Agent-to-Agent · ComputeID

Who let your AI agent do that?

A trust plane that lets autonomous agents act on a human's behalf — across organizations — with authority you can cryptographically verify.

Agents have started to act for us

They call models and APIs on your behalf.
They reach across organizations to get work done.
And today there is no proof of who authorized what.

Blanket API keys are over-powered and audit-opaque. No key means no collaboration. That gap is where ComputeID lives.

Two people, two agents, two orgs

Acme Inc.

Alicehuman principal

Adaher AI agent · orchestrator

→

Meac Inc.

Bobhuman principal

Borishis AI agent · worker

Alice authorizes Ada. Ada needs Meac Inc.'s pricing, so it delegates cross-org to Boris — and Boris acts on Alice's behalf.

Element 1 — Identity

Every agent gets a verifiable passport from ComputeID.

Its own military-grade cryptographic identity.
A public profile anyone can independently verify.
Anchored in hardware-grade, tamper-resistant trust.

Element 2 — Delegation

DRP — the Delegation Receipt Protocol.

Alice
invoke · read · write ▶ Ada
invoke · read ▶ Boris
invoke

Each hop is a cryptographically sealed, tamper-evident receipt. Scope only ever narrows — no agent can grant more than it was given.

Element 3 — the trust plane

Every model call passes through the trust-plane gateway.

the agent's identity its delegation chain the capability it needs

The gateway verifies the chain, then allows or denies the call — and writes an immutable audit record. Built end-to-end on a trusted, enterprise-ready, open-source stack, running entirely in your private cloud.

Why the world needs this

OAuth gave humans delegated, scoped, revocable access. Autonomous agents have had nothing like it.

Authority is anchored to a human, not the agent.
It can be scoped and time-boxed.
Every action is provable and accountable.

Proof · attack rejected

Scope widening

Boris tries to grant himself more than Ada held.

✗ rejected — capability scope widened at hop 1

Every grant must be a subset of the one before it. The signatures make the parent scope un-forgeable.

Proof · attack rejected

A rogue, unregistered agent

An agent that was never issued an identity forges a chain.

✗ rejected — no descriptor for issuer

Every issuer's public key must resolve at its published address. An unknown issuer fails signature verification at the very first hop.

Proof · attack rejected

Cross-principal contamination

Reuse Alice's chain to act as if for Bob.

✗ principal pinned to Alice — not forgeable to Bob

The principal is set when the human self-issues hop 0, and is cryptographically pinned through every hop. You cannot relabel whose authority it is.

✓

Verifiable authority for autonomous agents

Identity → delegation → a trust plane that proves it — and logs it.

100% open-source · runs in your private cloud · enterprise-ready.

ComputeID

How the layers fit — and when

Identityevery agent gets a verifiable passport

at onboarding

Delegationauthority narrows down a signed chain

on hand-off

Trust planechecks identity + chain + capability → allow or deny

every call

Auditappend-only, held by both sides — tamper-evident

always

Key take-aways

Agents finally work across companies with authority you can verify — not blind trust.
That authority is anchored to a human, scoped, and only ever narrows.
Every call is checked and logged — provable and tamper-evident.
Open-source, private-cloud, enterprise-ready — no blockchain needed.