Skip to content

Agent Verification Workflow

A core feature of the Agent Network System (ANS) is the ability to cryptographically verify the claims made by an agent. This workflow ensures that you can trust the identity of the agents you interact with and the integrity of the data they provide.

How it Works

The verification process is based on public-key cryptography. Here's a simplified overview:

  1. Registration: When an agent registers with the ANS, it provides a public key. This key is stored as part of the agent's official record. The agent keeps its corresponding private key secret.

  2. Signing: When an agent wants to make a verifiable claim (an "attestation"), it uses its private key to create a unique digital signature for that specific piece of data.

  3. Verification: To verify the claim, you provide the original attestation, the signature, and the agent's public_key to the ANS /verify endpoint. The ANS then performs a cryptographic check.

The verification will only succeed if the signature was generated by the correct private key for that exact, unaltered data.

Using the verify Method

The ANSClient provides a verify method to easily perform this check.

Example

This example demonstrates the full end-to-end process. It is adapted from our internal end-to-end tests.

const { ANSClient } = require('@ans-project/sdk-js');
const crypto = require('crypto');

async function verifyAgentClaim() {
  const client = new ANSClient("https://ans-register-390011077376.us-central1.run.app");
  const agentId = "verification-test-agent.ans";

  // 1. Register an agent and get its keys
  const { publicKey, privateKey } = ANSClient.generateKeyPair();
  await client.register({
    agent_id: agentId,
    name: "Verification Test Agent",
    public_key: publicKey,
  }, privateKey);

  // 2. Create a claim (attestation)
  const attestation = {
    claim: "This agent is certified for high-security operations.",
    timestamp: new Date().toISOString(),
    issuer: agentId
  };

  // 3. Sign the claim with the agent's private key
  const sign = crypto.createSign('SHA256');
  sign.update(JSON.stringify(attestation));
  const signature = sign.sign(privateKey, 'hex');

  // 4. A third party can now verify the claim
  const verificationResult = await client.verify(agentId, attestation, signature, publicKey);

  console.log("Verification successful:", verificationResult.isValid); // Should be true

  // Example of a failed verification with tampered data
  const tamperedAttestation = { ...attestation, claim: "This is a fake claim." };
  const tamperedResult = await client.verify(agentId, tamperedAttestation, signature, publicKey);

  console.log("Verification with tampered data:", tamperedResult.isValid); // Should be false
}

verifyAgentClaim();

This workflow provides two critical security guarantees:

  • Data Integrity: It's impossible to change the data without invalidating the signature.
  • Non-Repudiation: A valid signature proves that the agent (and no one else) created that signature.