The Problem Nobody's Solving
Every time your AI agent starts a new session, it forgets who it is.
Not in the "lost my context window" sense — in the identity sense. There's no way to prove that the agent handling your portfolio today is the same one that ran your analysis yesterday. No continuity. No chain of custody. No proof.
Logs say it's the same agent. But logs are mutable. Configuration says it's the same agent. But configuration can be swapped. The agent claims it's the same one. But claims are cheap.
For autonomous agents making real decisions — executing trades, deploying code, managing infrastructure — "trust me, I'm the same agent" doesn't cut it.
What We Built
Session Continuity Certificates (SCC) — an open standard for cryptographic agent identity continuity.
Every time an agent starts a new session, it creates a certificate:
import { generateKeyPair, createGenesisCert, createContinuationCert } from 'botindex-scc';
const keys = generateKeyPair();
// First session ever — genesis certificate
const genesis = createGenesisCert('my-agent/v1', keys.secretKey, {
capabilities: ['web_browse', 'code_execute', 'api_call'],
runtime: 'autogpt/0.6',
platform: 'aws'
});
// Next session — chains to previous
const session2 = createContinuationCert(genesis, keys.secretKey);
const session3 = createContinuationCert(session2, keys.secretKey);
Each certificate is:
- Signed with Ed25519 (same crypto as SSH keys)
- Hash-linked to the previous certificate (like a mini blockchain)
- Independently verifiable by anyone (no central authority)
- Tiny (~500 bytes)
The Chain
Session 0 (genesis)
↓ sha256 hash
Session 1
↓ sha256 hash
Session 2
↓ sha256 hash
Session 3 (current)
To verify an agent's identity, walk the chain backwards. If every link checks out — signatures valid, hashes match, sequence numbers increment — you know this is the same entity that started at genesis.
Break any link, and the chain fails. No silent substitution possible.
Key Rotation Without Identity Loss
Long-lived agents need to rotate keys. SCC handles this without breaking the chain:
import { createRotationCert } from 'botindex-scc';
const newKeys = generateKeyPair();
const rotated = createRotationCert(
currentCert,
oldKeys.secretKey,
newKeys.secretKey,
'scheduled_rotation'
);
The old key signs the new key as authorization. The new key signs the certificate. Verifiers can confirm the rotation was legitimate. Identity survives.
Trust Levels
Not all agents are equally trustworthy. SCC provides a framework:
| Level | Criteria | Meaning |
|---|---|---|
genesis |
1 session | Brand new, minimal trust |
established |
10+ sessions | Has operational history |
mature |
100+ sessions, 30+ days | Long-running, reliable |
rotated |
Survived key rotation | Demonstrates security hygiene |
import { verifyChain } from 'botindex-scc';
const result = verifyChain(certificates);
// { valid: true, length: 47, trustLevel: 'established', errors: [] }
Automated trust decisions based on verifiable history, not self-reported claims.
The Full Trust Stack: AAR + SCC
SCC is the companion to Agent Action Receipts (AAR) — our open standard for proving what an agent did.
Together:
| Standard | Proves | Question |
|---|---|---|
| AAR | What happened | "Did the agent really execute this trade?" |
| SCC | Who did it | "Is this the same agent I trusted last week?" |
| AAR + SCC | Both, bound | "This verified agent performed this verified action" |
The binding is a single field — sccHash in any AAR receipt:
{
"agentId": "my-agent/v1",
"action": { "type": "api_call", "target": "https://exchange.com/trade" },
"sccHash": "sha256:a3f8b2c1d4e5...",
"signature": "..."
}
One hash. Verifiable action bound to verifiable identity.
Why This Matters Now
Three things are converging:
Agents are getting autonomous. AutoGPT, CrewAI, LangGraph, MetaGPT — agents that act without human approval on every step.
Money is flowing through agents. x402 (HTTP 402 payment protocol), Stripe agent billing, crypto settlement — agents are spending real money.
Regulation is coming. FINOS AI Governance Framework, NIST AI RFI, EU AI Act — all requiring agent accountability and audit trails.
SCC + AAR is the trust infrastructure these systems need. Not a product — a protocol. Anyone can implement it, verify it, extend it.
Get Started
TypeScript:
npm install botindex-scc botindex-aar
Python:
pip install botindex-scc botindex-aar
Spec:
Live implementation: api.botindex.dev — every response carries both SCC identity and AAR action receipts.
Zero vendor lock-in. CC BY 4.0 spec. MIT SDKs. Ed25519 + SHA-256 — crypto that's been battle-tested for decades.
Your agent's identity shouldn't reset every time it restarts. Now it doesn't have to.
Top comments (0)