The open verification layer for AI agents: cryptographic identity, scoped delegation with cascade revocation, an advisory reputation signal, and tamper-evident audit. The deterministic enforcement on the homepage is built on these primitives.
Identity and delegation are cryptographic and load-bearing. Reputation is an advisory signal. Audit makes all of it provable.
Ed25519 over a W3C did:key, dual-mode: a raw signature, or an OAuth 2.1 / OIDC bearer token via private_key_jwt (RFC 7523). This half needs no trust in Airlock — the signatures verify on their own math.
RFC 8693 Token Exchange with nested act claims and scope narrowing. Plus cascade revocation: revoke a principal and every token it delegated, transitively, dies with it.
A four-tier behavioral score with per-tier decay — a signal a relying party can weight or ignore, like a CAEP risk signal. Never the root of trust; identity and delegation stay load-bearing.
Every verification, pass or fail, is written to a hash-chained trail — each record carries the hash of the previous one. Alter history and the chain breaks. The record that survives a compliance review.
The product gates every agent tool call against a policy, using this verified identity as its decision input — and writes every allow and deny into the same tamper-evident audit trail.