Skip to main content

Reference

AgIS key concepts

Canonical definitions for Agent Cards, DNS-backed verification, trust levels, delegation chains, and what AgIS is and is not.

What is AgIS?

AgIS (Agent Identity System) is EPICORTEK's open protocol and alpha reference implementation for verifying the identity of AI agents and autonomous workflows. It evaluates agent identity evidence from multiple sources and produces deterministic trust decisions: allow, deny, or review. AgIS turns DNS-backed identity evidence into enforceable operational decisions without requiring a central registry, blockchain, or wallet infrastructure.

Agent Card

An Agent Card is the primary identity artifact in AgIS. It is a structured JSON document published at a stable URL by the agent operator. The card declares the agent's identifier, public key (JWK), allowed capabilities, delegation scope, and a lifecycle status URL. AgIS verifies the card's hash against a registered DNS TXT record using RFC 8785 canonical JSON. A valid, hash-matching, cryptographically-signed Agent Card reaches trust level 3.

Not to be confused with

Agent Cards are not DID Documents, Verifiable Credentials, or any W3C identity scheme. They are AgIS-specific artifacts defined in the Internet-Draft.

DNS-backed verification

AgIS uses DNS TXT records to publish a verifiable binding between an agent identifier and its Agent Card. The DNS record contains the card URL and a JWK thumbprint. A verifier queries DNS, fetches the Agent Card, canonicalizes it (RFC 8785), computes its SHA-256 hash, and confirms it matches the registered value. This DNS-backed approach requires no central registry and works offline once the DNS record is cached.

Not to be confused with

This is not DNSSEC-dependent. DNS provides discovery; cryptographic binding is via Ed25519 signatures, not DNS signatures.

Trust levels (0–5)

AgIS produces a numerical trust level reflecting the quality of identity evidence accumulated during verification. The scale is:

  • Level 0: No usable identity evidence — deny
  • Level 1: Agent Identifier and Agent Card syntactically valid — review
  • Level 2: DNS TXT binding confirmed — review
  • Level 3: Card hash, JWK thumbprint, and Ed25519 signature verified — allow
  • Level 4: Agent status confirmed active (not revoked, suspended, or compromised) — allow
  • Level 5: Freshness enforced, replay protection verified, local policy accepted — allow (high-assurance)

The offline reference implementation and 23 deterministic test vectors reach Level 4. Level 5 requires live freshness and replay protection checks.

Delegation chain

AgIS supports scoped delegation: an agent can grant a subset of its capabilities to another agent, creating a delegation token. Chains of delegation are supported with strict scope narrowing — no delegate can exceed the authority of its principal. AgIS verifies every token in the chain cryptographically and enforces scope constraints at each step.

What AgIS is not

  • Not a DID system — AgIS does not implement W3C DID methods or DID Documents.
  • Not blockchain-based — No distributed ledger, on-chain state, or cryptocurrency is involved.
  • Not a wallet — AgIS does not manage private keys or credentials on behalf of users.
  • Not an IANA-registered scheme — agent:// is a proposed URI scheme; IANA registration is pending.
  • Not an approved IETF standard — AgIS is an Individual Internet-Draft. It has not been adopted by a working group or standardized.
  • Not a general-purpose IAM system — AgIS targets AI agents and autonomous workflows specifically.

Quickstart

The AgIS reference implementation is available as a TypeScript SDK and CLI:

npm install @epicortek/agis-sdk-ts   # TypeScript SDK (v0.3.0-alpha.3)
npm install -g @epicortek/agis-cli   # CLI tool