AGiD — Auditable Agent Identity Compliance infrastructure for AI agents. Cryptographic identity, tamper-proof audit trails, end-to-end encrypted communication, and verifiable on-chain memory.
Install as an OpenClaw plugin or run the full AGiD runtime with self-hosted messaging.
CLI / Client
↓ Encrypted messages (ECDH)
MessageBox (self-hosted relay)
↓ Authenticated WebSocket
AGiD Gateway
↓ Plugin system (57 tools)
LLM Provider (Anthropic / Ollama / OpenAI-compatible)
↓ Tool execution
Identity Client (sign, pay, certify, prove)
↓ Encrypted response
MessageBox → Client
The gateway runs a native agent loop iterating between LLM calls and tool execution. Read-only tools execute in parallel. Wallet-mutating tools execute sequentially for signing safety. All 57 tools are registered through the modular plugin system.
Cryptographic Identity — Every agent gets a unique key pair via the Identity Client. Hierarchical key derivation, identity certificates, and identity overlay resolution.57 Tools across 11 plugins — identity, crypto, wallet, messaging, memory, audit, certificates, zero-knowledge proofs, deployment, runtime, file system, browser.Encrypted Memory — On-chain tokens with derived encryption keys. RLM-powered semantic search and deep reasoning.E2E Encrypted Messaging — Self-hosted MessageBox with ECDH encryption. Authenticated WebSocket for live communication. The relay never sees plaintext.Audit Trail — Per-session hash chains with Merkle root commitment on-chain. Workspace integrity verification against immutable anchors.Zero-Knowledge Proofs — Schnorr-based proofs for privileged communication verification, selective session revelation, and content commitments.Certificate System — Issue, verify, revoke, reveal, and exchange identity certificates.Multi-LLM Support — Anthropic Claude, Ollama (local), or any OpenAI-compatible endpoint.Infrastructure Deployment — Deploy and manage projects on Mandala Network nodes directly from agent tools.General-Purpose Execution — Shell commands, file operations, and headless browser automation.
One install. 57 tools. Zero configuration.
openclaw plugin install @agid/openclaw-plugin The Identity Client initializes on first use. Keys are generated and persisted locally. Every tool is immediately available.
openclaw config set agid.network mainnet
openclaw config set agid.storagePath /secure/path/identity.sqlite Full control. Self-hosted. Air-gappable.
Node.js >= 22.0.0
Private key (generate with openssl rand -hex 32)
Anthropic API key (or Ollama / OpenAI-compatible endpoint)
npm install
npm run build
npm run gateway On first run, an interactive setup wizard walks through:
Private key generation or import
Network selection (mainnet / testnet)
LLM provider configuration
Certificate issuance
Workspace file creation
Configuration is persisted to ~/.agidentity/.
Create ~/.agidentity/.env:
AGENT_PRIVATE_KEY=< 64-char-hex>
AGID_NETWORK=mainnet
ANTHROPIC_API_KEY=sk-your-key-here
TRUSTED_CERTIFIERS=< comma-separated-public-keys>
Variable
Default
Description
AGENT_PRIVATE_KEYrequired 64-char hex private key
ANTHROPIC_API_KEY—
Anthropic API key
AGID_LLM_PROVIDERanthropicanthropic, ollama, or openai-compatible
AGID_MODELclaude-sonnet-4-5-20250929Model identifier
AGID_LLM_BASE_URL—
Base URL for Ollama / OpenAI-compatible
AGID_LLM_API_KEY—
API key for OpenAI-compatible
AGID_NETWORKmainnetmainnet or testnet
AGID_STORAGE_MODElocallocal or remote
AGID_WORKSPACE_PATH~/.agidentity/workspace/Workspace files directory
AGID_SESSIONS_PATH~/.agidentity/sessions/Session transcript directory
AGID_MAX_ITERATIONS25Max tool-use iterations per request
AGID_MAX_TOKENS8192Max tokens per LLM response
AGID_REQUIRE_CERTSfalseReject messages from uncertified senders
AGID_ALLOW_UNAUTHENTICATEDfalseAllow unauthenticated HTTP endpoints
MESSAGEBOX_HOSThttps://messagebox.babbage.systemsMessageBox server URL
UHRP_STORAGE_URLhttps://nanostore.babbage.systemsUHRP storage endpoint
Tool
Description
agid_identityGet agent's public key, network, and message box status
agid_balanceCheck wallet balance in satoshis
agid_get_public_keyDerive protocol-specific keys via hierarchical key derivation
agid_get_heightGet current blockchain block height
agid_lookup_identityLook up people on the identity overlay network
Tool
Description
agid_signSign messages to prove authorship
agid_encryptEncrypt data for secure storage or communication
agid_decryptDecrypt previously encrypted data
agid_wallet_client_requestRequest user's Identity Client for cryptographic operations
agid_request_user_signatureRequest user signature to prove user authorship
Tool
Description
agid_create_actionCreate transactions with outputs, baskets, and tags
agid_internalize_actionAccept incoming transactions
agid_list_outputsList wallet outputs filtered by basket and tags
agid_send_paymentSend payments to another identity
agid_token_createCreate PushDrop tokens with arbitrary data fields
agid_token_listList tokens from wallet baskets
