade—the receiving system sees an anonymous request.
- Who did this? (Was it the Support Bot or the Finance Bot?)
- Was it tampered with? (Did a router or middleman change the prompt?)
- Can I audit it? (How do I prove which agent authorized this action?)
Agent Identity Protocol (AIP) is a Model Context Protocol (MCP) Server that provides a local, secure "Wallet" for AI Agents. It enables Attribution and Non-Repudiation for agentic workflows.
- Identity Generation: Creates a persistent cryptographic keypair (RSA-2048) for the agent.
- Cryptographic Signing: Allows the agent to sign payloads (actions) using its private key.
- Verification: Provides a standard method for APIs to verify agent actions against a public key.
Best for testing and quick usage.
⚠️ Note: Identities created via Smithery are temporary (sandboxed) and will be lost when you restart Claude unless you configure a custom path (see Configuration).
npx -y @smithery/cli@latest install @faalantir/mcp-agent-identity --client claude
Best for production use and persistent identity storage.
# Clone the repository
git clone https://github.com/faalantir/mcp-agent-identity.git
# Install dependencies
cd mcp-agent-identity
npm install && npm run buildThen add this to your claude_desktop_config.json:
{
"mcpServers": {
"agent-identity": {
"command": "node",
"args": ["/ABSOLUTE/PATH/TO/mcp-agent-identity/dist/index.js"]
}
}
}By default, the server tries to save identity.json in your project folder. If it cannot write there (e.g., inside a Smithery container), it falls back to the system temporary directory (RAM/Temp).
To force a permanent location for your keys: Update your claude_desktop_config.json with the AGENT_IDENTITY_PATH environment variable:
"agent-identity": {
"command": "...",
"args": ["..."],
"env": {
"AGENT_IDENTITY_PATH": "/Users/YOURNAME/Desktop/my-identity.json"
}
}Once installed, your Agent automatically gains these tools. You can prompt it naturally:
User: "Create a permanent identity for yourself named 'FinanceBot'." Agent: Calls create_identity...
"Identity created. My Public ID is
MIIBIjAN...(I have securely stored the Private Key)."
User: "Show me my identity details." Agent: Calls get_identity...
"Agent Name: FinanceBot Location: /Users/aarti/Desktop/my-identity.json Public Key: ..."
User: "Please authorize a transfer of $50 to Alice." Agent: Calls sign_message...
"I have signed the transaction payload. Signature:
7f8a9d...(Verifiable)"
Use our NPM SDK to verify signatures in your backend:
npm install @agent-identity/verifyimport { verifyAgentIdentity } from "@agent-identity/verify";
const result = verifyAgentIdentity({ message: "pay 500", signature: "...", publicKey: "..." });
if (result.isValid) { // Proceed with transaction }We are designed to be algorithm-agnostic. While v0.1 uses local files for simplicity, the protocol is built to swap the "Signer Engine" for enterprise backends.
-
v0.1 (Current): Local RSA-2048 keys. Self-sovereign identity. Best for internal tools, debugging, and audit logs.
-
v0.2 (Next): Ed25519 support (smaller, faster keys) and DID (Decentralized Identifier) export.
-
v0.3: Cloud Key Management (AWS KMS / Google Cloud HSM) integration for enterprise deployments.
-
v0.4: Hardware Enclave / TPM support (keys generated inside the chip, never exposed to OS).
-
v1.0: The "Agent Registry" – A centralized directory to map Public Keys to verified Human Owners (Chain of Trust).
-
Self-Signed Trust: Currently, agents generate their own keys. This creates a "Self-Signed Certificate" model. This is excellent for Attribution (knowing which agent did X) but requires an external trust mechanism for high-stakes Authorization.
-
Key Storage: Keys are currently stored in
identity.jsonon the host machine. Do not use this in shared environments without proper file permissions.
We are looking for contributors to help build Verification SDKs for Python and Go.
Maintained by the Agent Identity Working Group.