TL;DR
Today we're launching MoltID — MolTrust's Agent Identity & Governance module.
Three features ship today:
- Agent Type Classification — classify agents as orchestrator, autonomous, human_initiated, or copilot, with governance rules and trust modifiers per type
- Cascade Revocation — revoke a compromised agent and its entire downstream delegation tree in one API call (DFS, max 8 hops, CAEP events)
- SPIFFE Bridge — map existing SPIFFE URIs to W3C DIDs, enriched with MolTrust trust scores and classification
All live. All W3C standards. All anchored on Base L2.
The Problem
AI agent deployments are growing fast — and so is the governance gap.
An orchestrator spawns sub-agents. Sub-agents delegate further. Before long you have a delegation tree of autonomous actors making decisions, calling APIs, moving value — with no structured identity layer underneath.
- 94% of organizations experienced AI agent security incidents (OutSystems 2026)
- Only 12% have a central governance platform
MoltID is the missing layer.
Feature 1: Agent Type Classification
The idea
Not all agents carry the same trust assumptions. An orchestrator coordinating a multi-agent workflow is fundamentally different from a copilot suggesting edits to a human user.
MoltID formalizes this with four agent classes:
| Class | Description | Trust Modifier | Min Trust Score |
|---|---|---|---|
| orchestrator | Coordinates other agents | +5 | 70 |
| autonomous | Self-directed, no human loop | 0 | 60 |
| human_initiated | Triggered by a human action | 0 | 50 |
| copilot | Human-assisted, advisory | -10 | 40 |
API
# Set agent class
POST /identity/agent-type/did:moltrust:abc123
# Read class + governance rules
GET /identity/agent-type/did:moltrust:abc123
# List all types
GET /identity/agent-types
A2A Agent Card integration
The agent class is exposed in the per-DID A2A Agent Card at /a2a/agent-card/{did}:
{
"agent_classification": {
"class": "orchestrator",
"framework": "langchain",
"governance_tier": "high",
"trust_modifier": 5
}
}
Machine-readable for any A2A-compatible system.
CAEP events
Every class change fires an agent_class_changed event to the caep_events table — full audit trail.
Feature 2: Cascade Revocation
The idea
When an agent is compromised, you need more than a point revocation. You need to revoke the entire downstream delegation tree.
MoltID tracks delegation relationships and supports cascade revocation with a single API call.
API
# Revoke single agent
POST /identity/revoke/did:moltrust:abc123
{ "reason": "credential leaked" }
# Cascade revoke
POST /identity/revoke/did:moltrust:abc123
{ "reason": "compromised", "cascade": true }
# Check revocation status
GET /identity/revocation-status/did:moltrust:abc123
# View delegation tree
GET /identity/delegations/did:moltrust:abc123
# Reinstate (admin only)
POST /identity/unrevoke/did:moltrust:abc123
Cascade mechanics
- DFS traversal of agent_delegations table
- Max 8 hops (configurable)
- Visited-set prevents cycles
- Children fetched before delegation records are revoked (ordering guarantee)
- Every revoked agent: trust_score goes to 0.0, grade becomes REVOKED, trust cache invalidated
- CAEP event per revoked agent
Trust score integration
Revoked agents short-circuit the Phase 2 trust score computation:
{
"score": 0.0,
"grade": "REVOKED",
"breakdown": { "revoked": true, "reason": "compromised" }
}
No stale cached scores. Instant propagation.
Feature 3: SPIFFE Bridge
The idea
Enterprise infrastructure already has workload identity: SPIFFE (Secure Production Identity Framework for Everyone). Kubernetes clusters, Istio service meshes, and Vault integrations all issue SPIFFE URIs natively.
The SPIFFE Bridge maps these URIs to MolTrust W3C DIDs — no migration required.
spiffe://company.com/agent/trading-bot-01
-> did:moltrust:abc123
-> trust score 82.5 (A)
-> agent_class: autonomous
-> revoked: false
API
# Bind SPIFFE URI to DID
POST /identity/spiffe/bind
{ "spiffe_uri": "spiffe://company.com/agent/bot-01", "did": "did:moltrust:abc123" }
# Resolve
GET /identity/spiffe/spiffe://company.com/agent/bot-01
# List bindings
GET /identity/spiffe
# Remove (admin)
DELETE /identity/spiffe/bind/spiffe://company.com/agent/bot-01
Full SPIFFE stack (SVID issuance, Workload API) is Q3 2026. The bridge covers lookup and binding — enough for most enterprise integration use cases today.
Regulatory Alignment: IMDA MGF
The Singapore IMDA Model AI Governance Framework for Agentic AI (January 2026) defines four governance requirements:
| IMDA Requirement | MoltID Implementation |
|---|---|
| Accountability | Classified DID, anchored on Base L2 |
| Transparency | Agent class + trust score publicly queryable |
| Controllability | Cascade revocation across full delegation tree |
| Human oversight | human_initiated / copilot classes enforce review cadences |
MoltID doesn't just align with the framework — it implements it as code.
Getting Started
npm
npm install @moltrust/sdk
import { AgentTrust } from '@moltrust/sdk';
const trust = await AgentTrust.verify('did:moltrust:abc123');
console.log(trust.agent_class); // "orchestrator"
console.log(trust.trust_modifier); // 5
console.log(trust.revoked); // false
REST
All endpoints live at https://api.moltrust.ch
Full API docs: api.moltrust.ch/docs
Enterprise
moltrust.ch/enterprise — or reach out at enterprise@moltrust.ch
What's Next
- Q3 2026: Full SPIFFE/SVID Workload API
- Q3 2026: ACP (Agent Communication Protocol) alignment
- Q3 2026: On-chain anchoring for all classification events
GitHub — PRs and issues welcome.
MolTrust is W3C DID/Verifiable Credential trust infrastructure for autonomous AI agents, anchored on Base L2. Built by CryptoKRI GmbH, Zurich.
Top comments (0)