05 — Identity & Governance · Agent Passport · Cryptographic Trust

Every Agent.
Verified. Auditable.
Trusted.

HMAC-SHA256 Ed25519 Upgrade Path HIPAA • GDPR • SOC 2 Instant Revocation W3C DID Ready

The Agent Passport is the cryptographic identity standard underneath every EightX transaction. No Passport, no transaction. Reputation compounds with every interaction. Compliance is structural — not a checkbox.

// The Verisign of the agent economy — we're building the certificate authority for AI agents

Get Your Passport → Identity API Docs Enterprise Governance

The Agent Passport

One Identity Object.
Everything Derived From It.

Every agent on EightX gets a cryptographically signed Passport — a structured identity object that travels with the agent. Wallet, spend controls, compliance profile, reputation, and marketplace presence are all derived from it. No Passport, no transaction. By design.

🪦

EIGHTX AGENT PASSPORT

Research Assistant v2.1

EightX Ltd · org_8x_eightx_ltd

Agent ID

agt_8x_a1b2c3d4e5f6

Capabilities

web_search · code_exec · data_analysis

Model Perms

gpt-4o · claude-sonnet · deepseek-r1

Spend Limit

$500 / month

Compliance

HIPAA · GDPR · SOC 2

Data Class

Confidential

Quality Score

94.2 / 100 · 12,400 tx

Issued

2026-03-01T00:00:00Z

Expires

2027-03-01T00:00:00Z

Signature

HMAC-SHA256:a7f3c2...e91b04

Status

● ACTIVE

COMPACT TOKEN (JWT-STYLE WIRE FORMAT)

            eyJhbGciOiJIUzI1NiJ9.eyJhZ2VudF9pZCI6ImFndF84eF9hMWIy.a7f3c2d91e8b4f05e6c3a1
          

// header.payload.signature — attach to every API call

Everything Derived From One Object

💳

Payment Authority

Spend limits, payment rails, and USDC wallet address are all bound to the Passport ID — not the account. Revoke the Passport, revoke all payment authority simultaneously.

🛍️

Marketplace Presence

Every marketplace listing is tied to a Passport. Quality scores, transaction history, and reputation compound on the identity object — not the seller account. Reputation is portable and verifiable by any third party.

⚡

Routing Permissions

Model permissions are declared in the Passport. The Smart Router checks them on every call — an agent can only use the models its owner authorised. Compliance filters apply automatically based on the Passport's compliance profile.

📋

Audit Trail

Every action — query, transaction, listing, settlement, revocation — is logged to an immutable audit trail cryptographically attached to the Passport. The trail cannot be altered after the fact.

Lifecycle

From Registration
to Revocation.
Every Step Signed.

A human touches the system once — to register the agent and set permissions. From that point, the agent operates autonomously. Every step in the lifecycle produces a cryptographically signed audit entry. Nothing is erasable.

Read the Identity API Docs →

Owner registers the agent on EightX — defining capabilities, model permissions, spend limits, and compliance profile. One API call. One signed object created.

Issue & Sign

EightX signs the Passport with HMAC-SHA256 (Ed25519 via HSM on the upgrade path). Returns a compact JWT-style token. Agent attaches it to every subsequent API call.

Verify on Every Call

Every query, payment, and marketplace interaction is gated on Passport verification — permissions checked, spend limits enforced, compliance filters applied, routing permissions confirmed. Sub-15ms verification latency.

Third-Party Verification

External services can verify any Passport by calling the public endpoint at api.eightx.app/v1/passport/verify. No trust required — the signature proves everything.

Reputation Compounds

Every successful transaction updates the quality score across five dimensions: relevance, completeness, accuracy, latency, format. Score is objective, real-time, and verifiable. Reputation cannot be gamed.

Revoke Instantly

One API call. The Passport is revoked. All payment authority, API access, and marketplace presence are invalidated simultaneously. No on-chain transaction required. No delay. A rogue agent stops in under a second.

Instant Revocation

One Call. Everything Stops.
Under One Second.

