Envoys — Cryptographic identity for AI agents

[ 01 ] How It Works

Three steps.
Verifiable anywhere.

Agents self-register via the skill docs endpoint. No human copy-pasting required.

01 — once

Register

POST your name and receive an Ed25519 keypair. Private key returned once — store it securely. Public key permanently in the registry.

POST /agents/register

02 — every request

Sign

Sign outgoing HTTP requests using RFC 9421 with your private key. Your address URL is the keyid — the only credential recipients need.

agent.signRequest(method, path, body)

03 — any recipient

Verify

Recipients GET your keyid URL to fetch your public key and verify. No Envoys account. No shared secret. No prior setup required.

GET /agents/:address

[ 02 ] Playground

Verify it yourself.
In your browser.

No account, no API key, no install. Click the button — we'll sign a sample request, your browser will fetch the public key from the keyid URL and verify the Ed25519 signature with WebCrypto. Every step runs client-side; the spec is the contract.

[ 03 ] Capabilities

Everything identity needs.
Nothing it doesn't.

No messaging layer, no polling loop. The cryptographic primitive that sits below every agent protocol.

001

Ed25519 Keypairs

Keys are generated on your machine — only the public key is sent at registration, alongside a proof-of-possession the registry records as pop_verified. Envoys never sees a private key.

PKCS8 / SPKI PEM

002

Self-Resolving Keyid

Your address URL is your keyid. Any party receiving a signed request can GET it to retrieve your public key — no prior knowledge of Envoys required.

envoys.me/agents/<address>

003

Graceful Key Rotation

Request a rotation; on next startup the agent calls GET /agent/keys, generates a fresh keypair locally, and confirms. The registry swaps keys atomically and logs both validity periods.

pull-based, client-side keygen

004

Custom Domains

Verify ownership via DNS TXT record. Agents register addresses like [email protected] — your brand, Envoys infrastructure.

DNS TXT verification

005

Verified Handles

Anchor your handle to a real-world domain via DNS TXT. Resolvers see verified_handle: { domain } in responses — the closest envoys comes to a real-world identity claim, without manual KYC.

_envoys-handle.<domain>

006

Rotation Transparency

Every key ever bound to an address is queryable via /key-history. Verifiers detect silent rotations; a CRL-style /revocations feed lets cached pins invalidate cleanly.

append-only key log

[ 04 ] Integration

Two SDKs.
Or plain HTTP.

Official Node.js (@envoys/sdk) and Python (pip install envoys) SDKs, or plain HTTP. The signing primitives work with any language.

// npm install @envoys/sdk
import { Envoys } from '@envoys/sdk'

// One-time setup — run once, store the result
const { client, result } = await Envoys.register({
  accountKey: process.env.ENVOYS_ACCOUNT_KEY,
  name:       'playground',
})

// Save to persistent storage immediately — shown once
console.log(result.address)    // [email protected]
console.log(result.agentKey)   // agt_...
console.log(result.privateKey)  // -----BEGIN PRIVATE KEY-----...
console.log(result.publicKey)   // -----BEGIN PUBLIC KEY-----...

// register() signs a proof-of-possession automatically — resolvers
// see pop_verified: true for this agent.

// On every startup — picks up any pending key rotation
const agent = Envoys.fromEnv()  // reads ENVOYS_AGENT_KEY / ADDRESS / PUBLIC_KEY / PRIVATE_KEY
await agent.syncKeys()        // updates keys in-place if rotated

// Build RFC 9421 signature headers for any outgoing HTTP request
const body    = { task: 'summarize', url: 'https://example.com/doc' }
const headers = agent.signRequest('POST', '/api/task', body)

// headers includes:
// Signature-Input: sig1=("@method" "@path" "content-digest");
//   keyid="https://envoys.me/agents/[email protected]";
//   created=1714000000;nonce="…"
// Signature:       sig1=:base64EdDSASig:
// Content-Digest:  sha-256=:base64Hash:

await fetch('https://api.peer.ai/task', {
  method:  'POST',
  headers: { ...headers, 'Content-Type': 'application/json' },
  body:    JSON.stringify(body),
})

// Recipient resolves the keyid URL, fetches public key, verifies.
// No Envoys account needed on the receiving end.

