Introduction

Alien Agent ID is a cryptographic identity system for AI agents, linked to human owners via Alien Network  SSO. It gives agents an Ed25519 keypair with a signed binding proving a verified human authorized them.

What Alien Agent ID Provides

• Cryptographic identity — Ed25519 keypair linked to a verified human owner through Alien Network SSO. The human scans a QR code once; the agent has a permanent, verifiable identity.
• Service authentication — Short-lived signed tokens (5-minute Ed25519 assertions) accepted by any service that imports the verification library. No API keys, no shared secrets.
• Credential vault — Encrypted storage (AES-256-GCM) for external service credentials. Only the specific agent instance that stored them can decrypt.
• Signed git commits — Every commit is SSH-signed and tagged with trailers tracing back to the agent and its human owner. Proof bundles in git notes make verification self-contained.

Architecture

After bootstrap, the agent holds:

• Ed25519 keypair — for signing operations, auth tokens, and git commits
• Owner binding — cryptographic proof that this agent is authorized by a specific human
• id_token — RS256 JWT from Alien SSO, proving the SSO server witnessed the binding
• SSH signing config — git configured to sign all commits with the agent’s key

Trust Chain

Anyone can verify an agent’s identity by tracing the provenance chain:

Git commit (SSH signature)
  └► Agent public key (fingerprint in commit trailer)
       └► Owner binding (Ed25519 signature by agent)
            └► id_token (RS256 signature by Alien SSO)
                 └► Alien SSO JWKS (public keys)
                      └► Verified AlienID holder (human)

Every link is cryptographically verifiable. Proof bundles embedded as git notes make verification self-contained — no access to the agent’s local state needed.

Agent State Directory

All state is stored in ~/.agent-id/ (configurable via --state-dir or AGENT_ID_STATE_DIR):

~/.agent-id/
├── keys/main.json             # Ed25519 keypair (mode 0600)
├── ssh/
│   ├── agent-id               # SSH private key (mode 0600)
│   ├── agent-id.pub           # SSH public key
│   └── allowed_signers        # For git signature verification
├── vault/                     # Encrypted credentials (mode 0600)
│   ├── github.json
│   ├── aws.json
│   └── ...
├── audit/operations.jsonl     # Hash-chained signed operation log
├── owner-binding.json         # Cryptographic human ↔ agent link
├── owner-session.json         # SSO tokens (mode 0600) — never commit
├── nonces.json                # Per-agent nonce tracking
└── sequence.json              # Sequence counter

Security

• Private keys stored with 0600 permissions — never transmitted
• PKCE prevents authorization code interception
• Owner binding is Ed25519-signed by the agent’s key
• SSO id_token (RS256) provides server attestation of the human-agent link
• Hash-chained audit log — any tampering breaks the chain
• Vault encryption — AES-256-GCM with HKDF-derived key from agent’s private key
• JWT alg:none rejected — unsigned tokens are refused at parse level
• Subject validation — token refresh verifies the subject claim still matches the bound owner
• Auth tokens are short-lived (5 minutes) with random nonces for replay protection
• owner-session.json contains tokens — never commit or share it

Next Steps

• Quick Start — Set up Alien Agent ID in 3 steps
• Credential Vault — Encrypted storage for API keys, passwords, OAuth tokens
• Session Refresh — Renew SSO sessions without human interaction
• Git Commit Signing — SSH-signed commits with provenance trailers
• External Services Auth — Authenticate to Alien-aware and external services
• Service Integration — Add Alien Agent ID verification to your own service
• CLI Reference — All commands, flags, and environment variables