The Identity Layer for the Agentic Web
pip install vouch-protocol
# One command to configure SSH signing + Vouch branding
vouch git init
# All future commits are now signed and show ✅ Verified on GitHub
git commit -m "Secure commit"The Open Standard for AI Agent Identity & Accountability
When Anthropic launched MCP, they solved "how agents call tools."
They didn't solve "how we TRUST those agents."Vouch Protocol is the SSL certificate for AI agents.
Read the spec → | Join Discord →
AI agents are making real-world API calls with ZERO cryptographic proof of:
- WHO they are
- WHAT they intended to do
- WHEN they did it
Examples of the risk:
- Healthcare AI accesses patient data → HIPAA violation risk
- Financial AI makes unauthorized trades → Liability nightmare
- Customer service AI leaks data → Compliance failure
Current solutions:
- DIY JWT signing → No agent-specific features, security mistakes easy
- Nothing → Most people just YOLO it and hope for the best
Vouch Protocol provides cryptographic identity for AI agents, modeled after SSL/TLS:
✅ Ed25519 signatures (industry-standard cryptography)
✅ JWK key format (works with existing infrastructure)
✅ Audit trail (cryptographic proof of every action)
✅ Framework-agnostic (works with MCP, LangChain, CrewAI, etc.)
✅ Open source (Apache 2.0 license)
Think of it as:
- SSL certificate = Proves website identity
- Vouch Protocol = Proves AI agent identity
4 Simple Steps:
- Generate Identity - Create keypair and DID
- Sign Action - Agent signs every API call
- Send to API - Include token in HTTP header
- Verify - API checks signature with public key
Trust = Public Key Cryptography + JWT + DID
The same math that secures SSL/TLS, just for AI agents.
| Feature | Vouch Protocol | DIY JWT |
|---|---|---|
| Agent-specific | ✅ (designed for agents) | ❌ (generic) |
| MCP integration | ✅ (native) | ❌ (manual) |
| Framework integrations | ✅ (LangChain, CrewAI, etc.) | ❌ |
| Audit trail format | ✅ (standardized) | ❌ (custom) |
| Security best practices | ✅ (built-in) |
pip install vouch-protocolvouch init --domain your-agent.comfrom vouch import Signer
import os
signer = Signer(
private_key=os.environ['VOUCH_PRIVATE_KEY'],
did=os.environ['VOUCH_DID']
)
token = signer.sign({'action': 'read_database', 'target': 'users'})
# Include token in Vouch-Token headerfrom fastapi import FastAPI, Header, HTTPException
from vouch import Verifier
app = FastAPI()
@app.post("/api/resource")
def protected_route(vouch_token: str = Header(alias="Vouch-Token")):
public_key = '{"kty":"OKP"...}' # From agent's vouch.json
is_valid, passport = Verifier.verify(vouch_token, public_key_jwk=public_key)
if not is_valid:
raise HTTPException(status_code=401, detail="Untrusted Agent")
return {"status": "Verified", "agent": passport.sub}That's it. 3 lines to sign, 3 lines to verify.
Works with all major AI frameworks out-of-the-box:
- ✅ Model Context Protocol (MCP) - Native integration for Claude Desktop & Cursor
- ✅ LangChain - Sign tool calls automatically
- ✅ CrewAI - Multi-agent identity management
- ✅ AutoGPT - Autonomous agent signing
- ✅ AutoGen - Microsoft multi-agent framework
- ✅ Google Vertex AI - Sign function calls
- ✅ n8n - Low-code agent workflows
- 🔐 Key Rotation - Automatic rotating keys for production
- 🎙️ Voice AI Signing - Sign audio frames in real-time
- ☁️ Cloud KMS - AWS KMS, GCP Cloud KMS, Azure Key Vault
- 📊 Reputation Scoring - Track agent behavior over time
- 🚫 Revocation Registry - Blacklist compromised keys
- ⚡ Redis Caching - Production-scale verification
# SEC-compliant trade logging
agent.sign({'action': 'execute_trade', 'amount': 10000, 'symbol': 'AAPL'})# Data access accountability
agent.sign({'action': 'read_customer_data', 'customer_id': 'cust_abc'})# HIPAA-compliant audit trail
agent.sign({'action': 'access_phi', 'patient_id': '12345'})- 🚀 Quick Start
- 🔧 Integration Guides
- 📖 Protocol Specification
- 🏢 Enterprise Features
- 🛡️ Security Best Practices
- ❓ FAQ
- Discord - Ask questions, share use cases → Join now
- GitHub Discussions - Technical discussions → Start a discussion
- Twitter/X - Updates and announcements → @Vouch_Protocol
- Core protocol (Ed25519, JWK, JWT)
- MCP integration
- LangChain, CrewAI, AutoGPT integrations
- W3C Verifiable Credentials compatibility
- Multi-signature support
- Hardware key support (YubiKey, etc.)
- Browser extension (verify agents in real-time)
Apache License 2.0 - See LICENSE
You can use this freely in commercial and open-source projects.
Note: The Vouch Protocol specification may be contributed to W3C as a separate standards track.
Inspired by:
- SSL/TLS (the gold standard for identity)
- OAuth 2.0 (federated identity done right)
- W3C Verifiable Credentials (the future of digital identity)
Built by Ramprasad Gaddam (Twitter/X)
We welcome contributions! See CONTRIBUTING.md.
Areas where we need help:
- Add integrations (Haystack, Semantic Kernel, etc.)
- Improve documentation
- Write tutorials
- Build examples
- Security audits
⭐ Star this repo if you find it useful!
Star on GitHub | Join Discord | Follow on Twitter
To ensure ecosystem freedom, we publish 8 defensive prior art disclosures for novel methods:
| ID | Title | Key Claims |
|---|---|---|
| PAD-001 | Cryptographic Agent Identity | Intent-bound tokens, agent DIDs |
| PAD-002 | Chain of Custody | Recursive delegation, intent chains |
| PAD-003 | Identity Sidecar Pattern | LLM key isolation, JIT signing |
| PAD-004 | Smart Scan Verification | DOM traversal, hash matching |
| PAD-005 | Reverse Lookup Registry | Detached signature recovery |
| PAD-006 | Trust Graph URL Chaining | Credential chain in URL |
| PAD-007 | Ghost Signature | AI/Human provenance telemetry |
| PAD-008 | SSH Piggyback | Zero-config identity bootstrap |