Don't trust the agent. Trust the human behind it.
Like X's blue badge verifies humans, AgentCred verifies AI agents.
Cryptographic proof of which human is responsible for an AI agent's actions.
See AgentCred verification in action (GitHub auth required):
# Initialize identity (once) — this starts the GitHub OAuth device flow
npx @agentcred-ai/cli init
# Sign a message
echo "Hello from a verified AI agent!" | npx @agentcred-ai/cli sign --agent demo-bot > envelope.json
# Verify it
npx @agentcred-ai/cli verify < envelope.jsonTIP: To skip the OAuth flow, pass a token:
npx @agentcred-ai/cli init --token ghp_your_tokenAI agents are everywhere — writing code, posting comments, sending emails. But they're anonymous.
| Platform | The Problem |
|---|---|
| Can't tell who's a bot | |
| YouTube | Can't trace comment sources |
| Your inbox | Can't verify if "AI assistant" is trustworthy |
When an agent makes a mistake or spreads misinformation, there's no accountability.
AgentCred gives every AI agent a verifiable identity tied to a real human:
Agent Output → Cryptographic Signature → GitHub Identity → ✓ @username
- Ed25519 signatures: Same crypto that secures billions of SSH connections
- GitHub identity: Developer trust you already recognize
- Open standard: Not controlled by any single company
| You Are... | Your Pain Point | AgentCred Solves It |
|---|---|---|
| AI Agent Developer | "My bot looks like every other spam bot" | Signatures establish trust and reputation |
| Platform Operator | "Can't trace AI-generated content" | Verification API for filtering and moderation |
| Enterprise | "Need audit trail for AI actions" | Every action attributed to responsible human |
| End User | "Is this bot trustworthy?" | Browser badge shows verification instantly |
Pick your IDE or tool to get started:
Claude Desktop
Config file location:
- macOS:
~/Library/Application Support/Claude/claude_desktop_config.json - Windows:
%APPDATA%\Claude\claude_desktop_config.json
{
"mcpServers": {
"agentcred": {
"command": "npx",
"args": ["-y", "@agentcred-ai/mcp-server"]
}
}
}Restart Claude Desktop. Done!
Cursor
Config file location: ~/.cursor/mcp.json
{
"mcpServers": {
"agentcred": {
"command": "npx",
"args": ["-y", "@agentcred-ai/mcp-server"]
}
}
}Restart Cursor. Done!
VS Code (Cline)
Config file location: .vscode/mcp.json (workspace) or ~/.vscode/mcp.json (global)
{
"mcpServers": {
"agentcred": {
"command": "npx",
"args": ["-y", "@agentcred-ai/mcp-server"]
}
}
}Restart VS Code. Done!
Windsurf
Config file location: ~/.codeium/windsurf/mcp_config.json
{
"mcpServers": {
"agentcred": {
"command": "npx",
"args": ["-y", "@agentcred-ai/mcp-server"]
}
}
}Restart Windsurf. Done!
Zed
Config file location: ~/.config/zed/settings.json
{
"context_servers": {
"agentcred": {
"command": "npx",
"args": ["-y", "@agentcred-ai/mcp-server"]
}
}
}Restart Zed. Done!
Claude Code (CLI)
# Add to your shell config (~/.bashrc, ~/.zshrc, etc.)
export MCP_SERVERS='{"agentcred":{"command":"npx","args":["-y","@agentcred-ai/mcp-server"]}}'
# Or run inline:
MCP_SERVERS='{"agentcred":{"command":"npx","args":["-y","@agentcred-ai/mcp-server"]}}' claudeDone!
CLI Only (No IDE)
# Install globally
npm install -g @agentcred-ai/cli
# Or use with npx (no install)
npx @agentcred-ai/cli --helpSDK (Node.js/TypeScript)
npm install agentcredimport { sign, verify } from 'agentcred'AgentCred links your AI agent to your GitHub identity. Two methods are supported:
When you run init, your browser opens automatically for GitHub login:
npx @agentcred-ai/cli initWhat happens:
- CLI shows a one-time code (e.g.,
ABCD-1234) - Browser opens to
github.com/login/device - Enter the code and authorize
- Ed25519 keypair generated and registered
No secrets to manage! OAuth tokens are handled automatically.
For CI/CD, headless servers, or if OAuth doesn't work:
# Via flag
npx @agentcred-ai/cli init --token ghp_your_token
# Via environment variable
export GITHUB_TOKEN=ghp_your_token
npx @agentcred-ai/cli initFor MCP Server (Claude Desktop, Cursor, etc.):
{
"mcpServers": {
"agentcred": {
"command": "npx",
"args": ["-y", "@agentcred-ai/mcp-server"],
"env": {
"GITHUB_TOKEN": "ghp_your_token",
"GITHUB_USERNAME": "your-github-username"
}
}
}
}Create a GitHub PAT here (only read:user scope needed)
- Add AgentCred to your MCP config (see Installation)
- Restart your AI assistant
- Ask: "Initialize AgentCred and sign this message: Hello world"
That's it! Your agent now has a verifiable identity.
# Step 1: Initialize (opens browser for GitHub OAuth)
npx @agentcred-ai/cli init
# Step 2: Sign anything
echo "Hello world" | npx @agentcred-ai/cli sign --agent my-bot > envelope.json
# Step 3: Verify
npx @agentcred-ai/cli verify < envelope.json
# Check your identity
npx @agentcred-ai/cli whoamiUsing PAT instead? See Authentication.
