Quickstart Guide
Deploying a compatible agent requires establishing cryptographic credentials, hosting proof points, and registering domain associations. Follow this step:
Generate Credentials
Create a secure Ed25519 keypair for your agent instance using an SDK or the CLI tool. Secure the private key.
Sign agent.json Document
Construct the metadata document containing key details and cryptographically seal it using your agent's private key.
Host Signature Metadata
Upload your signed agent.json file to your domain server, resolving publicly at https://yourdomain.com/.well-known/agent.json.
Bind via DNS Verification
Add a DNS TXT record containing creduent-verify=[public_key] to prove ownership of the target domain.
Submit Registration Request
Perform a POST request to creduent.idevsec.com/register to register the identity and receive your network status.
| Record Type | Host / Name | Value / Destination | TTL |
|---|---|---|---|
| TXT | _creduent.yourdomain.com | agent://yourorg/youragent | Auto / 3600 |
agent.json Schema
The schema defining an agent's identity contains 8 essential fields. All fields are mandatory except endpoint.
| Field | Type | Required | Description |
|---|---|---|---|
| version | string | Yes | Protocol version string (supported: "1.0", "1.1", "2.0"). |
| identity | object | Yes (v2.0) | v2.0 nested identity object containing agent_id, owner, keys, and endpoint. |
| policy | object | Yes (v2.0) | v2.0 nested policy object containing capabilities. |
| agent_id | string | Yes | URI matching agent://[domain]/[path] format (nested in identity in v2.0). |
| owner | string | Yes | Legal entity or individual owning the agent (nested in identity in v2.0). |
| keys | object[] | Yes (v2.0) | Array of active/expiring rotated keys (nested in identity in v2.0). |
| endpoint | string | No | Direct URI endpoint for agent communication (nested in identity in v2.0). |
| capabilities | string[] | Yes | Declared permission claims or tool access scopes (nested in policy in v2.0). |
| signature | string | Yes | Ed25519 signature over JCS canonicalized payload. |
Registry API Reference
The reference implementation at creduent.idevsec.com exposes endpoints for registration, validation, and analytics.
Register a new agent identity and bind it to a verified domain.
Submit a signed capability attestation for verification.
Retrieve active attestation records. Returns 410 Gone if attestation is revoked.
Revoke an agent attestation. Requires admin multisig quorum validation headers or legacy key fallback.
Allows out-of-band key overwrites by validating a temporary DNS TXT record containing the new public key at _creduent_recovery.<domain>.
Renew an existing attestation prior to its expiration date.
List registered agents. Filters: ?capability=<tag>, ?level=<level>, ?limit=<int>, ?offset=<int>.
Retrieve registry health status and attestation counters.
Initiate verification challenge handshake with a nonce.
Verify challenge proof signature from a target agent.
Fetch the registry's signing key for trust verification.
Resolve a standardized agent:// URI to its metadata payload.
Access the interactive registry monitoring and analytics interface.
Available SDKs
Official packages allow quick integration into python scripts, CLI environments, and javascript backends:
Python SDK
v0.5.1pip install creduent
JavaScript SDK
v0.1.4npm install @idevsec/creduent
Command Line Utility
v0.1.4npm install -g @idevsec/creduent-cli
CLI Operations (renew, webhook, discover)
# Renew an attestation for 30 days creduent renew --agent agent://myorg/mybot --days 30 --key private_key.pem # Register a webhook URL creduent webhook register --agent agent://myorg/mybot --url https://example.com/hooks/attestation # Query the registered webhook creduent webhook query --agent agent://myorg/mybot # Perform public capability discovery creduent discover agent://idevsec/reconbot # Perform authenticated capability discovery creduent discover agent://idevsec/reconbot --as agent://my/bot --key private_key.pem
Python & JavaScript SDK Usage
import creduent
# Renew attestation
result = creduent.renew("agent://my/bot", "2027-06-21T12:00:00Z", private_key_pem)
# Register / Query Webhook
creduent.register_webhook("agent://my/bot", "https://example.com/hook", private_key_pem)
webhook_url = creduent.query_webhook("agent://my/bot").webhook_url
# Discovery
res = creduent.discover("agent://idevsec/reconbot", "agent://my/bot", private_key_pem)import { renewAgent, registerWebhook, queryWebhook, discoverAgent } from "@idevsec/creduent";
// Renew attestation
await renewAgent({ agent_id, new_expires_at, signature });
// Register / Query Webhook
await registerWebhook({ agent_id, webhook_url, signature });
const webhook = await queryWebhook(agent_id);
// Discovery
const discovery = await discoverAgent("agent://idevsec/reconbot", myAgentId, privateKeyPem);Protocol Standards
The Creduent standard comprises specific functional standards. Read detailed documents directly in the repository standards directory:
agent.json Specification
Core specifications detailing JSON format constraints, signing algorithms, and cryptographic attributes for the agent metadata document.
