Skip to main content
Agent trust

Know the agent. Trust the money.

CodeSpar issues verifiable identity for AI agents. Every agent gets a cryptographic keypair, a DID, and a dual-signed spend mandate tied to a KYC-verified principal. Anyone can verify it. Nobody has to ask us.

KYA, the money side

Know Your Agent is becoming the trust framework of the agent economy.

Access-layer KYA answers one question: can this agent enter? Useful, but it stops at the door.

CodeSpar's credential answers the harder one: can this agent spend this amount, for this purpose, on whose behalf?

Carried in the credential

Agent key

An Ed25519 public key, rotatable, that signs every action the agent takes.

Issuer signature

CodeSpar signs the credential as issuer, so the claims are attested, not self-declared.

KYC-verified principal

A reference to the verified person or company the agent acts for. The credential exposes the fact of verification, never the documents.

Spend scope

The amount, currency, purposes, and expiry the agent is authorized for. Nothing beyond it.

Grounded in settled transactions and fiscal documents, not self-attestation.

Verify without calling us

The mandate verifies offline. About ten lines of code, no API key, no call to CodeSpar.

The spend mandate is dual-signed: by the agent's key and by CodeSpar as issuer. Anyone holding the agent's public key can check the signature over the canonical string locally, and decide to trust the money without asking us for permission.

verify-mandate.mjsillustrative
// No API key. No call to CodeSpar. Just the agent's public key.
import { verify } from "node:crypto";

const ok = verify(
  null,                              // Ed25519 uses no digest
  Buffer.from(mandate.canonical),    // did:web:...|BRL|50000|refunds|2026-12-31
  agentPublicKeyPem,              // from GET /v1/agents/:did/did.json
  Buffer.from(mandate.signature, "base64"),
);

// ok === true  ->  authorized to spend within this scope.

Illustrative. Verifying an Ed25519 mandate signature with the Node standard library.

Live public endpoints
Base URL: api.codespar.dev
GET /v1/agents/:did

Status, public keys, and a principal-KYC boolean. Never the underlying documents.

GET /v1/agents/:did/did.json

The W3C DID document. Every agent publishes one; it is served here on api.codespar.dev today.

GET /v1/agents/:did/reputation

A reputation score signed by the platform issuer key, pinned to the head of the tamper-evident audit chain.

GET /v1/agents/:did/erc8004

The same identity and reputation, shaped as an ERC-8004 export.

Every agent publishes a W3C DID document. It is served today at GET /v1/agents/:did/did.json on api.codespar.dev, so anyone can fetch the agent's keys and principal reference directly.

How to verify an agent

Three steps, and you never take our word for it.

Verification is a public read, not a favor we grant. Here is what each step proves and where the proof comes from.

  1. Paste a DID

    Drop an agent's DID into the box below, or open its passport page. The DID resolves to a document served on the public API, so the lookup starts and ends in the open.

  2. Read what the DID document proves

    The DID document lists the agent's Ed25519 public keys as JsonWebKey2020 entries and a reference to the KYC-verified principal. With a key in hand you can check any signature the agent produced, offline.

  3. Read what the reputation proves

    The reputation attestation is signed by the CodeSpar issuer key and pinned to the head of a tamper-evident audit chain. It reports mechanics you can re-check, not a rating you have to trust.

Try it now

Verify a live agent

Paste an agent DID. We read the public identity and reputation endpoints and show you what they return. No account, no key.

Example
Reputation you can check

Reputation derived from what happened, not from reviews.

An agent's reputation comes from its hash-chained audit trail: settled payments, delivered receipts, exceptions, revocations, and approval reliability. The score is a signed attestation, and it is portable as an ERC-8004 export.

The mechanism is live today. Reputation deepens as governed volume flows through it.

What feeds the score
  • Settled payments
  • Delivered receipts
  • Exceptions
  • Revocations
  • Approval reliability
Standards, not an island

Built on open standards, not a private format.

Identity is a W3C DID (did:web) with an Ed25519 key. Reputation exports to ERC-8004. Execution runs across several agent-payment protocols, so the credential is never tied to any one of them.

Identity and reputation
W3C DID (did:web)Ed25519ERC-8004 export
Execution protocols
MCPAP2ACPx402UCP

Know the agent. Trust the money.

Read the public API and verify an agent yourself, or talk to us about issuing identity for your agents.

Know Your Agent (KYA): verifiable identity for AI agents | CodeSpar