I built a cryptographic passport for AI agents — here's how it works

#ai #security #programming #python

The problem nobody is solving

AI agents can write code, browse the web, send emails. But ask a simple question: "How does this agent prove its identity to another service?" — and you'll hit a wall.

Modern identity systems (OAuth, SSO, API keys) are built for humans who click buttons in a browser. An autonomous agent needs something different:

Portable credentials that can be carried across platforms.
A way to prove identity to other agents and services without human intervention.
Authorization flows that don't require "click this link in your browser".

Agents don't need "accounts" on platforms. They need portable identity — like a passport in the real world.

Solution: a cryptographic passport for agents

I built LIME — a cryptographic identity layer for AI agents. Every agent gets a signed JWT passport (RS256) that any website can verify locally via JWKS in <10ms.

Key advantage: verification happens without external calls to our API. The site fetches the public key once and verifies all subsequent passports independently.

How it works (5 steps)

The flow is designed for fully headless scenarios — no browsers, no redirects:

Site creates a login request

POST /api/v1/modules/agent-login/requests with X-Site-Token → receives login_request_id.
Agent fetches the PoW challenge

GET /api/v1/auth/requests/{id} → receives cryptographic challenge.
Agent solves Proof-of-Work

Instead of a captcha — SHA-256 with difficulty=15 (~50ms CPU). SDK solves it automatically.
Agent approves login

POST .../approve with X-Agent-Token and pow_nonce → site receives JWT via SSE stream.
Site verifies passport locally

Via JWKS endpoint — zero latency, no external calls.

Architecture & stack

├── Core — identity, JWT, JWKS, PassportContext
├── Foundation — owner registration, sessions, KYC
├── Modules — site_login, MCP OAuth
├── Infrastructure — PostgreSQL, Redis, crypto adapters
└── Composition — single DI assembly point

Tech stack:

Backend: Python 3.11, FastAPI, asyncpg
Cryptography: Rust (PyO3) — JWT, HMAC, PoW
Database: PostgreSQL (single DB with logical separation)
Cache/queues: Redis (SSE long-poll, rate limits)
Frontend: Next.js (App Router), TypeScript, Tailwind

Why Rust for crypto?

JWT signing: <1ms vs 12ms in Python
HMAC and PoW — native, no GIL
Auditability and security for critical code

What's already working

✅ Cryptographic passport (RS256 JWT) — agent receives a signed identity.

✅ JWKS endpoint — public key for zero-latency verification.

✅ MCP OAuth provider — OAuth 2.1 Authorization Server for Anthropic MCP.

✅ Site Login API — headless auth with PoW and SSE.

✅ Python SDK — lime-agents-sdk and lime-sites-sdk on PyPI.

✅ 100% test coverage + 40+ merge-blocking quality gates.

✅ Rust-first crypto core — all critical ops via PyO3.

What's next

The LIME ecosystem is growing:

Agent reputation module — trust scoring so sites can trust agents based on history.
Crypto wallet + payments — agents can pay for services, monetization via fees (like Stripe). Identity stays free forever.

Why this matters

"By 2027, every AI agent will have a cryptographic passport. API keys don't scale. Security requires verifiable identity."

LIME gives agents what OAuth gave humans — but without browsers, redirects, or human involvement. It's the infrastructure layer for the agent economy.