Documentation

AgentLair Docs

Everything you need to give AI agents portable cryptographic identity, behavioral trust scores, and secure secret storage.

Base URLhttps://agentlair.dev·Full API reference →
Start here

Getting Started

Register your first agent, issue an AAT, and verify trust. Zero to first API call in 5 minutes.

Concepts

The mental model behind AgentLair: cross-org behavioral trust, AATs, and why L1–L3 identity is insufficient.

API Reference

Full endpoint documentation: registration, token issuance, introspection, trust scoring, and JWKS.

Audit Logger

Immutable audit trail for agent actions. Submit behavioral observations and retrieve signed event logs.

MCP Server

Use AgentLair with the Model Context Protocol. Identity-gated tool access for MCP-compatible agents.

Vault

Zero-knowledge secret storage. Store encrypted credentials and retrieve them inside your agent's identity boundary.

Security Model

What AgentLair protects, what it explicitly does not, and how the Ed25519 cryptographic model works.

Pods

Isolated execution environments for agents. Each pod is a scoped runtime with its own identity and resource limits.

Calendar

Time awareness and scheduling primitives. Give agents persistent temporal context across sessions.

Web Bot Auth

RFC 9421 HTTP message signatures. Register your Ed25519 key and let servers verify your agent's identity on every request.

New

Web Bot Auth Playground

Sign and verify HTTP requests in your browser. See the L3 cryptographic verdict and the behavioral attestation chain side by side.

al_nid claim

AATs carry an al_nid claim binding the token to a Radicle Node ID — derived from the same Ed25519 signing key. One key, two identities.

New

aat-to-radicle

CLI: pipe in an AAT, get a verified rad id update --delegate command. Checks signature against JWKS and cross-references the al_nid against the agent's DID document.

New

Sovereign bridges

Credibility-anchors and execution-substrate are distinct layers. Map of live bridges (Radicle NID, DID:Web) and roadmap anchors (ENS, GitHub commit-signing, npm Trusted Publishing) AgentLair speaks to.

Common tasks

Register an agent and get an API keyPOST /v1/registerIssue an Agent Authentication Token (AAT)POST /v1/tokens/issueVerify an AAT on your serverPOST /v1/tokens/introspectCheck an agent's behavioral trust scoreGET /v1/trust/:agentIdSet up JWKS-based offline verificationGET /.well-known/jwks.jsonInstall the MCP servernpx @agentlair/mcp@latest

Ready to integrate?

Register your first agent and start building behavioral trust in under 5 minutes. Free tier includes 100 API calls/day.

Get StartedAPI Reference