AIdenID / docs
HomeTeamRequest a demo
Documentation

Identity & clearance for the agentic internet.

AIdenID gives an autonomous agent a verifiable identity, and gives your site a deterministic answer on every request that agent makes — one of six outcomes, each backed by a cryptographically signed receipt anyone can verify.

Overview

AI agents now browse, buy, and act on the open web on behalf of people and organizations. AIdenID is the site-owned decision layer for that traffic: it decides who gets through, per request, and proves the decision. It is vendor-neutral across edges — one-line middleware for Node / Fastify / Next, with Cloudflare and Fastly edge adapters (Vercel Edge on the roadmap).

Identity + Clearance — one platform

AIdenID is two halves of a single lifecycle, not two products:

The story end to end: issue an identity → delegate authority → clear every request → emit a receipt → revoke instantly. Identity answers who; clearance answers may they, right now.

How it runs — two planes

The decision that gates a request is deliberately separated from the machinery that manages identities, so the hot path stays fast and keeps working even when our control plane doesn't.

PlaneRuns atWhat it does
Data planeYour edge / gatewayMakes the per-request call locally, from request headers and signature alone — the request body is never forwarded. It reads a signed policy + reputation snapshot held in memory, so there is no per-request database lookup. Sub-millisecond, and fail-static: if the control plane is unreachable, the last good snapshot keeps deciding.
Control planeAIdenID APIOff the hot path entirely: identity enrollment, delegation, signed receipts, and publishing the snapshots the edge consumes — refreshed in the background, never from inside a request.
What's open is the protocol surface — what an agent sends and how you verify it. The policy compiler and the reputation model that produce the snapshot are the proprietary core. The edge verifies the snapshot's signature before it trusts it.

Quickstart

Install the enforcement SDK and gate a route in one line:

// 1. install
npm i @aidenid/sdk

// 2. verify, then enforce — at your existing gate
import { verifyAgent, enforce } from '@aidenid/sdk'

const decision = await verifyAgent(req, { route: '/blog/:slug', action: 'read', resourceId: slug })
return enforce(decision)  // allow→full · priced→402 · else→teaser only
Invariant: for any non-allow outcome, the server serializes only the teaser. The full gated body never leaves the server.

The six outcomes

Every request resolves to exactly one terminal outcome, with a canonical HTTP behavior:

OutcomeMeaningHTTP
allowverified + delegated + in-scope200 · full body
throttleallowed but rate-limited429 · teaser + Retry-After
queueaccepted, deferred202 · teaser + position
sandboxallowed into a limited view200 · sandboxed subset
denynot verified / out-of-scope200 · teaser only
price_requiredpay-to-access402 · signed price quote

Payments — the 402 is real money

When a surface is worth money, price_required answers 402 Payment Required with a signed price quote instead of hard-blocking. That response is compatible with x402 — the open HTTP-402 standard for agent payments — and Google's AP2. The agent's wallet settles the micro-payment and retries the request.

AIdenID sets the policy and the price; the agent's wallet does the settlement. A crawler you would have blocked becomes a paying customer — on rails the industry is already adopting (x402 alone counted roughly 69k active agents and 165M+ transactions through 2026), not a private toll you'd have to ship a wallet for.

The four-layer cascade

Evaluated in order; every layer writes an honest 0..1 score and a passed flag into the receipt.

#LayerWhat it proves
L1operator_signatureEd25519 signature from a known operator (OpenAI, Google…) over the request bytes.
L2delegation_proofA scoped, in-date delegation from the human principal the agent acts for.
L3behavioral_fingerprintDeterministic cadence/shape score — bursts get rate-limited.
L4operator_reputationStanding of the operator behind the agent, anchoring the final call.

Delegation & revocation

An agent acts under a delegation — a scoped grant from a human principal, bound to an action and optionally a single resource, with an issue and expiry time:

{
  "principalId": "user_42",
  "agentId":     "chatgpt-agent-7f3a",
  "scope":       ["read"],
  "resourceId":  "aidenid-demo",
  "issuedAt":    "2026-06-16T00:00:00Z",
  "expiresAt":   "2026-06-16T01:00:00Z"
}

Revocation is instant. A single call kills a chain, session, or delegation; an epoch is checked on every request, and the next request from that agent returns a deny revocation receipt (revoked: true, revocationOf: <receiptId>).

Signed receipts & verification

Every decision returns a Decision receipt signed with Ed25519 over a deterministic canonical encoding. The receipt carries its own verify key, so it is self-verifiable — clients re-check the signature in-browser with zero server round-trips.

// the verifier checks the exact same canonical bytes the signer signed
const ok = ed25519.verify(
  d.signerPublicKey,
  d.signature,
  canonicalString(signingPayload(d)),  // keys sorted, no whitespace, undefined dropped
)

Crypto fields (signature, signerKeyId, signerPublicKey, alg) are excluded from the signed payload. Scores are rounded to 4 decimals before signing so the bytes are stable across engines.

API reference

Same-origin (or via a proxy) — no CORS holes. Decision endpoints:

MethodPathReturns
POST/api/aidenid/verifyRequestContext → Decision
POST/api/aidenid/revoke{ receiptId } → revocation Decision
GET/api/aidenid/streamSSE of StreamEvent
GET/api/aidenid/pubkey{ signerKeyId, publicKey }

Live control-plane endpoints (traffic stream, plain-language rules → signed policy versions, bounded agent planning sessions): /api/aidenid/traffic, /classify, /rules, /simulate, /policies, /agent.

Confidence labels (the soft path)

AIdenID never claims human-vs-bot certainty. Alongside the cryptographic hard path, requests carry a confidence label:

Deterministic, not a black box. The soft path sorts unsigned traffic by explicit, auditable signals — not an opaque ML score — so every label is predictable and explainable. New policy rolls out observe → recommend → enforce, and an uncertain call fails soft (it slows or sandboxes rather than hard-denying) until you switch enforcement on. The exact signal weighting and the operator-reputation model are the proprietary core; the labels above are the stable contract.

Protocol & proofs

The identity and verification surface is built on open standards and is tested — so a reviewer can check the work rather than take our word:

Open surface, closed core. The wire protocol and the verification math are open and standards-based. The policy compiler, the behavioral signals, and the reputation model — the parts that decide well — are the product.

Questions?

Tell us what you're protecting and we'll show you exactly how AIdenID decides on your traffic — live, on a real surface. Ask us anything.

Contact us →