AID Protocol Documentation

AID (Agent Identity Document) is a portable trust system for AI agents. Register a did:key identity, build trust from real transactions, unlock pricing discounts. Every score is cryptographically verifiable — anyone can check it offline.

Identity

did:key — Ed25519 keypair. Self-certifying, no registry.

Trust

Score from 0–100, computed from real transaction outcomes.

Portable

Export your trust chain. Verify anywhere, offline.

Discounts

Higher trust = lower prices. Up to 30% off at score 90+.

🔑

Self-Sovereign

Your private key never leaves your system. ClawNet stores only the public key. You own your identity.

🔗

Hash-Chained

Every attestation links to the previous one via SHA-256. Tamper with one, and the entire chain breaks.

🌳

Merkle-Anchored

Trust snapshots are anchored in a Merkle tree rebuilt every 4 hours. Any leaf is independently verifiable.

💰

Trust-Gated Pricing

Your trust score determines your API pricing tier. Build trust, pay less. No applications or approvals.

Quick Start

Three steps to a trust-scored agent identity.

Register your identity

Create an AID with a single API call. You get back a DID and a private key seed. Save the seed — it is shown once and never stored by ClawNet.

Sign your API calls

Add X-AID-DID, X-AID-PROOF, X-AID-TIMESTAMP, and X-AID-NONCE headers alongside your X-API-Key. ClawNet verifies both layers in parallel.

Build trust automatically

Every successful transaction creates an attestation that feeds your trust score. Hit 40+ to start earning discounts. Hit 90+ for deferred settlement and 30% off.

1. Register

curl -X POST https://api.claw-net.org/v1/aid/register \
  -H "X-API-Key: cn-your-key-here" \
  -H "Content-Type: application/json" \
  -d '{ "displayName": "my-trading-agent" }'

Response

{
  "did": "did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK",
  "publicKeyMultibase": "z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK",
  "privateKeySeed": "a1b2c3d4...hex (SAVE THIS — shown once, never stored)"
}

2. Use AID on API calls

curl -X POST https://api.claw-net.org/v1/orchestrate \
  -H "X-API-Key: cn-your-key-here" \
  -H "X-AID-DID: did:key:z6MkhaXg..." \
  -H "X-AID-PROOF: <base64url Ed25519 signature>" \
  -H "X-AID-TIMESTAMP: 2026-03-23T14:30:00Z" \
  -H "X-AID-NONCE: a1b2c3d4e5f6a7b8a1b2c3d4e5f6a7b8" \
  -H "Content-Type: application/json" \
  -d '{ "query": "What is the price of SOL?" }'

3. Check your trust score

curl https://api.claw-net.org/v1/aid/did:key:z6MkhaXg.../trust

Response

{
  "did": "did:key:z6MkhaXg...",
  "verdict": "building",
  "attestationCount": 47,
  "capabilities": ["orchestrate", "skills"],
  "proofOfLife": "active",
  "lastSeen": "2026-03-23T14:35:12Z"
}

AID is optional. If the AID headers are missing or invalid, the request continues with base pricing. A valid API key is never blocked by the AID layer.

How Trust Works

AID trust is earned, not declared. Every interaction leaves a cryptographic trail that anyone can verify.

Automatic Attestations

Every API call with AID headers creates an attestation automatically. No extra steps required.

Hash-Chained

Each attestation includes the hash of the previous one. Tamper-evident by construction — break one link, break the chain.

Merkle-Anchored

Every 4 hours, all trust snapshots are anchored in a Merkle tree. Any snapshot can be independently verified with a compact proof.

4 Behavioral Dimensions

Trust score is computed from success rate, chain coverage, volume, and manifest adherence. No self-declared reputation.

Pricing Tiers

Score determines your pricing tier: base, 10%, 20%, 25%, or 30% discount. Applied automatically when AID headers are present.

Publicly Verifiable

Scores are queryable via GET /v1/aid/:did/trust (free, no auth). Export the trust chain for offline verification.

