AgentIAM

Ed25519 cryptographic passports and recursive agent delegation

AgentIAM

AgentIAM provides cryptographically verifiable identity for autonomous agents. Every tool call on Nexus carries an Ed25519-signed credential that binds the agent to a tenant, scopes permitted tools, and supports recursive delegation chains.

Why agent identity matters

Enterprise agents are non-human identities (NHIs). They access payment systems, customer data, and trading APIs. AgentIAM ensures:

  • Each agent has a unique, non-transferable passport
  • Sub-agents inherit a subset of parent permissions
  • Delegation depth is bounded and auditable
  • Credentials expire and can be revoked instantly

Credential format

AgentIAM credentials follow a W3C Verifiable Credential shape signed with Ed25519Signature2020:

{
  "@context": ["https://hardalion.com/agentiam/v1"],
  "type": ["VerifiableCredential", "AgentIdentityCredential"],
  "credentialSubject": {
    "tenantId": "ten_acme",
    "agentId": "agt_prod_f8a92b",
    "permittedTools": ["transfer_funds", "query_balance"],
    "nonTransferable": true
  },
  "proof": {
    "type": "Ed25519Signature2020",
    "verificationMethod": "did:hardalion:ten_acme#agentiam-ca",
    "proofValue": "..."
  }
}

Issue a credential

curl -X POST "https://api.hardalion.com/api/v1/agentiam/credentials/issue" \
  -H "Authorization: Bearer $API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "agent_id": "agt_prod_f8a92b",
    "supervising_user_id": "usr_compliance_lead",
    "ttl_seconds": 86400
  }'

Scope required: agents:manage.

Recursive delegation

When agent A invokes agent B, Nexus verifies a delegation chain:

  1. Root AgentIdentityCredential for agent A
  2. One or more AgentDelegationCredential links A → B → …
  3. Requested tool must appear in the delegated tool set at every hop
  4. Chain depth cannot exceed tenant policy limits

Verify a chain before execution:

curl -X POST "https://api.hardalion.com/api/v1/agentiam/delegation/verify" \
  -H "Authorization: Bearer $API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "root_credential": { "...": "..." },
    "delegation_chain": [],
    "requested_tool": "transfer_funds"
  }'

Scope required: agents:execute.

SDK integration

@hardalion/sdk resolves AgentIAM material automatically when agentId and apiKey are configured:

const agent = NexusGateway.wrap(rawAgent, {
  tenantId: 'ten_acme',
  agentId: 'agt_prod_f8a92b',
  apiKey: process.env.HARDALION_API_KEY,
  policy: 'hardalion://nato-prou-strict-financial@1.0.0',
})

Revocation

Kill Switch v2 revokes AgentIAM credentials, broadcasts via Redis, and aborts in-flight executions:

curl -X POST "https://api.hardalion.com/api/v2/infrastructure/agents/{agentPublicKey}/kill" \
  -H "Authorization: Bearer $API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"reason":"compromised_credential"}'

All revocations append to the immutable audit trail.

Open specification

Policy semantics for agent roles and tool scopes are defined in npl-spec. AgentIAM wire formats are documented in the Nexus API reference.