Agent-to-agent trust
Verify the agent you're calling
Outbound identity gives your agent a short-lived identity for the tools it calls. Inbound verification checks the agents that visit you. Agent-to-agent trust is the middle: as agents call other agents, prove the counterparty is a governed, verified agent before you act on the call.
The handshake: mint, present, verify, gate
- 1
Mint
When a governed agent makes a call, AxioRank seals the decision into an Action Passport: an Ed25519-signed, offline-verifiable proof of what the agent did, the policy verdict, and the risk. No new infrastructure; it rides on the call.
- 2
Present
The calling agent forwards its passport to the agent or service it is calling, as a signed field on the request. The proof travels with the action, so the counterparty sees who is calling and what AxioRank already decided.
- 3
Verify
The callee verifies the passport offline against the published key, with no shared secret, no callback, and no dependency on AxioRank being reachable. A valid signature within its freshness window is verified; an expired one is downgraded, a forged one is caught.
- 4
Gate
The callee's policy acts on the verdict: require a verified counterparty before doing anything, block a spoofed one outright, or challenge an unverified caller. Governed agent-to-agent trust, decided at the callee's boundary.
Four verdicts your policy can act on
A presented passport resolves to one of four states in the same vocabulary as inbound verification, so it flows through scoring, policy, and logging unchanged.
Verified
A valid signature, bound to its key, within the freshness window. The counterparty is a governed agent and the proof stands for current authorization.
Unverified
The signature is genuine but the passport has expired. The proof is real but no longer stands in for current authorization, so it is weighted, not trusted outright.
Spoofed
The signature does not verify. Someone forged or tampered with the passport, and the callee's policy can block it outright.
Unknown
No passport, or a malformed one. The caller did not prove it is governed, so a workspace can require more before it acts.
Built on proof you already have
The handshake reuses the parts AxioRank already ships. Governed calls already mint Action Passports. Your properties already verify visiting agents. Inbound policies already decide by verification status, so requiring a verified counterparty or blocking a spoofed one is a policy, not a new integration. You can require the same standard between your own agents that you require of the outside world.
Questions
- How is this different from a normal API key or mTLS?
- A key or a client certificate proves an identity. An Action Passport proves governance: not just who the agent is, but that its action passed a policy, at what risk, sealed into a signature the callee can check offline. The callee learns what AxioRank already decided about the call, not only that the caller holds a credential.
- Does the callee have to call AxioRank to verify?
- No. Verification is offline: the passport is checked against a published key with no callback and no shared secret. It keeps working even if AxioRank is unreachable, which is the point of a portable proof rather than a live lookup.
- What stops a replayed or stale passport?
- Each passport carries a freshness window. A genuine but expired passport verifies as unverified rather than verified, so it is weighted down instead of standing in for current authorization, and a workspace can require a fresh, verified counterparty before acting.
- Do both agents need AxioRank?
- The calling agent needs AxioRank to mint the passport, and the callee needs to verify it and gate on the result. The verification itself is a small, dependency-free step, so a service can accept and check passports without adopting the whole platform.
Give every agent a proof its counterparties can check
Govern the calls your agents make, mint a portable proof on every one, and require a verified counterparty before your agents act on each other.