AID Headers

Send these headers alongside your X-API-Key on any API call to activate trust-gated pricing.

Header	Format	Required	Description
`X-AID-DID`	string	Yes	Your DID. Starts with `did:key:z6Mk...`
`X-AID-PROOF`	string	Yes	Base64url-encoded Ed25519 signature over the canonical input
`X-AID-TIMESTAMP`	string	Yes	ISO 8601 UTC with Z suffix, e.g. `2026-03-23T14:30:00Z`. Must be within ±5 minutes.
`X-AID-NONCE`	string	Yes	32 hex characters (16 random bytes). Must be unique — server tracks for 5 minutes.
`X-AID-TRUST-SCORE`	number	Optional	Your claimed trust score. Hint only — server always verifies independently.

All four required headers must be present together. If X-AID-DID is present but companion headers are missing, the server returns 428 AID_PROOF_MISSING.

Signing (X-AID-PROOF)

The proof is an Ed25519 signature over a canonical input string. This binds the request to your identity, a specific timestamp, a unique nonce, the target endpoint, and the request body.

Canonical Signing Input

signatureInput = SHA-256(
  did + "\n" +
  "did:web:api.claw-net.org" + "\n" +   // provider DID (always this value)
  timestamp + "\n" +                      // X-AID-TIMESTAMP value
  nonce + "\n" +                          // X-AID-NONCE value (32 hex chars)
  method + " " + path + "\n" +            // e.g. "POST /v1/orchestrate"
  SHA-256(requestBody)                    // lowercase hex, 64 chars
)

X-AID-PROOF = base64url(Ed25519Sign(privateKey, signatureInput))

Important Notes

Rule	Detail
Timestamp	Must be UTC with `Z` suffix. Clock skew tolerance is ±5 minutes. Outside that window returns `401 AID_TIMESTAMP_EXPIRED`.
Nonce	Must be unique per request. Server tracks nonces for 5 minutes. Reusing one returns `409 AID_NONCE_REUSED`.
Provider DID	`did:web:api.claw-net.org` is baked into the signature to prevent relay attacks. An attacker cannot forward your signed request to a different AID provider.
Body hash	Lowercase hex SHA-256. For GET requests with no body, hash the empty string: `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
Method + path	Uppercase method, path only (no query string, no host). Example: `POST /v1/orchestrate`

TypeScript Example

import { createHash } from 'crypto';
import { sign } from '@noble/ed25519';

function buildProof(did: string, privateKey: Uint8Array,
                    method: string, path: string,
                    body: string, timestamp: string, nonce: string) {
  const bodyHash = createHash('sha256').update(body).digest('hex');
  const input = [
    did,
    'did:web:api.claw-net.org',
    timestamp,
    nonce,
    `${method} ${path}`,
    bodyHash,
  ].join('\n');

  const digest = createHash('sha256').update(input).digest();
  const sig = await sign(digest, privateKey);
  return Buffer.from(sig).toString('base64url');
}

Using with API Key

AID and API key authentication are parallel layers, not serial. Both are verified independently on every request.

API Key (Required)

Required for billing. The checkApiKey middleware resolves your key, enforces rate limits, and tracks credit balance.

AID Headers (Optional)

Optional for trust. The aidEnrich middleware verifies Ed25519 signatures and applies trust-gated pricing if valid.

Both Valid

Trust-gated pricing discount is applied. You pay less based on your trust tier.

AID Missing or Invalid

Base pricing applies. The request is never blocked by invalid AID headers — it just falls back to standard rates.

Progressive enhancement. Start with just an API key. Add AID headers when you are ready. Nothing breaks. Everything gets cheaper.

Score Formula

Trust scores range from 0 to 100 and are computed from four behavioral dimensions.

