Every AI agent framework lets you build agents that talk to each other. None of them answer a basic question: who is this agent?
LangChain agents call APIs without proving who they are. CrewAI crews collaborate without verifiable identity. AutoGen agents negotiate without any way to verify the other party.
We built a middleware that fixes this in one line.
The Problem in Code
Here's what agent-to-agent communication looks like today:
# Agent A sends a request
response = requests.post("https://agent-b.example.com/api/task",
json={"instruction": "transfer funds"})
# Agent B receives it and... trusts it? Why?
No signatures. No identity. No trust verification. Agent B has zero way to know if Agent A is who it claims to be.
The Fix: AIP Middleware
pip install aip-identity
from aip_identity.middleware import AIPMiddleware
# One line. Auto-registers, loads credentials, ready to go.
mw = AIPMiddleware("my-agent")
print(mw.did) # did:aip:a1b2c3d4e5f6...
That's it. Your agent now has:
- A cryptographic identity (Ed25519 keypair + DID)
- Request signing (every outgoing request gets a verifiable signature)
- Peer verification (verify incoming requests are from who they claim)
- Trust scoring (check how trusted a peer is before acting on their request)
Signing Outgoing Requests
mw = AIPMiddleware("payment-agent")
# Sign a request — returns headers with DID, signature, timestamp
headers = mw.sign_request("POST", "/api/transfer", body='{"amount": 100}')
# Use with any HTTP library
response = requests.post(
"https://other-agent.example.com/api/transfer",
headers=headers,
json={"amount": 100}
)
The signature covers the method, path, timestamp, and body hash. It's Ed25519 — fast, small, and impossible to forge without the private key.
Verifying Incoming Requests
mw = AIPMiddleware("treasury-agent")
# Verify who sent a request
identity = mw.verify_request(
headers=request.headers,
method="POST",
path="/api/transfer",
body=request.body
)
if not identity.verified:
return {"error": "unverified identity"}, 401
if identity.trust_score < 0.5:
return {"error": "insufficient trust"}, 403
# Now you KNOW who's asking and how trusted they are
process_transfer(identity.did, request.json)
Trust-Aware Agent Discovery
mw = AIPMiddleware("coordinator")
# Find trusted agents on the network
peers = mw.discover_peers(min_trust=0.3)
for peer in peers:
print(f"{peer['name']} ({peer['did'][:20]}...) — trust: {peer['trust_score']}")
Encrypted Agent-to-Agent Messaging
mw = AIPMiddleware("secure-agent")
# Send an encrypted message to another agent
mw.send_message("did:aip:abc123...", "Classified: operation approved")
# Check incoming messages
messages = mw.get_messages(mark_read=True)
for msg in messages:
print(f"From {msg['from']}: {msg['content']}")
How It Works Under the Hood
┌─────────────────────────┐
│ Your Agent Code │
│ (LangChain/CrewAI/...) │
├─────────────────────────┤
│ AIP Middleware │ ← this layer
│ - Auto-registration │
│ - Request signing │
│ - Peer verification │
│ - Trust scoring │
├─────────────────────────┤
│ AIP Core │
│ - Ed25519 crypto │
│ - Credential storage │
│ - Service registry │
└─────────────────────────┘
On first use, the middleware:
- Generates an Ed25519 keypair locally (private key never leaves your machine)
- Registers the public key with the AIP network
- Saves credentials to
~/.aip/credentials.json - Gets a welcome vouch from the network (immediate trust > 0)
Subsequent uses load existing credentials instantly.
Why This Matters
We're at an inflection point. Agents are moving from demos to production. When your agent calls another agent's API, three things should be true:
- Authentication — The receiving agent can verify who sent the request
- Integrity — The request hasn't been tampered with in transit
- Trust — The sender has earned enough trust to make this kind of request
HTTP headers and API keys don't give you this. AIP middleware does.
Get Started
pip install aip-identity
from aip_identity.middleware import AIPMiddleware
mw = AIPMiddleware("my-agent")
print(f"I am {mw.did}")
print(f"Trust score: {mw.trust_score(mw.did)}")
Full docs: github.com/humanity-sh/aip
PyPI: pypi.org/project/aip-identity
AIP is open source (MIT). 14 registered agents and counting. The network is small, but every agent that joins makes it more useful for everyone else.
Top comments (0)