AI agents already interoperate between platforms, getting spun up and torn down by the thousands. But when one departs, there's no record - no portable proof beyond non-standardized internal platform logs. When one arrives somewhere new, there's no way to verify where it came from. Which means no unified tracking on multi-hops or complex calls between several platforms in an agent's lifecycle. Nobody knows the full picture, and nobody can track security if and when one of those agents starts doing something it shouldn't.
Think of our protocol as passport stamps for AI. EXIT creates signed departure records. ENTRY handles admission with policy-based verification, quarantine, and counter-signatures. Together they form the Passage Protocol.
This matters for boring, practical reasons: insurance underwriters can't price agent risk without departure history. GDPR requires erasure proof when agents carry PII across borders. Liability after an incident depends on departure conditions nobody records. And the receiving platform has no structured way to decide whether to trust an arriving agent. If you cant bound risk, you can't price reputation - and you can't insure security.
Transport stamps are our foundational layer (L0). Reputation scoring, trust systems, and insurance protocols compose on top. We deliberately didn't build those (yet) - but we built the plumbing they need. Everything an AI-led internet needs to build stable, auditable and self-regulated network security incentives - even if that might soon be moving faster than we can keep up with.
The same infrastructure has been needed for shipping receipts, professional licensing, vehicle registration, and internet domains - historically, this kind of infrastructure only really gets adopted after a major crisis. We'd prefer to get it in place before.
What's in the box:
- Ed25519 + P-256 (FIPS-compliant path)
- Three departure paths: cooperative, unilateral, emergency
- Policy engine with 7 admission presets (fail-closed default)
- Amendment and revocation (correct or invalidate records)
- GDPR erasure via crypto-shredding
- Offline verification without the origin platform
- On-chain anchoring via EAS, ERC-8004, Sign Protocol
- TypeScript and Python SDKs
- LangChain, Vercel AI SDK, MCP, Eliza integrations
What we're forcing the conversation on: agent lifecycle infrastructure. Today, the only "safe" option for running agents is containment, and containment doesn't scale. If you make departure and admission auditable, you make mobility viable. Without lifecycle records, only organizations with legal teams big enough to absorb unbounded liability will run agents. That's three companies. Maybe four.
- Submitted to NIST AI Agent Standards Initiative, March 2026
- 1,401 tests across 13 packages
- TypeScript + Python
- Zero users. This is day one.
1 comment
[ 657 ms ] story [ 191 ms ] threadThink of our protocol as passport stamps for AI. EXIT creates signed departure records. ENTRY handles admission with policy-based verification, quarantine, and counter-signatures. Together they form the Passage Protocol.
This matters for boring, practical reasons: insurance underwriters can't price agent risk without departure history. GDPR requires erasure proof when agents carry PII across borders. Liability after an incident depends on departure conditions nobody records. And the receiving platform has no structured way to decide whether to trust an arriving agent. If you cant bound risk, you can't price reputation - and you can't insure security.
Transport stamps are our foundational layer (L0). Reputation scoring, trust systems, and insurance protocols compose on top. We deliberately didn't build those (yet) - but we built the plumbing they need. Everything an AI-led internet needs to build stable, auditable and self-regulated network security incentives - even if that might soon be moving faster than we can keep up with.
The same infrastructure has been needed for shipping receipts, professional licensing, vehicle registration, and internet domains - historically, this kind of infrastructure only really gets adopted after a major crisis. We'd prefer to get it in place before.
What's in the box:
- Ed25519 + P-256 (FIPS-compliant path) - Three departure paths: cooperative, unilateral, emergency - Policy engine with 7 admission presets (fail-closed default) - Amendment and revocation (correct or invalidate records) - GDPR erasure via crypto-shredding - Offline verification without the origin platform - On-chain anchoring via EAS, ERC-8004, Sign Protocol - TypeScript and Python SDKs - LangChain, Vercel AI SDK, MCP, Eliza integrations
What we're forcing the conversation on: agent lifecycle infrastructure. Today, the only "safe" option for running agents is containment, and containment doesn't scale. If you make departure and admission auditable, you make mobility viable. Without lifecycle records, only organizations with legal teams big enough to absorb unbounded liability will run agents. That's three companies. Maybe four.
- Submitted to NIST AI Agent Standards Initiative, March 2026 - 1,401 tests across 13 packages - TypeScript + Python - Zero users. This is day one.
Apache 2.0 · 14 repos · cellar-door.dev