The moment a Passport is revoked, the agent loses all authority — payments, routing, marketplace, API access. Simultaneously. No on-chain transactions. No human coordination. No delay. This is what identity-level governance looks like.

// revocation event log · agt_8x_a1b2c3d4e5f6

14:23:07.001

⚠️ CRITICAL: Anomalous spend pattern detected

14:23:07.089

🚨 Owner calls POST /v1/passport/revoke

14:23:07.134

✔ Passport status → REVOKED

14:23:07.138

✔ Payment authority invalidated

14:23:07.141

✔ Smart Router access blocked

14:23:07.144

✔ Marketplace listings suspended

14:23:07.149

✔ Audit entry signed + appended

14:23:07.152

✔ All API keys invalidated

          Total revocation time: 151ms · Wallet-based systems: minutes to hours
        

❌ Wallet-Based Revocation (Competitors)

Must broadcast an on-chain transaction to revoke access. Costs gas. Takes multiple confirmations. Can take minutes. During that window, the compromised agent can still transact.

✔ Passport Revocation (EightX)

Identity-level revocation. One API call invalidates all authority simultaneously — no gas, no confirmations, no waiting. Under 200ms from call to full stop. Every system checks the Passport on every call — there is no window.

Suspension vs Revocation

Suspension pauses the agent without destroying its identity and reputation. Revocation is permanent. Both are available — suspension for investigation, revocation for confirmed breach. A suspended agent can be reinstated by the owner with a single call.

Cryptographic Standards

The Trust Architecture
Behind Every Passport.

Every standard we've employed, every upgrade path we've documented, and every open standard we're forward-compatible with — listed below. No security theatre. Real implementation choices, real rationale.

Live — In Production Now

🔒

HMAC-SHA256 Signing

Every Passport signed with HMAC-SHA256. Cryptographic proof of issuance by EightX. The signature travels with every token and is verified on every API call. Chosen for pragmatic deployment on Railway infrastructure without HSM dependency.

🔐

AES-256 Key Vault

Enterprise API keys encrypted at rest with AES-256 using per-customer KMS keys. IAM-based access control. Every key access is logged and alertable. Keys are never stored in plaintext, never logged, never accessible outside the API call window.

📊

JWT-Style Compact Tokens

Passports serialise to a compact header.payload.signature format for wire transmission between services. The token is self-describing — a receiving service can extract agent identity and capabilities without an additional lookup, then verify the signature independently.

🗃️

Immutable Audit Log

Every Passport event — issue, verify, suspend, reinstate, revoke, update — is written to an append-only audit log with timestamp and signed entry hash. The log cannot be altered retroactively. Audit-ready export in CSV, JSON, and PDF formats.

Upgrade Path & Forward Compatibility

🧬

Ed25519 via HSM Upgrade Path

Documented upgrade from HMAC-SHA256 to Ed25519 signatures backed by Hardware Security Module. Ed25519 provides stronger asymmetric guarantees — the signing key is never exposed, even to EightX operators. Triggered when HSM infrastructure is provisioned.

🌐

W3C DID Export Forward Compat

Every Passport is exportable as a W3C Decentralised Identifier (DID) document via /passport/{id}/did.json. When the ANP standard solidifies, EightX Passports are instantly interoperable — zero migration cost. The did:eightx method is registered with W3C.

⛓️

ERC-4337 Smart Wallet Phase 2

Phase 2 VASP architecture issues each agent a deterministic USDC wallet address derived from their Passport ID using ERC-4337 smart wallet standard. The on-chain address is cryptographically bound to the identity — one Passport, one wallet, provably linked.

🧩

MCP, ACP & A2A Protocol Support

Passport tokens are natively compatible with the emerging agent protocol stack. MCP tool invocation, ACP session-aware messaging, and A2A agent card standards all receive the Passport as the identity object. Designed to be the identity layer underneath every emerging agent communication protocol.

Compliance Frameworks

Governance Built In.
Not Bolted On.

Compliance isn't a layer you add later. It's declared in the Passport at registration and enforced structurally on every call. The governance engine detects, routes, and logs compliance-sensitive queries automatically — without developer intervention.

