Open protocol · Apache 2.0 · Post-quantum ready

Your AI agents need
identity. Not API keys.

Cryptographic identity, scoped delegation, and tamper-evident audit trails — purpose-built for autonomous AI agents. Self-host free forever, or let us run it.

Start Free (Self-Hosted) Request Cloud Access
terminal

$ idprova keygen --output operator.key

# Ed25519 keypair generated

$ idprova dat issue --scope "mcp:tool:*:read" --expires-in 1h

# Delegation token issued (1h, read-only)

$ idprova dat verify $TOKEN --scope "mcp:tool:fs:write"

# DENIED — scope not granted

Three questions you can't answer today

AI agents are calling APIs, delegating to sub-agents, and accessing sensitive systems. But there's no standard way to answer:

Who is this agent?

Can you cryptographically prove an agent's identity? API keys identify applications, not autonomous actors with delegation chains.

What can it do?

Who granted this agent permission? What scopes, time limits, and constraints apply? OAuth tokens don't chain. SPIFFE doesn't scope.

What did it do?

Can you verify the audit trail hasn't been tampered with? Standard logs can be edited. You need cryptographic proof of every action.

Three cryptographic primitives

Purpose-built for the agent era. Not retrofitted from human identity systems.

Identity

Agent Identity Documents (AIDs)

W3C DID-based identity bound to Ed25519 keys. Every agent gets a globally unique, cryptographically verifiable identity — resolvable via any IDProva registry.

  • W3C DID-compatible identifier scheme
  • Ed25519 cryptographic binding
  • 5 trust levels (self-declared → continuously monitored)
aid-create.sh
idprova aid create \
  --id "did:aid:acme.com:orchestrator" \
  --name "Orchestrator Agent" \
  --controller "did:aid:acme.com:admin" \
  --key admin.key
delegation.sh
idprova dat issue \
  --issuer "did:aid:acme.com:orchestrator" \
  --subject "did:aid:acme.com:data-agent" \
  --scope "mcp:tool:filesystem:read" \
  --scope "mcp:tool:database:query" \
  --expires-in "1h" \
  --max-depth 1 \
  --key orchestrator.key
Delegation

Delegation Attestation Tokens (DATs)

Signed, scoped, time-bounded, chainable permission tokens. Agents delegate precisely what's needed — no more, no less. Scopes can only narrow, never widen.

  • 4-part scope grammar (namespace:protocol:resource:action)
  • 8 constraint types (rate limit, geofence, IP, depth...)
  • Instant revocation via registry API
Audit

Action Receipts

Every agent action produces a BLAKE3 hash-chained receipt. Tamper with one entry and the entire chain breaks. Your compliance team gets cryptographic proof of every action.

  • BLAKE3 hash-linked chain
  • Independent chain integrity verification
  • Maps to NIST AU-2, AU-9, AU-10 controls
receipt-chain.json
{
  "action": "mcp:tool:filesystem:read",
  "agent": "did:aid:acme.com:data-agent",
  "timestamp": "2026-03-17T01:30:00Z",
  "prev_hash": "b3_7f8a2c...",
  "hash": "b3_9e4d1a...",
  "signature": "ed25519:..."
}

Open source. Managed cloud.

The protocol and libraries are free forever. IDProva Cloud removes the ops burden.

Community (Free Forever)

Apache 2.0 · Self-hosted

  • idprova-core Rust crate + CLI
  • Python SDK & TypeScript SDK
  • Self-hosted registry (Axum + SQLite)
  • Full protocol specification
  • Compliance mapping tables (NIST, ISM, SOC 2)
  • Community support via GitHub
Get started free →

IDProva Cloud

From $149/mo · Managed

  • Everything in Community, plus:
  • Managed registry (registry.idprova.com)
  • Web dashboard & DAT API
  • SSO/RBAC, compliance report generator
  • SIEM integration & anomaly detection
  • AU-only data residency & IRAP evidence bundle
View pricing →

Built for real-world agent architectures

MCP Tool Security

Scope which agents can call which MCP tools. Filesystem read but not write. Database query but not modify. Cryptographically enforced.

Enterprise Governance

Central registry for all agent identities. Delegation policies enforced at the protocol level. Real-time revocation. Complete audit trails.

Sovereign Agent Identity

AU-only data residency. IRAP evidence bundles. Maps to ISM controls. Built by an ASD-endorsed IRAP Assessor with Australian Government security clearance.

Trusted by design

N

NIST NCCoE

Submitted to NIST National Cybersecurity Center of Excellence for AI agent identity standardisation

I

IRAP Assessor

Built by an ASD-endorsed Information Security Registered Assessors Program (IRAP) assessor

S

Security Cleared

Australian Government security cleared — trusted to assess and build for critical infrastructure

A

Apache 2.0

Core protocol and libraries are open source under Apache 2.0. No vendor lock-in, ever.

Q

Post-Quantum Ready

ML-DSA-65 (FIPS 204) planned. Designed for crypto agility from day one.

247

Battle Tested

247 tests across 5 Rust crates. Ed25519 signatures, BLAKE3 hashing, comprehensive verification pipeline.

From CLI to Cloud in minutes

Start with the open-source CLI today. When you're ready to remove the ops burden, migrate to IDProva Cloud with zero code changes.

Self-hosted (free)

$ cargo install idprova-cli
$ idprova keygen --output ops.key
$ idprova registry start
# Running on localhost:4242

IDProva Cloud

$ idprova config set registry \
    https://registry.idprova.com
$ idprova aid publish my-agent.json
# Published to managed registry
Read the Docs Join the Waitlist