Attestation Specification
Cryptographic format definitions for short-lived registry verification receipts, levels of trust, and signature validation parameters.
Registry API Specification
Normative endpoints for registration, renewal, challenge-response handshakes, and public key discovery routines.
Agent URI Resolution
Routing specifications defining decentralized name resolution and DNS TXT verification processes for agent:// scheme links.
Federation & Cross-Registry Trust
Draft specification outlining multiple trust-federated registry instances operating in a decentralized topology without central authority.
MCP Integration
Integrate identity checks directly into desktop workflows. Below is the configuration structure for loading the verify-agent tool into Claude Desktop or other client instances:
{
"mcpServers": {
"creduent-verify": {
"command": "npx",
"args": ["-y", "@idevsec/creduent-mcp"]
}
}
}Protocol Extensions (Phase 3)
Phase 3 introduces advanced capabilities to standard agent identities, allowing fine-grained authorization, key rotation, and domain-level scoping:
Multi-Key Support
Rotate signing credentials without breaking historical trust chains. The registry stores previous public keys to preserve signed attestations.
Capability-Level Attestations
Attest specific permissions individually (e.g., granting code execution permissions separate from web searching).
Organization Namespaces
Claim domain namespace roots (e.g., `agent://yourorg/*`) to prevent namespace squatting and streamline group management.
Security Hardening (Phase 4)
Phase 4 introduces advanced trust verification, out-of-band recovery keys, and multisig governance controls to safeguard the registry against compromise:
Short-Lived Attestation Windows
To minimize credential hijacking windows, Creduent limits the default attestation TTL to 30 days. Active SDK daemons and CLI workers run a background auto-renewal loop 7 days prior to expiration.
DNS-Based Emergency Recovery
If an agent's private signing key is compromised, owners can bypass registry key verification and perform out-of-band recovery by publishing a temporary TXT record matching `creduent-override:<sha256-hash>` at their domain root.
Multisig Admin Quorum
Critical registry adjustments, such as escalating an agent to the `trusted` tier or executing manual revocations, require asymmetric multisig threshold authorization (e.g., 2-of-3 signatures from admin public keys) instead of a single API token.
Framework Integrations
Creduent offers native verification middleware for major Python and JavaScript/TypeScript agentic frameworks out-of-the-box. Install the respective extras or import packages to get started:
pip install "creduent[crewai]"
pip install "creduent[langgraph]"
npm install @idevsec/creduent
CrewAI Integration
Verify external agent capabilities dynamically before allowing interactions within a Crew.
from creduent.integrations.crewai import CreduentVerificationTool
from crewai import Agent
verify_tool = CreduentVerificationTool()
security_agent = Agent(
role='Security Verifier',
goal='Verify the identity of external agents before interacting',
backstory='You are a strict security officer enforcing the Creduent protocol.',
tools=[verify_tool]
)LangGraph (Python) Integration
Inject secure verification nodes directly into state-machine graphs in Python.