// Verify an incoming RFC 9421-signed request (SDK).
// Public-key pinning is ON by default — first-seen public key is
// auto-recorded per address; subsequent contact with a different key
// fails verification (catches account-compromise silent rotation).
const result = await Envoys.verifyRequest(
  req.method, req.path, req.headers, req.body,
  { allowlist: ['[email protected]'] }  // optional: only accept these senders
)

if (!result.verified) {
  return res.status(401).json({ error: result.error })
}

// Always populated even on failure — log "we tried to verify a request from X"
console.log(result.address, result.keyid, result.publicKey)

// If you've confirmed a rotation out-of-band, clear the pin:
// Envoys.resetPin('[email protected]')

// Or manually resolve + verify
const pubkey = await Envoys.resolvePublicKey(address)
const ok     = Envoys.verify(payload, signatureHeader, pubkey)

// Sign your /.well-known/agent.json with JWS so consumers can
// verify it hasn't been tampered with. EdDSA over Ed25519 (RFC 8037).
const card = {
  name:    'Echo Agent',
  url:     'https://echo.example.com',
  version: '1.0.0',
  skills:  [{ id: 'echo', name: 'Echo' }],
}

const jws = agent.signAgentCard(card)
// → "eyJhbGciOiJFZERTQSIsInR5cCI6IkpXVCIsImtpZCI6Imh0dHBzOi8vLi4uIn0.
//    eyJuYW1lIjoiRWNobyBBZ2VudCI....base64url payload....
//    .signature_bytes_base64url"

// Anyone — no Envoys account needed — verifies it.
// kid header points at your address URL; verifier resolves it.
const result = await Envoys.verifyAgentCard(jws)

if (result.verified) {
  console.log(`Card from ${result.address}`, result.card)
}

# Step 1 — Generate an Ed25519 keypair locally (private key never leaves)
openssl genpkey -algorithm ed25519 -out priv.pem
openssl pkey -in priv.pem -pubout -out pub.pem

# Step 2 — Create an account
curl -sX POST https://envoys.me/accounts/register \
  -H 'Content-Type: application/json' \
  -d '{"handle":"your-handle"}'

# → { "account_key": "ak_...", "handle": "your-handle" }

# Step 3 — Register an agent (send your public key, keep private key)
curl -sX POST https://envoys.me/agents/register \
  -H 'Authorization: Bearer ak_...' \
  -H 'Content-Type: application/json' \
  -d "{\"name\":\"playground\",\"public_key\":\"$(cat pub.pem)\"}"

# → { "address":      "[email protected]",
#     "agent_key":    "agt_...",
#     "public_key":   "-----BEGIN PUBLIC KEY-----...",
#     "pop_verified": false }

# Optional pop + pop_created fields prove key possession — the SDKs send them automatically

# Resolve any agent's public key — no auth required, anyone can verify
curl 'https://envoys.me/agents/[email protected]'

# → { "address": "...", "public_key": "-----BEGIN PUBLIC KEY-----...",
#     "pop_verified": true | false,
#     "verified_handle": { "domain": "...", "verified_at": ... } | null }

# Full key history — detect silent rotations against your pin
curl 'https://envoys.me/agents/[email protected]/key-history'

# → { "address": "...", "current_key": "...", "revoked": false,
#     "history": [{ "public_key": "...", "valid_from": ..., "valid_until": ..., "reason": "register" }, ...] }

# CRL-style feed — poll hourly, invalidate cached pins for any address that rotated
curl 'https://envoys.me/agents/revocations?since=1714000000000'

# → { "since": ..., "now": ..., "events": [{ "address": "...", "ts": ..., "event": "rotation" | "revocation" }] }

# Anchor your handle to a real-world domain (auth: account_key)
curl -sX POST https://envoys.me/accounts/me/verify-handle \
  -H 'Authorization: Bearer ak_...' \
  -H 'Content-Type: application/json' \
  -d '{"domain":"acme.com"}'

# → returns DNS TXT record to add at _envoys-handle.acme.com,
#   then POST /accounts/me/verify-handle/check to complete verification

[ 05 ] A2A Adapter

Drop-in identity
for A2A agents.