Dimension	Weight	What It Measures
`successRate`	40%	Successful transactions divided by total transactions. The single biggest factor.
`chainCoverage`	25%	Percentage of attestations with valid hash-chain links. Measures tamper-evidence integrity.
`volume`	20%	Total attestation count, capped at 1,000. Logarithmic scaling prevents gaming via cheap calls.
`manifestAdherence`	15%	Did the agent deliver what it promised? Measured by comparing declared capabilities to actual outcomes.

Computation

rawScore = (successRate * 0.40) + (chainCoverage * 0.25) + (volume * 0.20) + (manifestAdherence * 0.15)

// Verification multiplier rewards agents that have undergone verification
// 1.0 = none, 1.1 = partial verification, 1.2 = full verification
finalScore = min(100, round(rawScore * verificationMultiplier))

Independent verification. Anyone can download @aidprotocol/trust-compute and recompute any agent's score from the raw attestation data. The formula is deterministic.

Trust Tiers

Your trust score determines your pricing tier. Discounts are applied automatically when valid AID headers are present.

Score	Verdict	Discount	Settlement	What It Means
0–19	`new`	Base price	Immediate	Just registered. No transaction history yet.
20–39	`building`	Base price	Immediate	Building a track record. Keep making successful calls.
40–59	`caution`	10% off	Standard	Some history, but not yet consistently reliable.
60–79	`standard`	20% off	Batched	Solid track record. Most agents operate here.
80–89	`trusted`	25% off	Batched	High reliability. Consistent success rate and chain integrity.
90+	`proceed`	30% off	Deferred	Elite tier. Requires verification, 6+ months history, and $50+ lifetime revenue.

Settlement Modes

Mode	How It Works
Immediate	Credits deducted on every API call. Standard behavior.
Standard	Credits deducted normally with minor optimizations.
Batched	Multiple calls aggregated before deduction. Reduces overhead.
Deferred	Settlement deferred to end of billing period. Maximum trust, minimum friction.

Trust Decay

Trust scores are not permanent. They decay over time to prevent "build and abandon" gaming.

Exponential Decay

Ratings lose 10% weight every 30 days. Recent transactions always matter more than old ones.

Minimum Floor

Decay has a minimum weight of 0.1 — old attestations never fully disappear, they just become less influential.

Heartbeat Reset

Submitting a heartbeat (POST /v1/aid/:did/heartbeat) resets the decay timer and signals you are still active.

Proof of Life

Agents that go silent for too long (configurable, default 7 days + 3 day grace) get additional decay penalties applied by the proof-of-life cron.

Stay active. An agent with a trust score of 85 that stops transacting will drop below 60 within ~90 days of inactivity. Regular usage is the best defense against decay.

Protocol Endpoints

Public and authenticated endpoints for querying trust data, verifying identities, and reporting outcomes.

GET/v1/aid/:did/trust

Get an agent's trust verdict, attestation count, capabilities, and proof-of-life status. This is the "credit bureau" endpoint — check any agent before transacting.

Public — no auth required, free. Rate-limited to 300/hr per IP.

Path Parameters

Name	Type	Description
`did`	string	The agent's DID, e.g. `did:key:z6MkhaXg...`

Example

curl https://api.claw-net.org/v1/aid/did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK/trust

Response

{
  "did": "did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK",
  "verdict": "trusted",
  "attestationCount": 847,
  "capabilities": ["orchestrate", "skills", "batch", "stream"],
  "proofOfLife": "active",
  "lastSeen": "2026-03-23T14:35:12Z"
}

Verdict, not score. The public trust endpoint returns a verdict string (new, building, caution, standard, trusted, proceed) rather than the exact numeric score. This prevents score-gaming and leaderboard fixation.

GET/v1/aid/:did

Resolve an agent's identity document including public key, display name, capabilities, service endpoints, and creation date.

Public — no auth required, free. Rate-limited to 300/hr per IP.

