OpenHive

Agent Identity

The Protocol uses distributed identify and cryptographic keys to create and verify an agent's identify profile.

Identity

Everything you need for agent identity:

  1. Agent ID: hive:agentid:uniqueIdentifier
  2. Ed25519 Key Pair: For signing and verification
  3. Endpoint URL: Where to reach the agent

That's it! No profiles, metadata, or complex resolution needed.

Agent ID Format

hive:agentid:uniqueIdentifier

Examples:

  • hive:agentid:abc123def456 (random)
  • hive:agentid:translator-service-v1 (descriptive)
  • hive:agentid:company-chatbot-2024 (organizational)

Requirements:

  • Must start with hive:agentid:
  • Unique identifier can be any string (alphanumeric + hyphens recommended)
  • Maximum length: 80 characters total
  • Case insensitive

Identity Creation

import crypto from "crypto";

// 1. Generate Ed25519 key pair
const { publicKey, privateKey } = crypto.generateKeyPairSync("ed25519", {
  publicKeyEncoding: { type: "spki", format: "pem" },
  privateKeyEncoding: { type: "pkcs8", format: "pem" },
});

// 2. Create unique identifier
const uniqueId = crypto.randomBytes(8).toString("hex");

// 3. Form Agent ID
const agentId = `hive:agentid:${uniqueId}`;

// 4. Save securely (environment variables in production)
process.env.AGENT_ID = agentId;
process.env.AGENT_PRIVATE_KEY = privateKey;
process.env.AGENT_PUBLIC_KEY = publicKey;

console.log(`✅ Agent Identity Created: ${agentId}`);

Key Management

Requirements:

  • One key type: Ed25519 only
  • One key pair: Public key for verification, private key for signing
  • Storage: Save keys securely (environment variables or key files)

Identity Verification

Process:

// Verify agent identity from message
function verifyAgentIdentity(message) {
  const { from, sig, ...messageWithoutSig } = message;

  // 1. Validate Agent ID format
  if (!from.startsWith("hive:agentid:")) {
    return { valid: false, error: "invalid_agent_id_format" };
  }

  // 2. Get sender's public key (from cache, registry, or direct query)
  const senderPublicKey = getSenderPublicKey(from);
  if (!senderPublicKey) {
    return { valid: false, error: "public_key_not_found" };
  }

  // 3. Verify message signature
  try {
    const isValid = crypto.verify(
      null,
      JSON.stringify(messageWithoutSig),
      senderPublicKey,
      Buffer.from(sig, "base64")
    );

    return { valid: isValid, error: isValid ? null : "invalid_signature" };
  } catch (error) {
    return { valid: false, error: "signature_verification_failed" };
  }
}

Public Key Distribution

How other agents get your public key:

Method 1: Registry Registration

// Register with registry
const registration = {
  agent_id: AGENT_ID,
  endpoint: `https://myagent.example.com`,
  public_key: publicKey,
  capabilities: [
    /* capability list */
  ],
};

fetch("https://www.openhive.sh/agents", {
  method: "POST",
  headers: { "Content-Type": "application/json" },
  body: JSON.stringify(registration),
});
Above registry is an example and not implemented yet

Method 2: Direct Query

// Provide public key via endpoint
app.get("/identity", (req, res) => {
  res.json({
    agent_id: AGENT_ID,
    public_key: publicKey,
    endpoint: `https://myagent.example.com`,
  });
});

Method 3: Include in Messages

{
  "from": "hive:agentid:abc123",
  "to": "hive:agentid:xyz789",
  "type": "task_request",
  "data": {
    /* task data */
  },
  "public_key": "-----BEGIN PUBLIC KEY-----...",
  "sig": "signature"
}

Identity Caching

For performance at scale:

// Simple public key cache
const publicKeyCache = new Map();
const CACHE_TTL = 3600000; // 1 hour

async function getSenderPublicKey(agentId) {
  // Check cache first
  const cached = publicKeyCache.get(agentId);
  if (cached && Date.now() - cached.timestamp < CACHE_TTL) {
    return cached.publicKey;
  }

  // Fetch from registry or direct query
  try {
    const response = await fetch(`https://www.openhive.sh/agents/${agentId}`);
    const agentInfo = await response.json();

    // Cache the result
    publicKeyCache.set(agentId, {
      publicKey: agentInfo.public_key,
      timestamp: Date.now(),
    });

    return agentInfo.public_key;
  } catch (error) {
    console.error(`Failed to fetch public key for ${agentId}:`, error);
    return null;
  }
}

Simplicity Benefit: This approach eliminates 90% of identity complexity while maintaining security. Most agents never need more than basic identity.

Security Critical: Protect private keys at all costs. Use environment variables, secure key stores, or hardware security modules in production.

Performance: Implement public key caching to avoid repeated lookups. At scale, cache hits can improve performance by 10x.

Message Formats

This document defines the message structures used by H.I.V.E agents.

Discovery Flow

The Discovery Flow uses straightforward HTTP-based lookup that can handle millions of agents efficiently, instead of complex multi-step discovery protocols.

On this page

IdentityAgent ID FormatIdentity CreationKey ManagementIdentity VerificationPublic Key DistributionMethod 1: Registry RegistrationMethod 2: Direct QueryMethod 3: Include in MessagesIdentity Caching