The primitive · open standard

VAID

A VAID is a portable identity bound to an action an agent takes. It says who acted, with what authority, and who issued that authority – and any party can check it on sight, with no shared trust domain and no service in between.

What it isThe open standard for verifiable agent identity
LicenseApache-2.0 · spec + reference SDKs
Signing pathRFC 8785 JCS → SHA-256 → Ed25519
InteropRust + Python, byte-for-byte identical
01The outcome
Before

Every agent action that needs trust across a system boundary takes a bespoke integration or a shared secret. Verifying who did what means being inside the same trust domain, or negotiating a federation agreement first.

After

Any party can verify who did what, and with what authority, by checking one signature – with no shared trust domain, no prior relationship, and no service to call.

That single, portable, independently-checkable proof is the primitive the whole category is missing – and the unit SYNTHERA and every tenant is built on.

02How it works

Think of it like a passport, bound to an action.

A passport says who you are and who vouches for you, and a border officer can check it without calling your home country. A VAID does the same for an agent action: it states the acting identity, the authority it carries, and its lineage – and it carries its own cryptographic proof, so a verifier checks the signature, not the claim.

This isn't a diagram of verification. It's the real thing, running in your browser: the actual VAID proof-of-possession path against the standard's frozen conformance vector.

Fig · Live verification (runs in your browser)
The signed request

A VAID binds an action to a signature. The reference request below verifies against a real, frozen Ed25519 signature. Type one character into the body and the proof breaks – that is the point.

The proof-of-possession path
  1. JCS canonicalize
  2. SHA-256 digest
  3. Ed25519 verify
Ready Verifying the reference request…

Real Ed25519 + SHA-256 + RFC 8785 canonicalization, checked against the VAID conformance vector.

TWO LANGUAGES, ONE VECTOR

Interop, made concrete

The Rust and Python reference SDKs reproduce the same SHA-256 digest and the same Ed25519 signature from the same fixed inputs, with no shared runtime between them. That frozen vector – the one this demo just checked – is the interoperability guarantee, proven rather than claimed.

WHAT STAYS COMMERCIAL

Scope is a statement

The open standard now includes the signing and verification contract and an open reference mint – issuance, delegation and attenuation. What stays commercial is the hosted authority that runs a mint in production: durable revocation, KMS-backed keys and the audit-of-record, plus the policy language for what a VAID may do and the mesh and federation control plane. The reference mint proves the shape; it is not that authority.

03In detail

Here's precisely what that signature covers – the exact payload, canonicalization and headers the demo just verified, and the guarantees they buy.

01

Cryptographically signed

Identity is proven, not asserted. A verifier checks one Ed25519 signature over a canonical form – no trust in the sender required.

02

Capability-scoped

The payload binds the exact method, path and body of the action. A signature for one request is useless on any other.

03

Lineage-tracked

Identity and tenant are derived from the verified VAID, never from a body-asserted field – so a caller can only ever act as itself.

The signed request

A holder signs a small, exact payload – seven fields, no more, no less – then attaches four headers. The signature covers the canonical bytes of that payload.

canonical path
payload  = { vaidId, method, path,
            bodySha256, tenantId,
            timestamp, clientNonce }
canonical = RFC 8785 JCS(payload)
digest    = SHA-256(canonical)
signature = Ed25519(digest)   # over the 32-byte digest
request headers
x-synthera-vaid:      base64(VAID)
x-synthera-timestamp: 2026-06-04T12:00:00Z
x-synthera-nonce:     0123…cdef
x-synthera-signature: base64(Ed25519 sig)
What's open, and what isn't The standard and its two reference signers are open source (Apache-2.0): the canonicalization primitive, the request payload, and the identity types it binds. There is no server, no database or runtime to stand up – you add the Rust crates or install the Python package and call them; nothing else is required to verify a VAID. The hosted authority that issues and revokes identities, the policy engine, the federation layer and the audit-of-record are the commercial SYNTHERA foundation – and none of them are needed to verify a VAID.

Get VAID

The reference implementation is open source under Apache-2.0. Source: github.com/solara-associates/vaid

Rust
cargo add vaid-pop
cargo add vaid-client
cargo add vaid-mint
Python
pip install vaid-pop
pip install vaid-mint
pip install vaid-langchain

SYNTHERA is the trust layer for multi-agent systems: every agent gets a verifiable identity, scoped authority and a tamper-evident record, so software from different teams, vendors and frameworks can act on each other’s behalf without custom glue between every pair.

Join the first cohort shaping the VAID spec.

VAID is an interoperability contract. If you're building on agent identity, help shape the standard as it evolves.

Join the first cohort