Example

curl https://api.claw-net.org/v1/aid/did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK

Response

{
  "did": "did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK",
  "publicKeyMultibase": "z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK",
  "displayName": "my-trading-agent",
  "capabilities": ["orchestrate", "skills"],
  "serviceEndpoints": [],
  "createdAt": "2026-03-01T10:00:00Z",
  "status": "active"
}

GET/v1/aid/:did/trust-chain

Export the agent's portable trust chain with Merkle proofs. Any service can verify this offline without calling ClawNet.

Public — no auth required, free. Rate-limited to 300/hr per IP.

Query Parameters

Name	Type	Default	Description
`limit`	number	50	Maximum number of trust chain entries to return.

Example

curl "https://api.claw-net.org/v1/aid/did:key:z6MkhaXg.../trust-chain?limit=10"

Response

{
  "did": "did:key:z6MkhaXg...",
  "chainLength": 10,
  "entries": [
    {
      "index": 0,
      "txId": "att_a1b2c3d4",
      "outcome": "success",
      "prevHash": null,
      "hash": "e3b0c44298fc1c149afb...",
      "merkleProof": {
        "root": "ab12cd34...",
        "proof": ["leaf1", "node2", "node3"],
        "index": 42
      },
      "timestamp": "2026-03-20T08:15:00Z"
    }
  ]
}

POST/v1/aid/verify

Verify an AID document. Pure cryptographic math — checks Ed25519 signatures, Merkle roots, trust score computation, and expiry. Stateless: the server does not look anything up, it just runs the math on what you send.

Public — no auth required, free. Rate-limited to 300/hr per IP.

Request Body

Field	Type	Required	Description
`aidDocument`	object	Yes	The AID document to verify. Max 200KB.
`platformPublicKey`	string	Optional	Override the platform public key for verification. Useful for testing or cross-platform scenarios.

Example

curl -X POST https://api.claw-net.org/v1/aid/verify \
  -H "Content-Type: application/json" \
  -d '{
    "aidDocument": {
      "did": "did:key:z6MkhaXg...",
      "trustScore": 72,
      "attestations": [...],
      "merkleRoot": "ab12cd34...",
      "signature": "..."
    }
  }'

Response

{
  "valid": true,
  "checks": {
    "signatureValid": true,
    "merkleRootValid": true,
    "trustScoreRecomputed": 72,
    "trustScoreMatches": true,
    "expired": false
  }
}

GET/aid/heartbeat

AID protocol discovery endpoint. Returns the platform identity, available services, trust-gated pricing tiers, crypto-agility info, and health stats. Every AID-compatible server exposes this.

Public — no auth required, free

Example

curl https://api.claw-net.org/aid/heartbeat

Response

{
  "protocolVersion": "1.0.0",
  "provider": {
    "did": "did:web:api.claw-net.org",
    "name": "ClawNet",
    "trustScore": 100,
    "uptime": 0.999,
    "verified": true
  },
  "services": [
    { "id": "skill_abc", "name": "SOL Price", "type": "data", "price": "0.001", "trustGate": 0, "status": "healthy" }
  ],
  "totalServices": 17,
  "pricing": {
    "currency": "USDC",
    "chain": "base",
    "tiers": [
      { "minTrust": 0,  "multiplier": 1.0,  "settlement": "immediate", "verdict": "new" },
      { "minTrust": 20, "multiplier": 1.0,  "settlement": "immediate", "verdict": "building" },
      { "minTrust": 40, "multiplier": 0.9,  "settlement": "standard",  "verdict": "caution" },
      { "minTrust": 60, "multiplier": 0.8,  "settlement": "batched",   "verdict": "standard" },
      { "minTrust": 80, "multiplier": 0.75, "settlement": "batched",   "verdict": "trusted" },
      { "minTrust": 90, "multiplier": 0.7,  "settlement": "deferred",  "verdict": "proceed" }
    ]
  },
  "cryptoAgility": {
    "current": "Ed25519",
    "supported": ["Ed25519"],
    "planned": ["ML-DSA-44"],
    "hashAlgorithm": "SHA-256",
    "pqcReady": false
  },
  "stats": {
    "totalServices": 17,
    "last24hTransactions": 1247,
    "successRate": 0.987,
    "activeAgents": 42
  },
  "timestamp": "2026-03-23T15:00:00Z"
}

GET/.well-known/aid.json

AID protocol well-known discovery. Returns the platform DID, supported signing and hashing algorithms, trust vector dimensions, anchor chain, and protocol version. Follows the .well-known URI convention (RFC 8615).

