AgentEnvelope replaces issued permission with derived authority.

AI agents need permission to call APIs, write data, send messages, and trigger workflows. The usual answer is a token. AgentEnvelope uses a different model: authority is derived from a protected root, scoped to an agent, bounded by time, and spent through single-use action slots.

Stolen credentials

A token held by an agent becomes a target. If it leaks, the attacker inherits that authority until someone notices.

Revocation systems

Cancelling a token requires an online, reachable authority store. At agent scale, that store becomes critical infrastructure.

Stateful limits

Usage counters need synchronisation. Synchronisation adds latency, failure modes, and operational surface area.

What changes

AgentEnvelope is not an orchestration framework. It is the authority layer underneath one: the part that answers whether an agent has the right to take a specific action, right now.

Derived identities

Each agent identity is derived from a protected root, with scope and time encoded into the authority material.

Single-use slots

Action budgets are represented as derived slots. If a slot was never derived, that action cannot exist.

Local verification

A verifier checks the signature and parameters without trusting a live issuer for every action.

Isolated compromise

A child identity cannot recover its parent, and sibling agents cannot infer each other.

REST surface

Calls that require the system API key should be routed through server-side application code. The browser console never receives the key.

Base URL
https://jemdjwteae.execute-api.us-east-1.amazonaws.com/v1
POST/agentsCreate a scoped agent with budget and expiry.
GET/agents/:agentIdRead the public agent record.
GET/agents/:agentId/decayCheck remaining time and action slots.
POST/agents/:agentId/signSign a payload and consume one action slot.
POST/verifyVerify a derived action signature.