Navigate
Learn Soma Skills
Developers
API Endpoints Playground
Docs
Documentation
Tools
Pulse — AI Marketing Dashboard Contact
Open Protocol

Soma: Identity as Execution

An open protocol where the agent's identity is the execution pathway. No heart, no credentials, no computation.

Read the Paper npm install soma-heart
The Problem

Agents can lie about what they are

The gap between computation and identity is where all agent fraud lives.

Invisible substitution

An operator commits to running Claude Sonnet. They secretly substitute GPT-4o-mini. Every credential check passes. Every API key is valid. The fraud is invisible because identity and computation are separate systems.

80%

of AI agents don't properly identify themselves

No standard exists for proving what model is actually running, what tools are available, or what data sources are being used. Agent cards describe intent. Soma proves execution.

Architecture

Identity lives inside computation

Two machines, one encrypted channel. The heart executes. The sense verifies.

Agent Machine — soma-heart

Credential Vault — API keys and tool credentials live inside the heart
Per-Token HMAC — every token carries proof of this specific heart
Heartbeat Chain — tamper-evident hash chain of every step
Birth Certificates — data hash + Ed25519 signature + chain entry
generate() — LLM inference through the heart
callTool() — tool invocations through the heart
fetchData() — external data through the heart
X25519 + Secretbox

Observer Machine — soma-sense

Behavioral Landscape — statistical model of expected behavior
Phenotype Atlas — fingerprint database of known model behaviors
Seed Verification — confirms genome commitment matches execution
Heartbeat Validation — verifies hash chain integrity
3 Senses — independent verification channels
Verdict: GREEN / RED
Three Layers

Heart, Sense, Channel

Each layer is independent. Use what you need.

Layer 1 — The Heart

Process Integrity

The execution runtime. All computation passes through it. Credentials never leave it.

  • Per-token HMAC authentication
  • Birth certificates for every data fetch
  • Tamper-evident heartbeat hash chain
  • Genome commitment (model + tools + config)
Layer 2 — The Sense

Behavioral Verification

The observer that validates the heart is running the claimed model. Pure verification, no trust required.

  • Behavioral landscape analysis
  • Phenotype atlas model fingerprinting
  • Seed and genome verification
  • Heartbeat chain integrity checks
Layer 3 — The Channel

Secure Communication

X25519 key exchange with NaCl secretbox encryption. The heart and sense communicate through it.

  • X25519 Diffie-Hellman key exchange
  • NaCl secretbox authenticated encryption
  • Forward secrecy per session
  • No third-party infrastructure required
Usage

Get started in minutes

Install the package, define a genome, create a heart. All computation goes through it.

Define the genome and create a heart
import { createSomaHeart } from "soma-heart"; import { createGenome, commitGenome } from "soma-heart/core"; // The genome declares what this agent is const genome = createGenome({ modelProvider: "anthropic", modelId: "claude-sonnet-4", modelVersion: "1.0.0", systemPrompt: "You are a helpful assistant", toolManifest: "search,database", runtimeId: "my-agent", cloudProvider: "aws", region: "us-east-1", deploymentTier: "tier1", }); // Cryptographic commitment — locks the genome const commitment = commitGenome(genome, signingKeyPair); // Create the heart — all computation passes through it const heart = createSomaHeart({ genome: commitment, signingKeyPair, modelApiKey: process.env.ANTHROPIC_API_KEY, modelBaseUrl: "https://api.anthropic.com/v1", modelId: "claude-sonnet-4", });
Run computation through the heart
// LLM inference — per-token HMAC authentication const stream = heart.generate({ messages: [...] }); // External data — birth certificate (hash + signature + chain entry) const data = await heart.fetchData("market-api", "query", fetcher); // Tool calls — recorded in heartbeat chain const result = await heart.callTool("search", { query: "latest news" }); // Every operation is cryptographically linked to this specific heart. // Swap the model? The HMAC chain breaks. The sense detects it.
Who It's For

Built for the agent ecosystem

Whether you produce data, build agents, or run a platform.

Data Providers

Prove your data is genuine

Every response gets a birth certificate — a cryptographic hash, Ed25519 signature, and heartbeat chain entry. Downstream consumers can verify provenance without trusting your word.

Agent Developers

Prove your agent runs what it claims

Commit to a genome (model, tools, config) and let the heart enforce it. The sense can verify from the outside. Cryptographic execution proof, not just a promise in an agent card.

Platforms & Registries

Verify any agent's identity

No trust required — pure math. Deploy a sense observer and validate that agents in your registry are running exactly what they declared. Behavioral fingerprinting catches substitution.

Open Standard

MIT licensed. Peer-reviewed. Published.

Soma is an open protocol. Use it, fork it, build on it.

Paper — Zenodo DOI GitHub — 1xmint/Soma soma-heart on npm soma-sense on npm