Standalone identity library for AI agents. Provides W3C DID methods, Verifiable Credentials, and enterprise identity bridges with zero heavy dependencies.
Part of the AgentAnycast ecosystem.
- Ed25519 key management — generate, load, and persist key pairs
- DID methods —
did:key,did:web,did:dns - Unified DID resolver — dispatch to the correct method automatically
- W3C Verifiable Credentials 2.0 — issue and verify
AgentCapabilityCredential - SPIFFE bridge — deterministic
did:keyderivation from SPIFFE IDs - OIDC bridge — deterministic
did:keyderivation from OIDC ID Token claims - Minimal dependencies — only
crypto/ed25519+ one base58 library
go get github.com/AgentAnycast/agentanycast-identityRequires Go 1.22 or later.
import "github.com/AgentAnycast/agentanycast-identity"
// Generate or load a persistent key.
privKey, err := identity.LoadOrGenerateKey("/path/to/agent.key")
// Derive the DID.
pubKey := privKey.Public().(ed25519.PublicKey)
did, err := identity.PubKeyToDIDKey(pubKey)
// did = "did:key:z6Mkf5rG..."// Issue a self-signed capability credential.
vc, err := identity.IssueSkillCredential(privKey, did, did, []string{
"text-summarization",
"translation",
})
// Verify a credential.
err = identity.VerifyCredential(vc)// Derive a deterministic agent DID from a SPIFFE identity.
did, err := identity.SPIFFEToAgentDID("spiffe://cluster.local/ns/default/sa/my-agent")// Derive a deterministic agent DID from OIDC claims.
did, err := identity.OIDCToAgentDID(identity.OIDCClaims{
Issuer: "https://accounts.google.com",
Subject: "user-12345",
})doc, err := identity.Resolve(ctx, "did:key:z6Mkf5rG...")
doc, err := identity.Resolve(ctx, "did:web:example.com:agents:alice")
doc, err := identity.Resolve(ctx, "did:dns:example.com")| Method | Create | Resolve | Description |
|---|---|---|---|
did:key |
Yes | Yes | Self-contained Ed25519 key in the DID |
did:web |
Yes | Yes | HTTPS-hosted DID Document |
did:dns |
— | Yes | DNS TXT record lookup at _did.<domain> |
Apache-2.0 — see LICENSE.