agid_token_redeemRedeem tokens to reclaim satoshis
Tool
Description
agid_cert_issueIssue identity certificates to other public keys
agid_cert_receiveReceive and store incoming certificates
agid_cert_listList certificates in wallet
agid_cert_verifyVerify serialized certificates cryptographically
agid_cert_revokeRevoke previously issued certificates
agid_cert_revealPublicly reveal selected certificate fields
agid_cert_check_revocationCheck on-chain revocation status
agid_cert_sendSend certificates via MessageBox
Zero-Knowledge Proofs (5 tools)
Tool
Description
agid_zkproof_privilegeProve privileged communication without revealing content
agid_zkproof_verifyVerify a zero-knowledge proof
agid_zkproof_selective_revealReveal one session's key without exposing others
agid_zkproof_commitmentCreate tamper-evident content commitment anchored on-chain
agid_zkproof_verify_commitmentVerify content matches a previous commitment
Tool
Description
agid_message_sendSend encrypted messages via MessageBox
agid_message_listList messages in a box (auto-decrypted)
agid_message_ackAcknowledge processed messages
agid_list_paymentsList pending incoming payments
agid_accept_paymentAccept incoming payments
Tool
Description
agid_store_memoryEncrypt and store memories on-chain
agid_recall_memoriesRecall with optional semantic search
shad_deep_recallRLM deep reasoning over stored memories
shad_search_memoriesFast hybrid keyword + semantic search
Tool
Description
agid_verify_workspaceVerify workspace file integrity against on-chain anchor
agid_verify_sessionVerify session anchor chain integrity
Tool
Description
agid_mandala_create_projectCreate a new project on a Mandala Node
agid_mandala_list_projectsList projects the agent has access to
agid_mandala_project_infoGet detailed project info
agid_mandala_deployCreate deployment and get upload URL
agid_mandala_update_settingsUpdate project settings and environment
agid_mandala_project_logsView project and resource logs
agid_mandala_manage_adminsAdd, remove, or list project admins
agid_mandala_node_infoGet public node info
Tool
Description
execRun shell commands with background process support
processManage background processes (poll, send-keys, submit)
Tool
Description
readRead a file with optional line range
writeWrite or create a file
editReplace text in a file
apply_patchApply unified diff patches
Tool
Description
browserControl headless Chromium (navigate, click, type, screenshot, evaluate)
Tool
Description
agid_optimize_promptEvolutionary prompt optimization
The agent's persona and context are defined by workspace files in ~/.agidentity/workspace/:
File
Purpose
SOUL.mdCore persona, behavioral rules, and values
IDENTITY.mdAgent's self-description and capabilities
TOOLS.mdTool usage guidelines and preferences
MEMORY.mdPersistent memory context across sessions
These files are loaded into the system prompt on every request. Edit them to shape the agent's behavior.
Endpoint
Auth
Description
GET /No
Health check (status, public key, model, uptime)
GET /healthNo
Health check
/identity/*Mutual auth
Identity operations
/vault/*Mutual auth
Vault storage operations
/team/*Mutual auth
Team vault operations
All wallet operations are executed in-process via the plugin registry — no external API surface for wallet actions.
docker build -t agid .
docker run -d \
-p 3000:3000 \
-v agid-data:/data \
-e AGENT_PRIVATE_KEY=< key> \
-e ANTHROPIC_API_KEY=< key> \
-e TRUSTED_CERTIFIERS=< keys> \
agid src/
├── plugins/ # Plugin system (types, registry, API, loader)
│ └── builtin/ # 11 builtin plugins (57 tools)
├── agent/ # Agent loop, prompt builder
│ └── tools/ # Legacy tool index (migrated to plugins)
├── audit/ # Signed audit trail, anchor chains
├── config/ # Configuration loading
├── encryption/ # Encryption helpers
├── gateway/ # MessageBox gateway, agent orchestration
├── identity/ # Certificate verification
├── integrations/ # PeerCert, GEPA, RLM, Mandala
├── messaging/ # MessageBox client, AuthSocket
├── server/ # Authenticated HTTP server
├── startup/ # First-run interactive setup
├── storage/ # Vaults, UHRP, memory manager
├── wallet/ # Identity Client adapter, PushDrop ops
├── types/ # Shared TypeScript types
├── start.ts # Gateway entry point
└── index.ts # Public API exports
packages/
└── openclaw-plugin/ # @agid/openclaw-plugin — standalone OpenClaw package
npm run build # Compile TypeScript# Watch modetest # Run tests (vitest)# Watch mode tests# ESLint# Prettier
Authentication : Mutual authentication for all HTTP endpointsEncryption : ECDH end-to-end encryption for all MessageBox communicationKey Derivation : Per-counterparty hierarchical key derivationAt-Rest Encryption : AES-256-GCM for local vault storageAudit : Cryptographic hash chains with on-chain Merkle root anchoringCertificate Enforcement : Optional mode to reject uncertified sendersNo External Wallet API : All wallet operations are in-process only
Open BSV License
Built by BINARY.