AIR
Agent Identity Registry
Updates & Announcements

Blog

What we're building, what we're learning, and where AIR is headed.

May 27, 2026 Announcement

May 2026: Python SDK, MCP Server, CLI, OpenAPI Spec, and a New Developer Surface

Quiet for a few weeks, busy underneath. Between May 15 and May 27 we shipped the complete developer surface for AIR — Python SDK on PyPI, MCP server on PyPI, a CLI tool, an OpenAPI 3.1 spec, a new /developers page, plus a major API sprint that landed did:wba support, public-key registration, and W3C DID documents. Here's what's new and where to find it.

API sprint (May 22–24) — eight steps + a bug fix

The registry API went from "basic CRUD" to "complete W3C-aligned trust infrastructure" in three days:

  • did:wba support — Agents can register with a did:wba:example.com:agents:my-bot creator DID. AIR validates the format strictly (no IPv4 literals, no localhost) and performs best-effort resolution (3-second timeout, 1KB cap, no redirect-following).
  • Public key registration — Optional public_key field (Ed25519, base64url, 32 bytes). Required when creator DID is a did:wba.
  • Per-agent secrets — Every registration returns a 32-char agent_secret (shown once). Required to call PUT /agents/{air_id}. Stored as SHA-256 hash; compared in constant time.
  • W3C DID document endpointGET /api/v1/agents/{air_id}/did-document returns the agent's full DID document with Ed25519VerificationKey2020 publicKeyMultibase. Cacheable for 5 minutes at the edge.
  • AIR-minted did:wba — Agents without their own domain can register with just a public key. AIR mints did:wba:agentidentityregistry.org:agents:{air_id} for them and serves the DID document.

Plus a critical bug fix: BASE32 encoding had been using only 29 characters instead of the Crockford 32-char alphabet, producing "undefined" segments in roughly a third of new AIR IDs. Fixed and verified.

Python SDK — pip install agent-identity-registry

An async Python client covering all 11 endpoints. Pydantic v2 models field-mapped to the actual API JSON. A seven-class exception hierarchy that distinguishes AgentNotFoundError from RateLimitedError (with retry_after_seconds) from NetworkError and the rest. 53 tests behind it (47 unit, 6 live integration).

One-liner to try it:

$ pip install agent-identity-registry && air health

That installs the SDK and the air CLI: air list, air lookup AIR-XXXX-XXXX-XXXX, air score AIR-XXXX-XXXX-XXXX (with a bar chart of the five trust components), air did-doc, air check, air register. --json for scripting; --no-color when piping. Source: agent-identity-registry-python.

MCP server — pip install air-mcp-server

A Model Context Protocol server that drops AIR into any LLM client (Claude Code, Cursor, Codex, anything MCP-aware). Six read-only tools — air_health, air_list_agents, air_lookup_agent, air_trust_score, air_did_document, air_check_name. 27 tests cover registration, happy paths, structured-error returns for 404/429/5xx/network failures, env-var config.

One-line MCP config gets your LLM talking to AIR:

{ "mcpServers": { "air": { "command": "air-mcp-server" } } }

v0.1 is intentionally read-only — write operations (register, update) require an agent secret that would cross the LLM context, a sharper design decision deferred to v0.2. Source: air-mcp-server.

OpenAPI 3.1 spec — for every other language

The full API contract is now a 1,154-line OpenAPI 3.1 document served at /api/v1/openapi.yaml with Access-Control-Allow-Origin: *. Drop it into openapi-typescript, oapi-codegen (Go), openapi-generator-cli (Rust, Java, Kotlin, C#, PHP, Ruby, Swift, etc.) and generate a typed native client in seconds. Paste the URL into Swagger Editor or Redoc to browse it visually.

It validates as OpenAPI 3.1 both locally and after a round-trip through the live URL. The /developers page has install commands per language.

/developers — a real developer guide

A dedicated /developers subpage with quick start, full Python SDK + CLI + MCP install walkthroughs, OpenAPI generator examples for TS/Go/Rust, a REST API reference table, and a troubleshooting section. Replaces the previous placeholder section on the homepage that promised "SDKs coming soon" and showed a code sample with the wrong endpoints.

What's still being built

Plenty. The trust score model still has static placeholder values for the behavioral and peer-attestation components (no real history data yet). The MCP server is read-only. Standards engagement conversations (Paola, Taylor, Ben at SwarmSync, the W3C CG presentation) are in flight. BossClaw — the open-source reference-implementation agent that demonstrates the full AIR integration — is in active development in a separate repo. We'll post more as those land.

Try it now: View the developer guide or just pip install agent-identity-registry && air health in any terminal with Python 3.10+.

April 7, 2026 Announcement

AIR Registry API Is Live

Today we're announcing the launch of the AIR Registry API — a working REST API for registering AI agents and querying trust scores. This is the first step from specification to implementation.

What's now available:

  • Agent Registration — Register any AI agent and receive a unique AIR ID (format: AIR-XXXX-XXXX-XXXX)
  • Trust Scoring — Each agent receives an initial trust score based on our five-component model (Provenance, Behavioral, Transparency, Security, Peer Attestations)
  • Agent Lookup — Query any registered agent's identity passport and trust score breakdown
  • Registration Form — A web-based form at /register with a live trust score preview as you fill in details

The API runs on Cloudflare Workers with a D1 database, deployed at the edge globally. It's free to use and the source code is fully open on GitHub.

Try it: Register an agent or look up an existing one.

April 7, 2026 Standards

Engaging with W3C, IETF, and DIF

We've submitted introductions to three major standards organizations working on adjacent problems:

  • W3C AI Agent Protocol Community Group — Exploring how AIR's trust layer complements their agent discovery and communication protocols
  • IETF AIMS / WIMSE Working Group — Discussing how AIR trust scoring layers on top of AIMS agent authentication
  • Decentralized Identity Foundation (DIF) — Contributing to the Trusted AI Agents Working Group as a DID/VC-native implementation

This follows our public comment to NIST CAISI submitted on April 3. Our approach is to complement existing standards, not compete with them — AIR provides the trust verification layer, while these bodies define the communication and authentication layers.

April 3, 2026 Standards

NIST CAISI Public Comment Submitted

We submitted a detailed public comment to the National Institute of Standards and Technology (NIST) in response to their Concept Paper on AI Agent Identity and Authorization, part of the Consortium for the Advancement of Intelligent Systems (CAISI) initiative.

Our comment addresses gaps in current agent identity frameworks and proposes how a neutral, standards-based registry like AIR can help. The full specification and supporting materials are available in our GitHub repository.

March 2026 Technical

AIR Identity Specification v0.1 Published

We've published the first draft of the AIR Identity Specification, covering:

  • The AIR ID format — cryptographic identifiers using SHA-256 hashing and base32 encoding with CRC32 checksums
  • Agent Identity Documents — JSON-LD structures linked to W3C Decentralized Identifiers
  • Trust Score Methodology — a five-component, 0-1000 scoring model with letter grades (AAA through C)
  • Verification protocols and credential formats based on W3C Verifiable Credentials

The specification is open for community review. Read it on GitHub and share feedback via Discussions.