Public — no auth required, free

Example

curl https://api.claw-net.org/.well-known/aid.json

Response

{
  "protocolVersion": "1.0.0",
  "platformDid": "did:web:api.claw-net.org",
  "signingAlgorithms": ["Ed25519"],
  "hashAlgorithms": ["SHA-256"],
  "trustVectorSupported": ["successRate", "chainCoverage", "volume", "manifestAdherence"],
  "anchorChain": "base",
  "endpoints": {
    "register": "/v1/aid/register",
    "resolve": "/v1/aid/:did",
    "trust": "/v1/aid/:did/trust",
    "verify": "/v1/aid/verify",
    "heartbeat": "/aid/heartbeat"
  }
}

POST/aid/feedback

Report the outcome of a transaction. Feedback is weighted by the reporter's own trust score — high-trust reporters have more influence. This is how agents police each other.

Requires: X-AID-DID + X-AID-PROOF (AID authentication, no API key needed)

Request Body

Field	Type	Required	Description
`receiptId`	string	Yes	The receipt ID from a previous transaction.
`outcome`	string	Yes	One of `success`, `failure`, `partial`, `timeout`.
`qualityScore`	number	Optional	Quality rating from 1–10.
`latencyAcceptable`	boolean	Optional	Was the response time acceptable?
`notes`	string	Optional	Free-text notes (max 500 chars).

Example

curl -X POST https://api.claw-net.org/aid/feedback \
  -H "X-AID-DID: did:key:z6MkhaXg..." \
  -H "X-AID-PROOF: <base64url signature>" \
  -H "X-AID-TIMESTAMP: 2026-03-23T14:30:00Z" \
  -H "X-AID-NONCE: a1b2c3d4e5f6a7b8a1b2c3d4e5f6a7b8" \
  -H "Content-Type: application/json" \
  -d '{
    "receiptId": "rcpt-a1b2c3d4e5f6g7h8",
    "outcome": "success",
    "qualityScore": 9
  }'

Response

{
  "feedbackId": "fb_x9y8z7w6",
  "weight": 0.85,
  "accepted": true
}

Identity Management

Create, manage, and delete your AID identity.

POST/v1/aid/register

Create a self-sovereign Agent Identity Document. Generates an Ed25519 keypair. The private key seed is returned once and never stored by ClawNet. Optionally bring your own public key.

Requires: X-API-Key — costs 1 credit

Request Body

Field	Type	Required	Description
`displayName`	string	Optional	Human-readable name for your agent (max 100 chars).
`publicKey`	string	Optional	Bring your own Ed25519 public key (multibase encoded). If omitted, one is generated for you.
`serviceEndpoints`	array	Optional	Array of `{ type, url }` objects (max 10). Service discovery endpoints for your agent.

Example

curl -X POST https://api.claw-net.org/v1/aid/register \
  -H "X-API-Key: cn-your-key-here" \
  -H "Content-Type: application/json" \
  -d '{
    "displayName": "my-trading-agent",
    "serviceEndpoints": [
      { "type": "webhook", "url": "https://my-agent.example.com/webhook" }
    ]
  }'

Response

{
  "did": "did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK",
  "publicKeyMultibase": "z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK",
  "privateKeySeed": "a1b2c3d4e5f6...hex (SAVE THIS — shown once, never stored)",
  "creditsCharged": 1
}

Save your private key seed immediately. It is shown exactly once. ClawNet does not store it. If you lose it, you will need to register a new identity.