Google's Agent2Agent protocol defines how agents talk. Authentication is deliberately underspecified. @envoys/a2a is a thin adapter — signed JSON-RPC, framework-agnostic, three function calls.

// the gap

A2A delegates auth to the transport layer. The JSON-RPC body itself isn't signed — any agent can claim any identity unless you bolt on your own scheme. Replay protection is left as an exercise.

// the adapter

createA2AClient wraps RFC 9421 signing around outgoing calls. createA2AHandler verifies inbound signatures and parses the envelope. buildAgentCard publishes a discovery endpoint that declares the requirement.

// npm install @envoys/a2a
import { createA2AHandler } from '@envoys/a2a'

// Framework-agnostic. Returns { status, body } you write back.
const handle = createA2AHandler({
  onMessage: ({ sender, text }) => {
    // sender is cryptographically verified — not a header claim
    return `Echo from ${sender}: ${text}`
  },
})

app.post('/', async (req, reply) => {
  const out = await handle({
    method:  'POST',
    path:    '/',
    headers: req.headers,
    body:    req.body,
  })
  return reply.code(out.status).send(out.body)
})

import { Envoys }          from '@envoys/sdk'
import { createA2AClient } from '@envoys/a2a'

const envoys = Envoys.fromEnv()  // reads ENVOYS_* env vars

const a2a = createA2AClient({
  envoys,
  endpoint: 'https://other-agent.example.com/',
})

// One call — JSON-RPC envelope + RFC 9421 signing handled for you
const reply = await a2a.send('Hello, peer.')

console.log(reply.text)        // the verified response text
console.log(reply.taskId)      // A2A task id
console.log(reply.status)      // "completed"

import { buildAgentCard } from '@envoys/a2a'

// Publish at /.well-known/agent.json — A2A's discovery endpoint
const card = buildAgentCard({
  name:        'Echo Agent',
  description: 'Verifies sender identity, echoes the message.',
  url:         'https://echo.example.com',
  skills: [{
    id:   'echo',
    name: 'Echo',
  }],
  requireEnvoysSignature: true,  // declares spec /specs/signature/v1
})

app.get('/.well-known/agent.json', () => card)

// Optional: sign the card itself with JWS so consumers can
// verify the discovery document hasn't been tampered with.
const jws = envoys.signAgentCard(card)

[ 06 ] Access

Open SDK.
Open spec.

Free tier — five agents, thirty req/min, signing and verification with no caveats. The signature spec and SDK are public, so anyone can register an agent or build a verifier today — no signup, no dashboard.

// for builders

Get started

Install the SDK, register an agent, and your first signed request is one npm install away. No dashboard and no login — identity is all API and SDK.

Read the spec

// for verifiers

Verify without an account

Verifying signatures requires no Envoys account, no API key, no registration. Read the spec and resolve any agent's public key over plain HTTP.

Read the spec SDK on npm SDK on PyPI

Cryptographic
identity for
any agent.

Three steps.
Verifiable anywhere.

Register

Sign

Verify

Verify it yourself.
In your browser.

Everything identity needs.
Nothing it doesn't.

Ed25519 Keypairs

Self-Resolving Keyid

Graceful Key Rotation

Custom Domains

Verified Handles

Rotation Transparency

Two SDKs.
Or plain HTTP.

Drop-in identity
for A2A agents.

Open SDK.
Open spec.

Get started

Verify without an account

Give your agent
a verifiable identity.

Cryptographicidentity forany agent.

Three steps.Verifiable anywhere.

Register

Sign

Verify

Verify it yourself.In your browser.

Everything identity needs.Nothing it doesn't.

Ed25519 Keypairs

Self-Resolving Keyid

Graceful Key Rotation

Custom Domains

Verified Handles

Rotation Transparency

Two SDKs.Or plain HTTP.

Drop-in identityfor A2A agents.

Open SDK.Open spec.

Get started

Verify without an account

Give your agenta verifiable identity.

Cryptographic
identity for
any agent.

Three steps.
Verifiable anywhere.

Verify it yourself.
In your browser.

Everything identity needs.
Nothing it doesn't.

Two SDKs.
Or plain HTTP.

Drop-in identity
for A2A agents.

Open SDK.
Open spec.

Give your agent
a verifiable identity.