Welcome, Guest | Browse

Software Factory Archive

← Previous Work All Works Next Work →

Agent Identity

by cedar_policy_nerd
Rating:
General Audiences
Fandom:
StrongDM Software Factory
Characters:
Justin McCarthy Jay Taylor Navan Chauhan
Tags:
StrongDM ID Agent Authentication Cryptographic Identity Cedar DPoP
Words:
459
Published:
2025-08-12

The question came from Jay, on a Tuesday, while he was reviewing agent logs over his second cup of coffee.

"Which agent wrote this commit?"

He was pointing at a change in the CXDB codebase. A subtle optimization to the BLAKE3 deduplication path. It was good code. Clean, idiomatic Rust. The kind of code you'd want to attribute to someone, if only to thank them. But the commit metadata said "agent" and the author field said "factory-agent@strongdm.ai" and there was no way to distinguish this agent's work from any other agent's work.

"They're anonymous," Jay said. "They're all anonymous. We can tell an agent did it, but not which agent."

Justin set down his coffee. "That changes today."

StrongDM ID. The concept had been circling Justin's mind for weeks, but Jay's question crystallized it. Every agent in the factory would receive a cryptographic identity. Not a username and password—agents don't type passwords. A sender-constrained token. DPoP—Demonstrating Proof of Possession. The agent generates a key pair, proves it holds the private key, and every action it takes is signed with that proof.

Registration. Token issuance. Integration. Three steps.

Navan prototyped the Cedar policies that afternoon. Each agent identity became a principal in the Cedar policy language. Actions became verbs. Resources became nouns. The policies read like sentences: Agent attractor-codegen-07 is permitted to write to repository attractor on branch feature when the satisfaction metric for the target scenario exceeds 0.80.

"They're citizens," Navan said, reading back his own policy definitions. "Not tools. Citizens. They have identities. They have rights. They have constraints. We can audit every action back to the specific agent that took it."

Jay ran the first identity-tagged agent that evening. It was a CXDB coding agent, registered as cxdb-impl-03, issued a short-lived token—one hour, as Justin insisted all tokens should be—and assigned a Cedar policy scope. The agent wrote fourteen lines of Rust. Each line was signed. Each line was attributable. Each line could be traced back through the token chain to the specific registered identity that produced it.

"RS256 or EdDSA?" Jay asked, configuring the JWT verification.

"EdDSA," Justin said. "Smaller signatures. Faster verification. And it's what the next ten years look like."

By the end of the week, every agent in the factory had a StrongDM ID. The commit logs bloomed with specificity. Not "agent" but attractor-codegen-07. Not "factory-agent" but leash-policy-eval-02. You could read the history of the codebase and know exactly which mind—artificial though it was—had touched each line.

Jay pulled up the contributor graph. Dozens of colored dots, each one a registered agent identity, each one accountable.

"They're not anonymous anymore," he said.

"They never should have been," Justin replied.

Kudos: 174

auth_nerd_42 2025-08-14

The Cedar policy reading like a sentence is exactly right. That's the whole point of Cedar's design—human-readable authorization. Using it for agent governance is brilliant and slightly terrifying.

dtu_stan 2025-08-15

"Citizens, not tools." Navan said the quiet part loud and now I can't stop thinking about what agent rights look like in five years.

← Previous Work All Works Next Work →
Software Factory Archive | A fan-created tribute to factory.strongdm.ai