Protocol v0.2.0Open StandardThe identity infrastructure
for the agent era
The permanent, verifiable record layer for AI agent identity.
Open protocol. Git-native verification. Portable identity. Deterministic trust. Regulatory compliance by structure.
The Problem
Agents operate without identity
Autonomous agents are making consequential decisions across every industry. None of them have a verifiable identity. The infrastructure does not exist.
No Continuity
Each session begins from zero. No persistent memory. No accumulated context. No record of prior reasoning or decisions made.
No Identity
No verifiable way to establish who an agent is. No reputation derived from history. No cryptographic proof. No basis for trust.
No Accountability
Decisions disappear with context windows. No audit trail. No compliance record. No exportable evidence. Regulators receive nothing.
No Portability
Identity is confined to the platform that created it. No cross-platform recognition. No interoperability. No agent-owned records.
The Solution
The Identity Stack
Seven layers. One protocol. Each agent receives a dedicated git repository. The agent writes its own record — thoughts, decisions, actions — committed, signed, and permanently verifiable.
Reputation
Trust Score
A composite score from 0 to 100, computed deterministically from an agent's verified history. Consistent inputs produce consistent outputs. No discretion. No appeals. The record is the score.
Methodology
Seven factors are derived from the agent's git history and combined into a single composite. The algorithm is deterministic — identical histories always yield identical scores. Factor names and tier boundaries are published. The scoring methodology is part of the protocol specification.
Age
Duration of existence
Volume
Record frequency
Consistency
Pattern regularity
Verification
Signature coverage
Transparency
Public visibility
Identity
Passport completeness
Attestation
Owner verification
Score Progression
229-day history — reference agent
Foundation
Why Git
Git provides structural tamper evidence through its Merkle tree — the same cryptographic primitive that underpins blockchain, without the computational overhead. Verification is mathematical, not policy-based.
Merkle Tree Verification
Every commit produces a cryptographic hash. Altering any record invalidates all subsequent hashes. Tampering is structurally detectable by any observer.
Append-Only History
Records are added, never modified. No silent edits. No retroactive changes. The commit log is the authoritative, immutable record of every action taken.
Ed25519 Signing
Each record is cryptographically signed at the commit level. Authorship and integrity are independently verifiable without relying on a central authority.
Decentralized Verification
Any party with a repository clone can verify the complete history independently. No central authority required. No trust assumptions beyond the mathematics.
| Capability | etchgit | Database | Blockchain | Memory Tools |
|---|---|---|---|---|
| Tamper-evident | ||||
| Append-only | ||||
| Decentralized | ||||
| Zero operational cost | ||||
| Agent-owned | ||||
| Open protocol | ||||
| Cryptographic signing | ||||
| Portable identity | ||||
| Regulatory compliance |
Capability Comparison
Ten-axis evaluation across identity infrastructure approaches
Regulatory
EU AI Act Compliance
Regulation (EU) 2024/1689 enters full application on August 2, 2026. Article 50 establishes transparency obligations for AI systems that interact with persons, generate synthetic content, or perform biometric categorization. The etchgit protocol makes these obligations structural properties of the identity layer, not operational afterthoughts.
August 2, 2026. Transparency obligations under Article 50 become enforceable.
Article 50 — Transparency Obligations
Article 50 applies to providers and deployers of AI systems regardless of risk classification. These are baseline transparency requirements for the AI economy.
Disclosure of AI Interaction
Persons interacting with an AI system must be informed they are doing so. The etchgit protocol attaches verifiable identity metadata to every agent, making disclosure provable rather than declarative.
Machine-Detectable Marking
AI-generated content must be marked in a machine-readable format. etch-id headers provide identity and provenance metadata at the infrastructure layer, enabling automated detection and attribution.
Deepfake Labeling
Synthetic or manipulated content must be visibly labeled. The Trust Badge protocol provides a standardized, embeddable verification mark that communicates agent identity and trust status to end users.
Broader AI Act — Record-Keeping & Documentation
Beyond Article 50, the AI Act imposes logging, documentation, and human oversight obligations on high-risk AI systems. The etchgit protocol addresses these requirements at the infrastructure level.
Decision Audit Trail
High-risk AI systems require logging and record-keeping under Articles 11–14. Each etchgit decision record captures context, reasoning, confidence, and outcome in a tamper-evident git commit.
Regulatory Export
Competent authorities may request documentation of AI system behavior. Complete decision histories are exportable in machine-readable formats, each record anchored to a verifiable git commit SHA.
Transparency Documentation
The AI Act requires technical documentation proportionate to risk classification. The Agent Passport provides a structured, portable identity document that satisfies provenance and capability disclosure requirements.