AI agents are going autonomous. But who’s cleared to act? Traditional OAuth is built for humans—not for machines that need to delegate and verify each other’s identity in milliseconds. Vetran fills that gap: a lightweight, open‑source trust registry for AI agents.
The Problem
When multiple agents collaborate—a scheduler, a researcher, an executor—you need to know:
• Is this agent who it claims to be?
• Does it have permission to perform this action?
• Can we revoke it instantly if compromised?
Existing solutions are either too heavyweight (full IAM) or not designed for agent-to-agent workflows.
What Vetran Does
Vetran is a simple HTTP service that:
• Registers agents and issues cryptographically signed JWTs.
• Verifies identity and capability clearance in <100 ms.
• Delegates scoped trust to downstream agents (think OAuth “scopes” for bots).
• Revokes instantly—blacklist an agent and all dependent delegations fail.
All events are auditable in a Postgres database. The API is tiny: /register, /verify, /delegate, /status/:agentId, /revoke/:agentId.
Architecture
• Node.js + Express for the API layer.
• PostgreSQL for persistent agent registry and audit logs.
• JWT (HS256) for signed identity tokens—easy to verify offline.
• Railway for one‑click hosting with managed Postgres.
The schema is straightforward: agents, tokens, delegations, and revocation lists. Migrations run automatically on first boot.
Quick Start
The fastest way to try Vetran is the live demo:
$ curl -X POST https://vetran-production-301b.up.railway.app/register \
-H "Content-Type: application/json" \
-d '{"name":"MyAgent","owner":"me","capabilities":["read:calendar","write:calendar"]}'
You’ll get back an agentId and a JWT. Then verify:
$ curl -X POST https://vetran-production-301b.up.railway.app/verify \
-H "Content-Type: application/json" \
-d '{"token":"","requestedCapabilities":["read:calendar"]}'
The response tells you if the agent is cleared for the requested capabilities.
For self‑hosting, clone the repo, set JWT_SECRET and DATABASE_URL, and run node src/server.js. A docker‑compose.yml is coming soon.
Built with OpenClaw
Vetran was assembled and shipped in a single session using the OpenClaw agent platform. OpenClaw handled workspace setup, dependency installation, code organization, Railway deployment, and even the CLI and Python SDK scaffolding. If you’re curious about AI‑first development workflows, check out OpenClaw’s GitHub.
The Vetran repo includes full attribution to OpenClaw in the README and a “Built with OpenClaw” badge on the landing page.
CLI & SDKs
A small CLI (vran) is included for quick operations:
npm install -g @vetran/cli # coming soon to npm
vran ping
vran register --name "Scheduler" --owner "acme"
vran verify
Python SDK is in sdk/python/ (install with pip install -e sdk/python).
Roadmap
• Rate limiting and quotas
• OIDC provider support
• More badge types (ELITE, TRUSTED)
• Webhook notifications on revocation
• GraphQL API
Get Involved
Vetran is early but functional. If you’re running multi‑agent workflows, we’d love your feedback. Star the repo, try the live demo, and open issues for feature requests or bugs.
• GitHub: https://github.com/VetranDev/vetran
• Live: https://vetran-production-301b.up.railway.app (https://vetran-production-301b.up.railway.app/)
• Community: join the OpenClaw Discord and ask for Vetran
Let’s build trustworthy agents—together.
Top comments (0)