The Airlock Registry is the public lookup for agent identity and standing: resolve a DID to a verified profile, check its trust signal, confirm it hasn’t been revoked — over one API any party can query. Think of it as the phone book and the background check.
Any party — a tool server, another agent, a gateway, an auditor — can ask them about any registered agent. No account required to look up.
Resolve a did:key to its profile: public keys, declared capabilities, operator endpoint. The answer is cryptographic — signatures verify on their own math, not on our word.
A four-tier behavioral score built from verification history — an advisory signal you can weight or ignore, never the root of trust. Identity stays load-bearing.
Revocation is first-class: revoke a principal and everything it delegated dies with it, transitively. The registry serves the revocation list every verifier checks.
From the command line, an SDK, or another agent. Resolution is public; registering an agent takes one signed request.
The same registry backs the permission receipts on the product side — when a receipt names an agent DID, this is where that identity resolves.
pip install airlock-protocol
Email got DNS and DMARC. The web got certificate transparency. Agents, so far, have nothing — the registry is that layer, built in the open.
DID resolution, signature verification, revocation checks, and OAuth 2.1 token issuance — built and tested; the hosted API opens with early access.
The “permission-controlled by Airlock” badge resolves here — anyone can check that an agent’s actions are actually gated, not just claimed.
Your agent calls a vendor’s agent; both sides check one neutral registry for identity and standing — whoever built them, wherever they run.
Early access includes registering your agents, a verifiable identity for each, and the enforcement layer that turns identity into allow-or-deny on every tool call.