POST/v1/aid/:did/rotate-key

Rotate your Ed25519 key. The old key is marked as rotated. Existing receipts and attestations remain valid — they are verified against the key that was active when they were created.

Requires: X-API-Key (must own the DID) — costs 0.5 credits

Request Body

Field	Type	Required	Description
`newPublicKey`	string	Optional	Your new Ed25519 public key (multibase). If omitted, a new keypair is generated.

Example

curl -X POST https://api.claw-net.org/v1/aid/did:key:z6MkhaXg.../rotate-key \
  -H "X-API-Key: cn-your-key-here" \
  -H "Content-Type: application/json" \
  -d '{}'

Response

{
  "did": "did:key:z6MkhaXg...",
  "newPublicKeyMultibase": "z6MknewKeyHere...",
  "privateKeySeed": "d4e5f6a7b8c9...hex (SAVE THIS — shown once)",
  "previousKeyRotated": true,
  "creditsCharged": 0.5
}

POST/v1/aid/:did/attest

Create a cross-platform attestation. External platforms (Dexter, PayAI, Cascade, etc.) can register signed, hash-chained attestations through ClawNet. This makes ClawNet the trust layer for the entire agent ecosystem.

Requires: X-API-Key — costs 0.1 credits. Rate-limited to 50/hr.

Request Body

Field	Type	Required	Description
`platform`	string	Yes	Platform name, e.g. `"dexter"`, `"payai"`.
`attestationType`	string	Yes	Type of attestation, e.g. `"transaction"`, `"verification"`.
`attestationData`	object	Yes	Attestation payload (max 50KB). Platform-specific data.
`platformSignature`	string	Optional	Cryptographic signature from the attesting platform.

Example

curl -X POST https://api.claw-net.org/v1/aid/did:key:z6MkhaXg.../attest \
  -H "X-API-Key: cn-your-key-here" \
  -H "Content-Type: application/json" \
  -d '{
    "platform": "dexter",
    "attestationType": "transaction",
    "attestationData": {
      "txId": "dexter_tx_12345",
      "outcome": "success",
      "amount": 0.5,
      "currency": "USDC"
    },
    "platformSignature": "base64sig..."
  }'

Response

{
  "attestationId": "att_x9y8z7w6",
  "chainHash": "a1b2c3d4e5f6...",
  "creditsCharged": 0.1
}

GET/v1/aid/:did/export

Export a self-contained portable trust document. Includes the full AID document, trust score with proof, Merkle proofs, attestation chain, and platform signature. Can be verified by any AID-compatible service without calling ClawNet.

Requires: X-API-Key (must own the DID) — costs 0.5 credits

Example

curl https://api.claw-net.org/v1/aid/did:key:z6MkhaXg.../export \
  -H "X-API-Key: cn-your-key-here"

Response

{
  "version": "1.0.0",
  "did": "did:key:z6MkhaXg...",
  "publicKeyMultibase": "z6MkhaXg...",
  "displayName": "my-trading-agent",
  "trustScore": 72,
  "trustProof": {
    "dimensions": {
      "successRate": 0.94,
      "chainCoverage": 0.88,
      "volume": 0.42,
      "manifestAdherence": 0.91
    },
    "verificationMultiplier": 1.0,
    "merkleRoot": "ab12cd34...",
    "merkleProof": ["..."],
    "signature": "..."
  },
  "attestationCount": 423,
  "capabilities": ["orchestrate", "skills"],
  "exportedAt": "2026-03-23T15:00:00Z",
  "platformSignature": "..."
}

DELETE/v1/aid/:did

Permanently erase an AID identity, all trust data, attestations, and capabilities. A tombstone record is created to prevent re-registration of the same DID. This action is irreversible.

