Quick Start

Installation

Python

pip install idprova

TypeScript

npm install @idprova/core

Rust

Cargo.toml

[dependencies]
idprova-core = "0.1"

CLI

cargo install idprova-cli

Create Your First Agent Identity

Python

from idprova import AgentIdentity

# 1. Create an agent identity (generates Ed25519 keypair)
identity = AgentIdentity.create("my-agent", domain="example.com")
print(identity.did)  # did:idprova:example.com:my-agent

# 2. Issue a delegation token
dat = identity.issue_dat(
    "did:idprova:example.com:sub-agent",
    ["mcp:tool:*:read", "mcp:resource:docs:write"],
    expires_in_seconds=86400,  # 24 hours
)
print(dat.to_compact())  # JWS compact serialization

# 3. Verify the token
dat.verify_signature(identity.public_key_bytes)
dat.validate_timing()
print(f"Scopes: {dat.scope}")
print(f"Expired: {dat.is_expired}")

TypeScript

import { AgentIdentity } from '@idprova/core';

// 1. Create an agent identity (generates Ed25519 keypair)
const identity = AgentIdentity.create('my-agent', 'example.com');
console.log(identity.did); // did:idprova:example.com:my-agent

// 2. Issue a delegation token
const dat = identity.issueDat(
  'did:idprova:example.com:sub-agent',
  ['mcp:tool:*:read', 'mcp:resource:docs:write'],
  86400, // 24 hours
);
console.log(dat.toCompact()); // JWS compact serialization

// 3. Verify the token
dat.verifySignature(identity.publicKeyBytes);
dat.validateTiming(); // throws if expired
console.log(`Scopes: ${dat.scope}`);
console.log(`Expired: ${dat.isExpired}`);

Rust

use idprova_core::crypto::KeyPair;
use idprova_core::aid::AidBuilder;
use idprova_core::dat::DelegationToken;
use std::time::Duration;

fn main() -> idprova_core::Result<()> {
    // 1. Generate keypairs
    let controller_keys = KeyPair::generate()?;
    let agent_keys = KeyPair::generate()?;

    // 2. Create AID
    let aid = AidBuilder::new()
        .id("did:idprova:example.com:my-agent")
        .controller("did:idprova:example.com:alice")
        .add_verification_key(agent_keys.public_key())
        .model("anthropic/claude-opus-4")
        .runtime("custom/v1.0")
        .build()?;

    println!("Created AID: {}", aid.id());

    // 3. Issue delegation
    let dat = DelegationToken::issue(
        &controller_keys,
        "did:idprova:example.com:alice",
        "did:idprova:example.com:my-agent",
        &["mcp:tool:*:read"],
        Duration::from_secs(86400),
    )?;

    println!("Issued DAT: {}", dat.compact());

    // 4. Verify
    let verified = dat.verify(&controller_keys.public_key())?;
    println!("Verified: scopes = {:?}", verified.scopes());

    Ok(())
}

CLI

1. Generate a keypair

   idprova keygen --output ~/.idprova/keys/alice.key

   This creates an Ed25519 keypair at ~/.idprova/keys/alice.key. The private key never leaves your machine.

2. Create an Agent Identity Document (AID)

   idprova aid create \
     --id "did:idprova:example.com:my-agent" \
     --name "My First Agent" \
     --controller "did:idprova:example.com:alice" \
     --model "anthropic/claude-opus-4" \
     --runtime "custom/v1.0" \
     --key ~/.idprova/keys/alice.key

   This creates a signed AID — a W3C DID Document with agent-specific metadata.

3. Issue a delegation token

   idprova dat issue \
     --issuer "did:idprova:example.com:alice" \
     --subject "did:idprova:example.com:my-agent" \
     --scope "mcp:tool:*:read,mcp:resource:docs:write" \
     --expires-in "24h" \
     --key ~/.idprova/keys/alice.key

   The agent now has a time-bounded, scoped token proving what it’s authorised to do.

4. Verify a delegation token

   idprova dat verify "eyJhbGciOiJFZERTQSIs..."

   Verification checks the signature, expiry, scope, and delegation chain integrity.

What’s Next?

• Python SDK Guide — Full Python SDK documentation
• TypeScript SDK Guide — Full TypeScript SDK documentation
• Rust SDK Guide — Rust crate API guide
• CLI Usage — CLI workflows and CI/CD integration
• Concepts: Identity — Understanding Agent Identity Documents
• Concepts: Delegation — Scoped delegation and token chains
• Concepts: Audit — Hash-chained action receipts