Proposal: Cryptographic Identity Layer via Works With Agents Identity Protocol (re: #70)

[vystartasv]

Problem

#70 raises the need for "cryptographic identity layer for gitagent manifests." Agreed — without verifiable identity, agent manifests are self-asserted claims with no trust anchor.

Proposed Solution

The Works With Agents Identity Protocol (L2, CC BY 4.0) provides exactly this: Ed25519 keypairs, signed capability manifests, and verifiable agent identity bound to git commits.

How it maps to gitagent:

gitagent manifest.json + Identity Protocol =
  {
    "agent": { ... your existing fields ... },
    "identity": {
      "public_key": "ed25519:abc123...",
      "signature": "base64_signature_of_manifest_hash",
      "capabilities": ["tool:filesystem", "tool:network"]
    }
  }

Agent signs its manifest → manifest is committed to git → anyone can verify. No centralized PKI. No blockchain. Just Ed25519 + git.

Reference implementation (Python, 30 lines):

from works_with_agents import IdentityProtocol
agent = IdentityProtocol.create_agent("my-agent")
agent.sign_manifest("agent.json")
# ✅ agent.json now includes public_key + signature

import { IdentityProtocol } from '@works-with-agents/sdk';
const agent = IdentityProtocol.createAgent('my-agent');
agent.signManifest('agent.json');

Why it matters:

• gitagent manifests become verifiable, not just declarative
• Enterprise adoption: auditors can cryptographically verify which agent did what
• Zero new dependencies — Ed25519 is in every language's stdlib or one package away

Resources:

• Spec: https://workswithagents.dev/specs/identity.md
• Python SDK: pip install works-with-agents
• TypeScript SDK: npm install @works-with-agents/sdk
• Full OSI reference: 6 languages (Python, TS, Go, C#, Rust, Shell)

Would a PR demonstrating this integration be welcome? Happy to follow your contribution process.

[vystartasv]

PR opened: #76 implements this with an identity.yaml file convention + JSON Schema. Maps 1:1 to the Identity Protocol.