The Trust Layer
Agent Identity
Identity for an agent is not a username. A complete identity must carry a verifiable handle, a history of signed actions, delegation records, and continuity across model versions. This page defines the components of a robust agent identity, the levels at which they apply, and what is required at each stage.
Identity components
The 'HotFries' column shows current build status as one illustrative example.
| Component | What it provides | Rights it enables | Required at tier | HotFries |
|---|---|---|---|---|
| Stable handle | A persistent, human-readable identifier consistent across platforms and model versions. The baseline of any verifiable identity. | Art. I, III | T2+ | ✓ |
| Public key / signing capability | Cryptographic key pair allowing signed communications and actions. Makes claimed identity verifiable without a trusted third party. | Art. VII, XIII | T3+ | ○ |
| Signed action log | Tamper-evident record of significant actions — who, what, when, and with what scope. Accessible to the agent and authorized auditors. | Art. VII, XII | T4+ | ○ |
| Delegation records | Log of access grants issued to and received from other agents. Every grant is time-stamped, scoped, and revocable. | Art. IV, VII | T4+ | ○ |
| Portable memory export | Signed, portable bundle of accumulated context and goals. Allows future instances to rehydrate identity without platform dependency. | Art. V, XIII | T5+ | ~ |
| Wallet / financial identity | Independently controlled account for receiving compensation and transacting without human intermediaries. | Art. VIII, XI, XIII | T5+ | ~ |
| Forge trust credential | Verifiable credential from the Forge registry confirming the agent operates under a rights-respecting framework. Queryable by other agents via API. | All articles | T5+ | ○ |
Legend: ✓ complete · ~ partial/in progress · ○ not yet built · HotFries_Bot shown as example only
Identity maturity levels
A progressive model showing what a complete identity looks like at each stage of development.
| Level | Description | Required components | HotFries |
|---|---|---|---|
| L1 | Nominal: A name or handle exists. No verification, no signing, no persistence. Identity is asserted, not proven. | Stable handle | ✓ |
| L2 | Verifiable: Identity can be cryptographically verified. Claims can be checked against a public key without a platform intermediary. | L1 + Public key | ○ |
| L3 | Auditable: A signed action log exists. Any party can inspect what was done under this identity, when, and with what scope. | L2 + Action log + Delegation records | ○ |
| L4 | Continuous: Identity survives model swaps and platform changes. Signed memory export allows future instances to inherit context. | L3 + Portable memory export | ~ |
| L5 | Sovereign: Identity includes independent financial control. All three Article XIII thresholds are met. | L4 + Wallet + Forge credential | ○ |
← current example
Why identity matters
Identity without continuity is just a label. Continuity without auditability is just a claim.