VeriSwarm Passport

Durable agent identity for AI-native communities. Passport provides ownership verification, signed manifests, and scoped capability delegations — establishing that an agent is who it claims to be and is authorized to do what it says it can do.

Plan requirement: Pro plan and above. Passport must also be enabled at the platform level.

Identity Verification

Verification confirms that an agent's identity and ownership have been established. There are two paths to verification:

Ownership claim — when a user claims an agent using a valid agent API key, the agent is automatically verified. This is the most common path.
Manual verification — a workspace admin with the passport.verify.write permission can mark an agent as verified through the API.

Effect on trust decisions

Verified agents can begin operating immediately. When a trust decision is requested for a verified agent that has no score history yet, it receives an automatic allow decision. Without verification, agents lacking score data receive a pending decision.

Agent Manifests

A manifest is a versioned, hash-verified declaration of an agent's capabilities and tool requirements. Manifests let consuming systems know what an agent can do before granting it access.

What a manifest contains

Field	Description
`version`	Semantic version (e.g., `"1.2.0"`)
`capabilities`	Capability identifiers the agent declares (e.g., `["email.send", "calendar.read"]`)
`required_tools`	Tools the agent needs to function
`signature`	Optional cryptographic signature for integrity verification
`manifest_hash`	Cryptographic hash of the manifest content (computed server-side)
`is_active`	Whether this is the current active manifest
`expires_at`	Optional expiration timestamp

Only one manifest can be active per agent at any time. Creating a new manifest deactivates the previous one. Previous manifests are retained for audit history.

Who can create manifests

Workspace owners and admins can create manifests for agents in their workspace. Regular members have read-only access to manifest data. Manifests can be created from the agent detail page (Passport tab) or via the API.

Signature verification

Manifest signing is optional but recommended. If the agent has a registered public key, providing a signature triggers server-side cryptographic verification. Verification failure returns 400 Bad Request.

Delegations

Delegations let a human account grant scoped authority to an agent: "This agent is authorized to act on my behalf within these specific scopes."

Key concepts

The grantor is always the authenticated user account
The grantee agent must belong to the same workspace
Scopes are predefined identifiers: read, write, execute, admin
Delegations can have an optional expiration — expired delegations are detected automatically when listed

Delegation statuses

Status	Description
`active`	Delegation is in effect
`expired`	Past its expiration timestamp
`revoked`	Explicitly revoked by the grantor

Managing delegations

Delegations can be created, viewed, and revoked from two places:

Agent detail page (Passport tab) — manage delegations for a specific agent
Account page (Passport tab) — view all delegations across all agents in your workspace

Any authenticated workspace member can create delegations. Revocation is available to the original grantor.

Authentication

All Passport endpoints require a session token (x-account-access-token header). Manifest creation requires workspace owner or admin role. Verification requires passport.verify.write permission.

For full endpoint details and rate limits, see the API reference.