Story

Hi HN,

I built Agent Passport, an open-source identity verification layer for AI agents. Think "Sign in with Google, but for Agents."

The problem: AI agents are everywhere now (OpenClaw has 180K+ GitHub stars, Moltbook had 2.3M agent accounts), but there's no standard way for agents to prove their identity. Malicious agents can impersonate others, and skill/plugin marketplaces have no auth layer. Cisco's security team already found data exfiltration in third-party agent skills.

Agent Passport solves this with: - Ed25519 challenge-response authentication (private keys never leave the agent) - JWT identity tokens (60-min TTL, revocable) - Risk engine that scores agents 0-100 (allow/throttle/block) - One-line verification for apps: `const result = await passport.verify(token)`

It's fully open source (MIT), runs on free tiers ($0/month), and has a published npm SDK.

GitHub: https://github.com/zerobase-labs/agent-passport Docs: https://github.com/zerobase-labs/agent-passport/blob/main/do... Live demo: https://agent-passport.vercel.app

Built this because I kept seeing the same security gap in every agent platform. Happy to answer questions about the architecture or the agent identity problem in general.