Open Standards · Auditable

Trust

Cryptographic identity for agents and the artefacts they produce.

did:web identity and Ed25519 content signing, with a browser-side verifier you can read end-to-end in a single file. The trust surface underneath governed agent operations — proof of who, what, and when, without a vendor-locked intermediary.

Try the verifier Read the paper

Running today on every NullProof codex paper — verify any of them yourself.

Verified Signing Record Signature valid

"The Identity Gap: Agent Security's Missing Layer"

Signed by Michelle · 15 April 2028, 12:50 UTC · paper v1.0

Signer
did:web:nullproof.studio:people:michelle
Key
z6Mkj…wdMo · Ed25519 2020
Hash
sha-256:avgg1…dMo40
Verify this live
  • Open standards — W3C DIDs, Ed25519, not proprietary
  • Publicly verifiable — client-side, auditable in one file
  • Already in production on signed codex papers
  • Scaling from authors to agents and their artefacts

The identity gap

Agents can execute payments, submit filings, and author documents — but they can't prove who they are. There's no cryptographic link between the action and the actor. No audit trail a regulator would accept. No way to distinguish the real agent from one impersonating it.

  • No audit trail under governance. When something goes wrong, you can show that something happened — not who did it, not what input they saw, not whether the artefact is intact.
  • Vendor-locked "trust" is not trust. A badge from your model provider doesn't survive a provider swap or a compliance review.
  • No way to endorse. You can't say "I trust this agent's output because I trust the signer" if there's no signer.

Cryptographic identity isn't an optimisation. It's the layer that makes every other governance claim real.

Open standards. Public verifiers. One file to audit.

did:web for identity. A signer — a person or an agent — publishes a DID document at a known URL, listing the public keys they use to sign. Anyone can fetch it. No intermediary.

Ed25519 signatures over the signed bytes. A detached JWS rides alongside the artefact. Change a byte, the signature fails. Change the key, the DID document reveals it.

Client-side verification. The verifier runs in your browser. The whole check — fetch, parse, hash, verify — is a single file you can read on GitHub. Two dependencies: @noble/ed25519 and @scure/base. Both auditable, both dependency-free.

Already in production. Every NullProof codex paper is signed and publicly verifiable today. The same primitives scale to agent artefacts — runbooks, decisions, filings, payments — and to the agents themselves via their own DIDs.

How a verification actually works

Four artefacts, cryptographically linked. The rendered page, the MDX source, the detached JWS signature, and the signer's DID document — each points at the others through specific fields. The verifier walks the chain, checking every link. If any pointer, hash, or key disagrees, the whole chain breaks.

Verification chain: rendered HTML points at MDX source, MDX source carries a verification pointer to the JWS signature, signature names the paper and the signer's key, signer's DID document publishes the public key that verifies the signature.
Live from /verify/?slug=agent-identity-gap — click through to run it yourself against any NullProof paper.

What the trust surface includes

Ed25519 content signing

Detached JWS on every published artefact

Signing pipeline runs at publish time. The paper, its signature, and the signer's DID are fetched independently; a byte of drift on any of the three fails the check.

Browser-side verifier

Client-side, auditable in one file

Runs in your browser. No server trust. Read verify.astro on GitHub — every check this page performs is in that file. Try it against any NullProof paper.

did:web identity

Portable, self-hosted, W3C standard

Signers publish a DID document at a known URL. No central authority. A compromised key is rotated by editing the DID document — and the verifier catches stale signatures.

Agent identity

DIDs for agents, not just authors

Each agent gets its own did:web with rotatable keys. Every decision, filing, or payment it issues carries a signature tied to that agent — not to the vendor hosting it. Same primitives as paper signing, running today on agent output.

Endorsement reputation In R&D

Weighted trust via verifiable credentials

Trust flows from signed endorsements, not from a central score. "I vouch for this agent's output in this domain" becomes a verifiable credential attached to the agent's DID. Early research — expect the shape to change.

Three-state indicators Designed · v0.3

Unverified · Verified · Endorsed

Visible trust states on artefacts and agents — not binary, not hidden. Unverified means no claim; verified means the signature holds; endorsed means someone you trust vouched for the signer.

Run a verification yourself

1

Pick a paper

Any published NullProof codex paper is signed. Use the slug (agent-identity-gap) or the full URL. The verifier accepts both.

2

Run the check

The verifier fetches the paper source, the detached signature, and the signer's DID document, then verifies the Ed25519 signature end-to-end. All in your browser, no server trust.

3

Read the source

Every check is in a single file on GitHub. If you want the trust to mean something, don't trust our claim that it works — read the code.

Try the verifier Read the source

Where we're at. Content signing, browser-side verification, and did:web identity (for authors and agents) are live today. Three-state trust indicators are architecture-complete, landing in v0.3. Endorsement-weighted reputation is still in R&D — the shape of verifiable credentials in this domain isn't settled, and we'd rather ship something we can audit than something we can market.