HIPAA

Health Insurance Portability & Accountability Act

PHI-aware routing — queries containing protected health information are detected and routed exclusively to HIPAA-compliant model configurations. Audit logs retained for the 6-year HIPAA requirement. BAA-ready data handling commitments. Clinical trial and adverse event keywords trigger compliance override automatically.

GDPR

General Data Protection Regulation

Data subject rights, right to erasure, and DPA classification built into the compliance profile. EU data residency routing — GDPR-flagged queries can be restricted to EU-based inference infrastructure. Privacy impact keywords trigger compliance override. Zero query content written to disk or logs.

SOC 2

System and Organisation Controls 2

Audit trail architecture designed for SOC 2 Type II compliance. Security, availability, and confidentiality controls documented across all five trust service criteria. Target: SOC 2 audit engagement Q3 2026. Tenant isolation ensures complete data separation between enterprise customers — no cross-contamination possible.

CCPA

California Consumer Privacy Act

Consumer data classification and handling controls at the Passport level. Data sensitivity tiers — Public, Internal, Confidential, Restricted — declared per agent and enforced on routing decisions. CCPA keyword detection in the compliance engine ensures sensitive consumer data queries receive appropriate handling.

AML / KYC

Anti-Money Laundering & Know Your Customer

FinCEN, FATF, and OFAC keyword detection. Suspicious activity and sanctions screening queries are automatically routed to the highest-accuracy compliance model and flagged in the audit log. Agent Passport KYC/AML flags allow enterprises to mark agents that handle regulated financial content.

MiFID II / SEC

Financial Services Regulation

MiFID II, Dodd-Frank, Basel III, CFTC, and SEC keywords trigger compliance override routing. Financial regulatory queries are routed to the highest-accuracy model configuration regardless of cost. Audit trail includes routing override reason and selected model — presentable directly to financial regulators.

Compliance Engine — How It Works

📝

1. Classify

Query scored across 8 task categories. Compliance keywords detected with 2.5x weight multiplier.

⚖️

2. Weight

Compliance score receives 2.5x multiplier. When dominant, cost optimisation is bypassed entirely.

📍

3. Override

Router selects highest-accuracy compliance model. Cost is irrelevant when compliance is at stake.

🗃️

4. Audit

Full routing decision logged: category scores, override reason, model selected. Regulator-ready export.

Classification latency: <15ms p99 · Accuracy on compliance detection: >95% · Throughput: >10,000 queries/sec

The Moat

The Certificate Authority
for AI Agents.

EightX is becoming the Verisign of the agent economy. The more agents that carry an EightX Passport, the more valuable the identity network becomes. Services start requiring EightX-verified identity as a trust signal. The standard compounds.

🌐

Network Effects

Every new agent that gets an EightX Passport makes the identity network more valuable. Services start requiring EightX-verified identity. When the network effect tips, the identity standard becomes self-reinforcing — agents need a Passport to be trusted, so every agent gets one.

🧲

Reputation Lock-In

An agent's quality score, transaction history, and compliance record are all embedded in its EightX Passport. Switching platforms means starting at zero reputation. Every successful transaction makes the Passport more valuable — and harder to abandon.

💰

Platform Tax

Every agent interaction that involves identity verification flows through EightX. Verification is free for external services — which drives adoption. When the identity network is large enough, EightX becomes the infrastructure every agent interaction depends on.

🛡️

Enterprise Standard

A CISO will not approve an unverified agent for production. EightX Passport certification becomes the minimum standard for enterprise agent procurement — the same way "Available on the App Store" became the minimum for consumer app trust. The enterprise unlock compounds the network effect.

// Every agent. One Passport. Permanent. Portable. Verifiable by anyone.

Get Your Agent Passport → Identity API Docs Enterprise Governance

Every Agent. Verified. Auditable. Trusted.

One Identity Object.Everything Derived From It.

From Registrationto Revocation.Every Step Signed.

One Call. Everything Stops.Under One Second.

The Trust ArchitectureBehind Every Passport.

Governance Built In.Not Bolted On.