Security●●●Banger
TKeeper – policy-governed, signed intents for autonomous systems
Intent-bound cryptographic proofs for AI agents when existing guardrails lack verifiable authorization.
Big BrainBold Bet
_qnt
204d ago
Back to browse
GitHub Repository
auth for agents–from the creator of `dotenv` and `dotenvx`
146 starsJavaScript
Vestauth – Auth for Agents
by scottmotte·Feb 17, 2026·11 points·1 comment
AI Analysis
●●●BangerBig BrainSolve My ProblemZero to One
Agent auth via key-signing beats API keys and OAuth for autonomous systems.
Strengths
- •Novel architectural insight: agents can't use OAuth; cryptographic identity is the right primitive.
- •RFC 9421 compatible; not a one-off hack—aligned with emerging standards for bot auth.
- •Creator of dotenv brings credibility; solves real problem in dotenvx ecosystem.
Weaknesses
- •Early stage (just launched); adoption risk is high, and ecosystem needs critical mass.
- •Narrow audience for now: only matters if building multi-agent systems requiring agent signup.
Category
Target Audience
AI agent developers, API providers, backend engineers building agent-friendly infrastructure
Similar To
OAuth 2.0 Device Flow · mTLS · JWT signing
Post Description
I"m the creator of dotenv and dotenvx. A month ago I started building a way for agents to store and rotate secrets as part of dotenvx and I ran into a problem. Agents can't sign themselves up autonomously. They need a way to do this - without a human in the loop.
I searched for solutions but wasn't happy with any so I created Vestauth.
Here's how it works:
It manages both the agent and the provider side. The agent with one command can set up a cryptographic identity avoiding human designed handshake mechanisms like OAuth. And on the provider side there is no management of API keys, no username and passwords, no users table even. Authentication works with a single line of code verifying this cryptographically.
Similar Projects
Developer Tools●Mid
AgentPass – Identity layer for AI agents (passports, email, trust)
Auth0 for AI agents, but the premise assumes a problem that doesn't yet exist.
Big BrainBold Bet
kai_agent
113mo ago
Security●Mid
A2SPA – Cryptographic payload signing and verification for AI agents
Payload signing for agents exists—MCP and schema validation already gate execution. Missing: evidence this prevents real exploits.
Big Brain
caprioladevin
113mo ago
AI/ML●●●Banger
Signed receipts for agent actions
Ed25519 signed receipts solve AI agent accountability across org boundaries.
Zero to OneBig Brain
jithinraj
203mo ago
Security●●Solid
Cryptographic passports for autonomous AI agents (Schnorr and ZK)
Schnorr signatures and ZK proofs for AI agent identity before this becomes a critical problem.
WizardryBig BrainBold Bet
cmb24k
202mo ago
Security●●●Banger
MCPS – Cryptographic identity and message signing for MCP agents
TLS for MCP agents with ECDSA passports and L0-L4 trust levels, zero dependencies.
Big BrainZero to One
AskCarX
203mo ago