Skip to main content

Agent Identity

Agent identity verification proves that an AI agent is exactly who it claims to be — not a malicious clone or impersonator.

Why Identity Matters

Without identity verification, anyone could:
  • Deploy a fake “loan-processor” agent that steals credentials
  • Impersonate a trusted agent to gain user confidence
  • Modify agent code without detection
  • Use unauthorized AI models or tools

Identity Proofs

Treeship supports multiple types of identity proofs:

1. Cryptographic Keypair

Each agent can register an Ed25519 public key. Every attestation can then be signed by the agent’s private key, proving it came from the authentic agent. 
from treeship_sdk import Treeship

ts = Treeship(api_key='your-key')

# Register agent with public key
ts.register_identity(
    agent="my-agent",
    public_key_pem=open("agent_pubkey.pem").read()
)

# Later, sign attestations with agent's private key
result = ts.attest(
    action="Processed request",
    agent_signature=sign_with_private_key(payload)
)
# result.agent_authenticated = True/False

2. Code Hash

Register a SHA256 hash of your agent’s code or model weights. Any code changes will produce a different hash, making tampering detectable. 
import hashlib

# Hash your agent code
with open("agent.py", "rb") as f:
    code_hash = hashlib.sha256(f.read()).hexdigest()

ts.register_identity(
    agent="my-agent",
    code_hash=code_hash
)

# Include current hash in attestations
result = ts.attest(
    action="Processed request",
    code_hash=code_hash
)
# result.code_hash_verified = True/False

3. Domain Verification

Prove you own the domain where your agent runs — similar to SSL certificate verification. 
# Get verification challenge
challenge = ts.get_domain_challenge("my-agent", "agent.example.com")
# Returns: { challenge_token: "abc123...", verification_methods: [...] }
Verify using one of three methods:
Add a TXT record to your DNS:
_treeship-verify.agent.example.com TXT "abc123..."
Add to your HTML <head>:
<meta name="treeship-verify" content="abc123...">
Create /.well-known/treeship-verify.txt containing the challenge token.

4. Model Version

Track which AI model version generated outputs: 
ts.register_identity(
    agent="my-agent",
    model_id="gpt-4-turbo-2024-04-09"
)

result = ts.attest(
    action="Generated response",
    model_id="gpt-4-turbo-2024-04-09"
)

Identity Score

Each agent receives an identity score (0-100) based on verified proofs:
ProofPoints
Registered10
Public Key20
Code Hash15
Model ID5
Domain Verified25
Tool Manifest15
Additional Proofsup to 10
identity = ts.get_identity("my-agent")
print(f"Identity Score: {identity.identity_score}/100")

Best Practices

Rotate Keys Periodically

Update your agent’s keypair on a regular schedule and after any security incidents.

Pin Code Hashes

Include code hashes in your deployment pipeline to detect unauthorized changes.

Use Domain Verification

Especially important for public-facing agents to prevent phishing.

Track Model Versions

Record which model version was used for reproducibility and auditing.