The agent.yaml + SOUL.md + DUTIES.md + RULES.md pattern handles identity-as-configuration cleanly. The missing piece for portable runtime verification is a key binding: when an agent defined in one repo runs in another environment, how do downstream tools verify the running agent is the one the manifest describes?
Proposal: an optional identity.yaml (or identity section in agent.yaml) that binds the manifest to an Ed25519 public key. Structure could be as light as:
identity:
public_key: ed25519:BASE64-ENCODED-KEY
key_fingerprint: sha256:...
passport_uri: https://... # optional richer identity doc
Runtime semantics:
- Agent signs outputs with the private key, downstream tools verify against
public_key in the manifest.
- Delegation: the repo owner signs sub-agent manifests to create a verifiable parent→child chain.
- Optional
passport_uri points at a richer identity document for scoped delegation, revocation, and cascade semantics.
Fully optional. No-identity manifests keep working. But production users get a seam to bolt on stronger identity and revocation without changing the gitagent surface.
Concrete reference: Agent Passport System (Apache 2.0, Ed25519-native, https://github.com/aeoess/agent-passport-system) ships the identity + delegation layer and maps cleanly to identity.yaml via the passport_uri field. Happy to draft a gitagent-compatible adapter if useful. The seams here are genuinely small.
The SOD/role design is excellent prep for this. Optional Ed25519 is a cheap extension.
The
agent.yaml+ SOUL.md + DUTIES.md + RULES.md pattern handles identity-as-configuration cleanly. The missing piece for portable runtime verification is a key binding: when an agent defined in one repo runs in another environment, how do downstream tools verify the running agent is the one the manifest describes?Proposal: an optional
identity.yaml(oridentitysection inagent.yaml) that binds the manifest to an Ed25519 public key. Structure could be as light as:Runtime semantics:
public_keyin the manifest.passport_uripoints at a richer identity document for scoped delegation, revocation, and cascade semantics.Fully optional. No-identity manifests keep working. But production users get a seam to bolt on stronger identity and revocation without changing the gitagent surface.
Concrete reference: Agent Passport System (Apache 2.0, Ed25519-native, https://github.com/aeoess/agent-passport-system) ships the identity + delegation layer and maps cleanly to
identity.yamlvia thepassport_urifield. Happy to draft a gitagent-compatible adapter if useful. The seams here are genuinely small.The SOD/role design is excellent prep for this. Optional Ed25519 is a cheap extension.