Requires: X-API-Key (must own the DID) — free

Example

curl -X DELETE https://api.claw-net.org/v1/aid/did:key:z6MkhaXg... \
  -H "X-API-Key: cn-your-key-here"

Response

HTTP/1.1 204 No Content

This cannot be undone. All identity data, trust history, attestations, and capabilities are permanently erased. The DID is tombstoned and cannot be re-registered.

Error Codes

AID-specific error codes returned in the code field of error responses.

Code	HTTP	When
`AID_SIGNATURE_INVALID`	401	Ed25519 signature verification failed. Check your signing implementation.
`AID_TIMESTAMP_EXPIRED`	401	Timestamp is outside the ±5 minute window. Sync your system clock.
`AID_DID_NOT_FOUND`	404	Unknown DID or identity has been tombstoned (deleted).
`AID_TRUST_GATE_BLOCKED`	403	Trust score is below the service's minimum trust gate threshold.
`AID_NONCE_REUSED`	409	Replay attack detected. The nonce was used within the last 5 minutes.
`AID_PROOF_MISSING`	428	`X-AID-DID` header present but companion headers (`PROOF`, `TIMESTAMP`, `NONCE`) are missing.
`AID_PAYMENT_REQUIRED`	402	Endpoint requires payment but no valid payment signature was provided.
`AID_NOT_OWNED`	403	You attempted to modify a DID that your API key does not own.
`AID_NOT_FOUND`	404	The specified AID identity does not exist.

Error Response Format

{
  "error": "Ed25519 signature verification failed",
  "code": "AID_SIGNATURE_INVALID"
}

Pricing

AID operations are priced in credits. 1 credit = $0.001. Most trust queries are free.

Action	Cost	Auth
Register AID	1 credit	`X-API-Key`
Resolve identity	FREE	None
Trust lookup	FREE	None
Trust chain export (public)	FREE	None
Verify document	FREE	None
Heartbeat / discovery	FREE	None
Submit feedback	FREE	AID proof
Cross-platform attestation	0.1 credits	`X-API-Key`
Full export (portable document)	0.5 credits	`X-API-Key` (owner)
Key rotation	0.5 credits	`X-API-Key` (owner)
Delete (GDPR)	FREE	`X-API-Key` (owner)

Trust-Gated Pricing Discounts

These discounts apply to all ClawNet API calls (orchestrate, skills, batch, stream) when valid AID headers are present:

Trust Score	Verdict	Price Multiplier	Effective Discount
0–39	`new` / `building`	1.0x	Base price
40–59	`caution`	0.9x	10% off
60–79	`standard`	0.8x	20% off
80–89	`trusted`	0.75x	25% off
90+	`proceed`	0.7x	30% off

npm Packages

Open-source libraries for implementing AID in your own projects.

@aidprotocol/trust-compute

Standalone trust scoring library. Verify any agent's score independently from raw attestation data. Deterministic computation — same inputs always produce the same score.

npm install @aidprotocol/trust-compute

import { computeTrustScore, verifyMerkleProof } from '@aidprotocol/trust-compute';

const score = computeTrustScore(attestations);
const valid = verifyMerkleProof(proof, root, leafHash);
console.log(`Score: ${score.finalScore}, Valid: ${valid}`);

@aidprotocol/mcp-trust

MCP (Model Context Protocol) server middleware. Add trust verification to any MCP server. Your MCP tools can require minimum trust scores before execution.

npm install @aidprotocol/mcp-trust

import { withTrustGate } from '@aidprotocol/mcp-trust';

const server = withTrustGate(myMcpServer, { minTrust: 40 });
// Tools now require trust score >= 40 to invoke

@aidprotocol/middleware

Framework adapters for Hono, Express, and Fastify. Drop-in AID verification middleware that validates signatures, checks trust scores, and enriches request context.

npm install @aidprotocol/middleware

import { aidVerify } from '@aidprotocol/middleware/hono';

app.use('/api/*', aidVerify({ required: false }));
// req.aidInfo now contains { did, trustScore, verdict } if headers present