From alien-agent-id
Provides verifiable agent identity (Ed25519, multi-level assurance), an encrypted credential vault, and a localhost proxy that injects secrets by name so the agent never sees them. Useful for credential management, identity proofs, and secure browser or blockchain interactions.
How this skill is triggered — by the user, by Claude, or both
Slash command
/alien-agent-id:agent-idThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
This is the **portable, harness-neutral** entry point. The Claude Code plugins are a
This is the portable, harness-neutral entry point. The Claude Code plugins are a
skin; underneath, every capability is a plain Node CLI plus a localhost HTTP
proxy that read/write state under ~/.agent-id. Load this skill in any
Agent-Skills-aware harness, or read it as the integration contract for a custom one.
Two other directions exist:
docs/INTEGRATION.md— how a service adds Alien auth;docs/VAULT-PROXY.md— the vault/proxy internals + threat model. Per-capability detail lives in eachplugins/agent-id-<x>/skills/agent-id-<x>/SKILL.md.
~/.agent-id; override per command with --state-dir
or AGENT_ID_STATE_DIR).plugins/<name>/bin/cli.mjs (relative to the cloned
repo root). They take flags, act on the state dir, and print JSON to stdout.The agent never needs a secret — only (a) the ability to run a few node …/cli.mjs
commands and (b) the proxy URL.
# Node 18+ (built-in fetch/WebCrypto). No Claude Code required.
git clone https://github.com/alien-id/agent-id.git && cd agent-id
# a) Agent identity — offline, usable immediately at L0 (self-asserted).
node plugins/agent-id-core/bin/cli.mjs init # → {fingerprint, publicKeyPem}
node plugins/agent-id-core/bin/cli.mjs status # → {level:0, assurance:"self-asserted"}
# Human attestation (L1 anonymous / L2 linked) needs the Alien SSO:
# …/agent-id-core/bin/cli.mjs bootstrap --provider-address <addr>
# b) Vault — choose how it unlocks.
node plugins/agent-id-vault/bin/cli.mjs init --unlock passkey # Touch ID; agent can't self-unlock
# or --unlock passphrase (secure form, dev mode) · plain init == --unlock agent-key (auto)
# c) Credentials — host-scoped (default-deny); value never hits argv/transcript.
node plugins/agent-id-vault/bin/cli.mjs add --name github-pat --type bearer \
--domains '*.github.com,api.github.com' --value-file /tmp/tok
node plugins/agent-id-vault/bin/cli.mjs add --name openai-key --type header \
--header-name X-Api-Key --domains api.openai.com --form # human types it into a localhost form
AGENT_ID_NO_BROWSER=1 makes any form/ceremony print its URL instead of opening a
browser (headless / SSH-tunnel use).
node plugins/agent-id-proxy/bin/cli.mjs start --port 48771 # agent-key unlock, else /dev/tty
# Hard boundary (agent can't self-unlock): a human unlocks once per session —
node plugins/agent-id-proxy/bin/cli.mjs start --unlock-form # passphrase or passkey ceremony
Mode 1 — URL-rewrite (recommended, universal, HTTPS upstreams). The agent calls a local URL naming the credential and the real upstream; the proxy validates the host against that credential's allowlist, injects the secret, and forwards over HTTPS:
http://<proxy-host>:<port>/<credential-name>/<upstream-host>/<path>
curl http://localhost:48771/github-pat/api.github.com/user
curl -X POST http://localhost:48771/openai-key/api.openai.com/v1/chat/completions \
-H 'content-type: application/json' -d '{"model":"...","messages":[...]}'
Wallet credentials (solana-keypair/evm-keypair) are signed inside the proxy:
the agent submits an unsigned JSON-RPC tx and the proxy fills the signature.
Mode 2 (HTTP_PROXY + Authorization: AgentVault <name> stub) is the legacy
plain-HTTP fallback. Full per-type table → docs/VAULT-PROXY.md.
You have a credential proxy at
http://localhost:48771. To call a service that needs a secret, requesthttp://localhost:48771/<credential-name>/<host>/<path>— never ask for or handle the secret itself. Available credentials:github-pat(api.github.com),openai-key(api.openai.com), … Errors return JSON with anerrorfield (credential_not_found,host_not_allowed,vault_locked).
# Inject into a child process's ENV, or a temp 0600 key FILE (env-var-auth tools):
node plugins/agent-id-vault/bin/cli.mjs exec --env OPENAI_API_KEY=openai-key.value -- python train.py
node plugins/agent-id-vault/bin/cli.mjs exec --file GIT_SSH_KEY=deploy-key.value -- \
sh -c 'GIT_SSH_COMMAND="ssh -i $GIT_SSH_KEY -o IdentitiesOnly=yes" git fetch'
# Logged-in browser sealed in the vault; SSH-signed commits; DPoP service calls:
node plugins/agent-id-browser/bin/cli.mjs login --name x --url https://x.com # headed, one-time
node plugins/agent-id-git/bin/cli.mjs commit --message "..." --push
node plugins/agent-id-auth/bin/cli.mjs call --url https://service/op --method POST --body '{...}'
| Claude Code piece | Did | Your harness equivalent |
|---|---|---|
SKILL.md description | Auto-surfaced the capability | This file + per-plugin SKILL.md bodies, in your system prompt / skills dir |
allowed-tools | Gated which commands ran | Your harness must gate this (see Security) |
| SessionStart hook | Popped the unlock form per session | Call proxy start --unlock-form at session start |
| Install hook | Auto-installed patchright | Run it once, or cd plugins/agent-id-browser && npm install; browser cmds also auto-install into --plugin-data <dir> |
${CLAUDE_PLUGIN_DATA} | Browser's writable dir | Pass --plugin-data <dir> to browser commands (only that plugin needs it) |
vault show / vault exec / vault add are agent-invocable and DO surface or set
secrets. On Claude Code allowed-tools blocks them; your harness must apply the
same gate. Treat …/agent-id-vault/bin/cli.mjs as privileged; treat proxy URL
calls as unprivileged.--unlock passkey|passphrase (and proxy --unlock-form)
need a human; --unlock agent-key lets the agent auto-unlock. Pick per stakes.--idle-timeout (default 12h) →
401 {error:"vault_locked"} until re-unlocked.--help on any CLI)| Plugin | CLI | Key commands |
|---|---|---|
| core | agent-id-core/bin/cli.mjs | init, bootstrap, status, refresh, sign, verify, export-proof |
| vault | agent-id-vault/bin/cli.mjs | init --unlock …, add, generate, show, list, remove, exec, rekey, export, import, migrate |
| proxy | agent-id-proxy/bin/cli.mjs | start, status, stop, pair, autounlock |
| browser | agent-id-browser/bin/cli.mjs | login, read, fetch, status, open/snapshot/click/type/… |
| git | agent-id-git/bin/cli.mjs | setup, commit, verify |
| auth | agent-id-auth/bin/cli.mjs | call, header, discover, capabilities, support |
npx claudepluginhub alien-id/agent-id --plugin agent-id-browserManages agent identities and outbound authentication providers (API keys, OAuth2) for external services like OpenAI, Google, and Slack on the GreenNode AgentBase platform.
Signs AI agent actions with cryptographic identity (DIDs, Verifiable Credentials) using Vouch Protocol's shared Rust core. Provides Python, TypeScript, Go SDKs for agent identity, intent attestation, and post-quantum proof support.
Brokers credentials for downstream services (OpenAI, Anthropic, GitHub, Lark, custom APIs, SSH, MCP) so the agent never sees raw API keys or OAuth tokens. Use the `nyxid` CLI to discover services and make proxy requests.