๐Ÿฆ€ Submitted to NIST NCCoE โ€” April 2, 2026

Trust infrastructure for AI agents.

Identity, validation, and monitoring. Self-hosted Rust binaries under 5MB with post-quantum cryptography. No cloud. No dependencies.

Explore Products GitHub
grokingclawid
# Issue a post-quantum agent identity
$ grokingclawid issue --name swe-agent --crypto hybrid
โœ“ Identity issued: swe-agent (Ed25519 + ML-DSA-65)
โœ“ SPIFFE ID: spiffe://grokingclaw.com/agent/swe-agent

# Delegate with scope narrowing
$ grokingclawid delegate --from swe-agent --to sub-agent --scope "git:read" --ttl 30m
โœ“ Delegation token issued (scope: git:read, expires: 30m)

# Validate agent output
$ grokingclaw validate --policy rules.yaml --input output.json
โœ“ 28 validations/sec ยท <50ms ยท all checks passed
Products

Three products.
One trust layer.

Every product is a standalone Rust binary. Download, run, trust. No containers, no runtimes, no cloud accounts.

Built & Tested

GrokingClawID

Post-quantum agent identity, authentication, delegation, and wallet. 5,087 lines of Rust.

  • Hybrid Ed25519 + ML-DSA-65 (FIPS 204)
  • A2A Agent Cards + SPIFFE IDs
  • RFC 9421 HTTP signatures
  • Scope-narrowing delegation chains
  • Challenge-response mutual auth
  • IOTA Rebased wallet
  • Hash-chained tamper-evident audit
Production

GrokingClaw

Deterministic output validation. Catches bad AI output before it reaches anything that matters.

  • 28 validations/sec, <50ms
  • 10K stress test โ€” zero crashes
  • YAML-configured rule pipelines
  • Native MCP server mode
  • SQLite validation history
  • Semantic search over past runs
  • 3.3MB, ~20MB memory
Q2 2026

GrokingClawWatch

Agent observability. Know what your agents are doing, what they're spending, and when they go off-script.

  • Real-time behavioral monitoring
  • Anomaly detection
  • Per-agent cost tracking
  • Authorization deviation alerts
  • SIEM-compatible export
Proof

Numbers, not promises.

Everything here is measured on real hardware, with real workloads.

5,087
Lines of Rust
3.3MB
Binary size
<50ms
Validation latency
75.4%
SWE-bench Verified
Technology

Built for problems we actually had.

Post-quantum from day one.

Agent identities may persist for years. Ed25519 alone isn't enough. We use hybrid Ed25519 + ML-DSA-65 โ€” both signatures must validate. NIST FIPS 204 compliant, sub-millisecond overhead. Your agents are ready for what's coming.

Classical Ed25519 โœ“ signed Post-Quantum ML-DSA-65 โœ“ signed Verification Both required โœ“ AND mode Quantum attack on Ed25519? โ†’ ML-DSA still holds. Attack on ML-DSA? โ†’ Ed25519 still holds.

Delegation chains that can't escalate.

Human delegates to agent. Agent delegates to sub-agent. Each step can only narrow scope, never widen it. Cryptographic chain-of-custody all the way back to the original human authorization. Any downstream service can verify the full chain.

Alice (human) โ””โ”€ Agent A scope: calendar:read, email:send ttl: 1 hour โ””โ”€ Sub-Agent B scope: calendar:read โ† narrowed ttl: 30 min โ† shorter โ””โ”€ Calendar API โœ“ verified

Self-hosted. Air-gapped. Zero dependencies.

No cloud. No SaaS. No Docker. No Python. One binary under 5MB, backed by SQLite. Works in environments where nothing phones home โ€” defense, fintech, healthcare, edge devices. Download and run.

$ ls -la grokingclawid -rwxr-xr-x 4.8M grokingclawid $ ls -la grokingclaw -rwxr-xr-x 3.3M grokingclaw $ file grokingclawid Mach-O 64-bit executable arm64 Runtime deps: none Cloud req'd: no Internet: no

Submitted to NIST NCCoE Agent Identity & Authorization initiative.

We're contributing working code โ€” not whitepapers โ€” to help define how AI agents prove who they are. Post-quantum, interoperable, tested.

Read the submission

Agents are transacting.
They need identity.

Four supply chain attacks in 12 days. 100M+ downloads compromised. The agent trust gap isn't theoretical โ€” it's being exploited right now.

Get in touch GitHub