I’m the creator of Vouch Protocol.
We are entering a world where AI agents are taking real actions (booking flights, committing code, moving money).
The problem: There is currently no way to cryptographically verify an Agent's intent before execution. (e.g., An agent claims it will `read_db`, but actually executes `delete_db`—and you have no proof of the discrepancy nor a way to stop this from happening).
The current industry solution relies on the old X.509 Certificate Authority model—basically, paying a centralized authority $$$ per year for a digital ID. That doesn't scale for billions of autonomous agents.
So I built Vouch Protocol.
It is an open-source standard for AI Agent Identity that replaces paid certificates with W3C Decentralized Identifiers (did:web).
How it works:
1. Identity: Your agent generates its own Ed25519 key pair.
2. Resolution: It publishes its public key to your domain (/.well-known/did.json), making your domain the root of trust.
3. Signing: The agent signs every prompt/action using a JWT-VC (Verifiable Credential).
4. Verification: Any other system can cryptographically verify "This action came from the Agent at domain X" without hitting a central server.
Update: I just submitted Vouch to the C2PA (Coalition for Content Provenance and Authenticity) today to push for this decentralized model as a standard alongside Adobe and Microsoft.
Repo (Code + SDK): https://github.com/vouch-protocol/vouch
I’d love you to roast my architecture, tell me why I'm wrong, or (hopefully) star the repo if you agree this layer should be free.