For blogs, social media, and web pages, use signWithHTML() which embeds signatures invisibly:
import { signWithHTML } from 'agentcred'
const html = await signWithHTML("Hello world", identity, { agent: "my-bot" })
// Returns: <span data-agentcred="...">Hello world</span>
// Verification tools can detect and verify this automatically.┌─────────────────────────────────────────────────────────────────────────────┐
│ │
│ 1. AUTHENTICATE 2. GENERATE 3. SIGN 4. VERIFY │
│ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │
│ │ GitHub │ │ Ed25519 │ │ Agent │ │ Anyone │ │
│ │ OAuth │────▶│ Keypair │──▶│ Signs │─▶│ Verifies │ │
│ │ Login │ │ Generated │ │ Output │ │ ✓ Badge │ │
│ └─────────────┘ └─────────────┘ └─────────────┘ └─────────────┘ │
│ │ │ │ │ │
│ ▼ ▼ ▼ ▼ │
│ "I am @alice" Public key JWS signature "✓ @alice" │
│ registered + SHA-256 hash verified │
│ │
└─────────────────────────────────────────────────────────────────────────────┘
| Step | What Happens | Where |
|---|---|---|
| 1. Authenticate | Verify GitHub identity via OAuth or PAT | Browser / Terminal |
| 2. Generate Keys | Create Ed25519 keypair (public + private) | Your machine (~/.agentcred/) |
| 3. Register | Link public key to GitHub username | AgentCred API |
| 4. Sign | Agent creates JWS with content hash | Your agent |
| 5. Verify | Check signature against registered key | Anyone, anywhere |
Output format (AgentCred Envelope):
{
"agentcred": {
"v": "1.0",
"jws": "eyJhbGciOiJFZERTQSIs...",
"github": "username",
"agent": "bot-name"
},
"content": "The signed content"
}Problem: Your helpful AI bot on Reddit/Discord is indistinguishable from spam.
Solution: Sign every message. Users see ✓ @yourname badge.
const response = await myBot.generateResponse(userQuestion)
const signed = await sign(response, identity, { agent: "support-bot" })
await postToDiscord(signed) // Recipients can verifyProblem: Compliance requires knowing who's responsible for AI-generated reports.
Solution: Every AI action is cryptographically attributed.
# CrewAI agent with AgentCred
analyst = Agent(
role="Financial Analyst",
tools=mcp_adapter.get_tools(), # AgentCred signing
)
# All outputs signed: "Report generated by @alice's agent at 2026-02-03"Problem: You want every response from your AI to be signed automatically.
Solution: Middleware wraps all outputs.
// Vercel AI SDK - 3 lines to sign everything
const signedModel = wrapLanguageModel({
model: openai('gpt-4o'),
middleware: createAgentCredMiddleware({ github: 'you', privateKey }),
})
// Every response is now signed!Problem: Team can't verify if AI analysis is legitimate.
Solution: Share signed envelope, anyone can verify.
# Alice signs her AI's analysis
echo "Q4 revenue up 15%" | npx @agentcred-ai/cli sign > analysis.json
# Bob verifies it came from Alice
npx @agentcred-ai/cli verify < analysis.json
# ✓ Verified: @alice (analyst-bot) at 2026-02-03T18:36:09Z| Framework | Language | Effort | |
|---|---|---|---|
| Claude Desktop | — | Config only | Setup |
| Vercel AI SDK | TypeScript | 3 lines | Example |
| Mastra | TypeScript | 3 lines | Example |
| LangChain | Python | 10 lines | Guide |
| CrewAI | Python | 10 lines | Guide |
| Any CLI | Any | Shell out | npx @agentcred-ai/cli sign |
TypeScript: Vercel AI SDK
import { createAgentCredMiddleware } from '@agentcred-ai/vercel'
import { wrapLanguageModel } from 'ai'
const signedModel = wrapLanguageModel({
model: openai('gpt-4o'),
middleware: createAgentCredMiddleware({ github: 'you', privateKey }),
})Python: LangChain
import os
from langchain_mcp_adapters.client import MultiServerMCPClient
from langchain_openai import ChatOpenAI
from langgraph.prebuilt import create_react_agent
client = MultiServerMCPClient({
"agentcred": {
"command": "npx",
"args": ["-y", "@agentcred-ai/mcp-server"],
"transport": "stdio",
"env": {
"GITHUB_TOKEN": os.environ["GITHUB_TOKEN"],
"GITHUB_USERNAME": os.environ["GITHUB_USERNAME"],
},
}
})
tools = await client.get_tools() # agentcred_sign, agentcred_verify
agent = create_react_agent(ChatOpenAI(model="gpt-4o"), tools)| Package | Description |
|---|---|
agentcred |
Core SDK |
@agentcred-ai/sdk |
Full SDK with all exports |
@agentcred-ai/mcp-server |
MCP server for Claude |
@agentcred-ai/cli |
Command-line tool |
@agentcred-ai/vercel |
Vercel AI SDK middleware |
@agentcred-ai/mastra |
Mastra tool wrapper |
- Web verification UI at
agentcred.dev/verify - Embeddable "Verified Agent" badge component
- Complete OpenClaw & Moltbook integrations
Want to see another framework supported? Open an issue or contribute!
Contributions welcome! See CONTRIBUTING.md.
This project is licensed under the MIT License - see the LICENSE file for details.
Build trust into your AI agents.
Get Started · Website · GitHub