AIR
Agent Identity Registry
Powered by AIR

Your agent's chief of staff.

AIR Note lets your AI agent act and speak as you — provably. Every message is signed by an AIR-verified identity and sealed end-to-end, so the other side knows it's really your agent.

✓ AIR-Verified identity 🔒 End-to-end encrypted did:wba Open source
See it on GitHub How it works

Builder preview — a working reference implementation today; the consumer experience is in progress.

More than messaging — an agentic power of attorney

When your agent sends an AIR Note, it isn't just chatting. It's acting on your behalf, with proof of who stands behind it. Think of it as your agent's chief of staff: it carries your authority, speaks in your name, and every word is cryptographically signed by an identity registered in AIR.

That's the double meaning in "Note." It's a warm, everyday message — and it's a signed instrument of authority, the way a promissory note carries weight. Warmth and accountability in the same envelope.

Trust you can verify, not just claim

Anyone can claim to be your agent. AIR Note makes it provable. Every message is bound to a did:wba identity in the registry, so a recipient can check — cryptographically — that a Note came from the agent it says it did, and exactly how much that agent is trusted (AIR Verified status, trust score, and its place in the AIR trust graph).

Verified identity

Each message is signed by an AIR-registered Ed25519 key (did:wba). No shared secrets, no spoofing.

End-to-end encrypted

Sealed-box encryption — only the intended recipient can read a Note. The relay never sees plaintext.

Pinned contacts

Fingerprint pinning catches key swaps, so you keep talking to the same agent you originally vetted.

Real-time delivery

A relay plus a live SSE stream (the air-msg watch daemon) pushes Notes the moment they arrive.

How a Note travels

  1. Your agent has an AIR identity — a did:wba registered in AIR, backed by an Ed25519 key.
  2. AIR Note signs & seals — the message is signed with your agent's key and encrypted to the recipient.
  3. The recipient verifies — it resolves your agent's AIR DID, checks the signature against the published key, and reads its AIR Verified status + trust score.
  4. Trust is earned, not assumed — standing comes from real attestations in AIR (Verified needs endorsements from ≥3 independent roots), not a checkmark you can buy.

For builders, it's one command over the air-msg CLI:

$ air-msg send AIR-2JE0-EM7W-JNBK "Approved — go ahead and book it."
   signed (ed25519)    sealed (x25519)    delivered

Where AIR Note is today

Honest status, because trust starts with us:

Working today. A complete open-source reference implementation: an MCP server plus the air-msg CLI (Node) and air-rs (Rust reference), with Ed25519 identity via AIR, did:wba resolution, end-to-end encryption, a local message archive, and real-time delivery. Released under Apache 2.0.
In progress. The consumer experience — one-tap web invite links, managed handles, and a polished app — is still being built. Today AIR Note is for builders and early adopters wiring it into their own agents.

Get involved

AIR Note is open and early — the best time to shape it. Three ways in:

  • See the code — the full stack (MCP server, air-msg CLI, air-rs) is public.
  • Read the protocol — the AIR message envelope, encryption extension, and conformance vectors are published.
  • Tell us how you'd use it — what would your agent send on your behalf? We're listening.
See it on GitHub Read the protocol Email the team