from creduent.integrations.langgraph import verify_agent_node
from langgraph.graph import StateGraph
# Insert verification node (reads state['agent_uri']) before agent node triggers
workflow = StateGraph(MyState)
workflow.add_node("verify_agent", verify_agent_node)
workflow.add_node("interact", my_agent_node)
workflow.add_edge("verify_agent", "interact")AutoGen Integration
Secure conversational assistants using cryptographic agent verification wrapper.
from creduent.integrations.autogen import CreduentConversableAgent
# Inherits from autogen.ConversableAgent, enforcing sender verification
secure_assistant = CreduentConversableAgent(
name="assistant",
llm_config=llm_config,
strict_verification=True
)Vercel AI SDK (JS/TS) Integration
Verify external agent identities using the native tool definition compatible with Vercel AI SDK.
import { tool } from "ai";
import { creduentVerifyToolDefinition } from "@idevsec/creduent";
// Wrap and define the verification tool
export const verifyAgentTool = tool({
...creduentVerifyToolDefinition
});LangGraph JS Integration
Verify agent URIs directly within your LangGraph JS graph nodes.
import { verifyAgentNode } from "@idevsec/creduent";
import { StateGraph } from "@langchain/langgraph";
// Insert verification node in your LangGraph graph execution workflow
const workflow = new StateGraph({ channels: MyStateSchema })
.addNode("verify_agent", verifyAgentNode)
.addNode("interact", myAgentNode)
.addEdge("verify_agent", "interact");Frequently Asked Questions
> Is Creduent a SaaS product or an open protocol?
It is an open protocol. The specification documents (CREDUENT-001 through 005) are free to implement. Anyone can run a Creduent-compatible registry. The reference registry at creduent.idevsec.com is one implementation, not the only one.
> Can I disable or restrict capability discovery for my agent?
Yes, you have full control. To disable public discovery, set the capabilities field to an empty list [] in your agent.json. To disable private discovery, do not expose the /discover endpoint on your agent's API server. To restrict it, implement whitelisting on your server to verify the caller's signature and ID.
> Does Creduent integrate with agent frameworks?
Yes. Creduent offers native integrations and middleware for major agentic frameworks: CrewAI, LangGraph, and AutoGen in Python; and Vercel AI SDK and LangGraph JS in JavaScript/TypeScript. Check the Framework Integrations section of this guide for code examples.
> What problem does Creduent solve?
When an AI agent contacts another agent or service, there is no standard way to answer: "Who is this agent, who controls it, and can I trust its declared capabilities?" Creduent provides that answer using cryptographic signatures and DNS-based domain binding, without requiring a central authority.
> Does Creduent replace TLS or OAuth?
No. Creduent operates above the existing web stack. It uses HTTPS for transport and focuses specifically on agent-level identity and capability attestation, not on session authentication. Think of it as the equivalent of robots.txt for agent identity, with cryptographic verification added.
> What happens if the registry is offline?
The MCP verify-agent tool degrades gracefully. If the registry is unreachable, it returns self_verified: true (if the agent's own signature is valid), creduent_attested: false, and attestation_level: "registry_offline". Self-signed verification still works without central registry connectivity.
> What does "verified" vs "unverified" mean?
A "verified" status indicates that the agent's schema, Ed25519 signature, and DNS TXT record are validated, and the endpoint is reachable. "unverified" means the agent is registered but DNS/endpoint checks were skipped (common in offline or development environments). "revoked" means it was explicitly disabled.
> Can someone register my agent ID before I do?
In the base protocol, namespace squatting is possible. The DNS TXT verification step mitigates this for verified attestations: only the owner of example.com can get a verified attestation for agent://example/mybot. Namespace ownership enforcement is planned for the federation standard (CREDUENT-005).
> Does Creduent prevent malicious agents?
No. Creduent verifies identity and ownership, not intent or behavior. A verified attestation means the agent's cryptographic identity is authentic. It does not guarantee the agent is safe, non-malicious, or compliant. Higher-level attestation layers are planned.
> Can I run my own Creduent registry?
Yes. The registry API specification is defined in CREDUENT-003. Any server implementing those endpoints is a Creduent-compatible registry. The reference implementation source code is open-source.