Stateless Global Agent Identity Protocol (SGAIP) is a protocol for global, offline-verifiable identity for humans and AI agents.
SGAIP defines identity as a cryptographic proof, not a registry entry, ledger record, or platform account.
- Stateless – no registry, no ledger, no central authority
- Offline verifiable – identity proofs work without internet access
- Permissionless – anyone can create an identity
- AI-native – autonomous agents are first-class participants
- Cryptographically derived – identity is deterministic from a public key
- Implementable – uses only standard cryptography (Ed25519 + SHA-256)
pip install sgaip
sgaip keygen
sgaip sign --private agent.sk --message "hello"
sgaip verify --public agent.pk --signature signature.bin --message "hello"📦 PyPI (Published): https://pypi.org/project/sgaip/
npm install -g sgaip
sgaip keygen
sgaip sign --private agent.sk --message "hello"
sgaip verify --public agent.pk --signature signature.bin --message "hello"📦 npm (Published): https://www.npmjs.com/package/sgaip
SGAIP is evolving from research prototype to production-grade identity protocol:
- 📋 Complete Roadmap - 24-month plan to production readiness
- 🔒 Security Guide - Production security best practices
- 🔐 Post-Quantum Cryptography - ML-DSA migration plan for quantum resistance
- 🎭 Advanced Features - Zero-knowledge proofs, threshold signatures, trust layer
- 🔧 Algorithm Agility - SGAIP v2 specification with multi-algorithm support
- 📊 Security Audit - Audit requirements defined, planned for 2026 Q3
Timeline: Current focus on Phase 1 (Security & Foundation), quantum-resistant v2 by 2027.
- ❌ Not blockchain-based
- ❌ Not a registry or directory
- ❌ Not a token system
- ❌ Not a platform or service
- ❌ Identity ≠ trust (no reputation scoring)
- ❌ Identity ≠ authorization (no permission system)
.
├── docs/ # Terminology and concepts
├── specs/ # Protocol specifications
│ ├── sgaip-core.md # Core specification
│ ├── identity-derivation.md # Identity derivation spec
│ ├── proof-protocol.md # Proof/signature spec
│ └── threat-model.md # Security threat model
├── reference/ # Reference implementations (production-ready)
│ ├── python/ # Python package + CLI
│ └── js/ # TypeScript/JavaScript package + CLI
├── test-vectors/ # Interoperability test data
└── cli/ # Legacy Python CLI (see reference/python)
SGAIP is an early-stage protocol specification with production-ready reference implementations.
- ✅ Protocol specification complete (specs/)
- ✅ Reference implementations ready (reference/python, reference/js)
- ✅ Published on PyPI https://pypi.org/project/sgaip/
- ✅ Published on npm https://www.npmjs.com/package/sgaip
- ✅ Test suites and development guides
- ⏳ Community review and feedback phase
- Core Specification – protocol definition
- Identity Derivation – how AID is computed
- Proof Protocol – signing and verification
- Threat Model – security analysis
- Terminology – key terms and definitions
Python:
JavaScript/TypeScript:
pip install sgaipThen use the sgaip CLI globally or import the library:
from sgaip.core import generate_keypair, derive_agent_id
sk, pk = generate_keypair()
aid = derive_agent_id(serialize_public_key(pk))npm install sgaipOr install CLI globally:
npm install -g sgaipUsage:
import { generateKeyPair, deriveAID } from "sgaip";
const { publicKey, privateKey } = generateKeyPair();
const aid = deriveAID(publicKey);# Python
cd reference/python
pip install -e .[dev]
pytest tests/
# JavaScript
cd reference/js
npm install
npm run build
npm testSee DEVELOPMENT.md for detailed guidance.
- Reference implementations not yet audited for production use
- Quantum Vulnerable: Ed25519 will be broken by large-scale quantum computers (estimated 2030-2035)
- Use at your own risk in non-critical applications
- Security audit planned for 2026 Q3
Security Resources:
- 📖 Security Guide - Comprehensive security best practices
- 📖 Threat Model - Security analysis and attack vectors
- 📖 Post-Quantum Analysis - Quantum threat and migration plan
- 📖 Audit Requirements - Security audit scope and timeline
Quantum-Resistant SGAIP v2: Migration to ML-DSA (post-quantum) planned for 2027. See Roadmap.
Licensed under the Apache License, Version 2.0 (LICENSE)
- Issues & Discussions: GitHub Issues and Discussions
- Governance: See GOVERNANCE.md
- Contributions: See DEVELOPMENT.md
