展示HN：Vouch协议 – AI代理的开放身份（C2PA和Did）

Hi HN,<p>I’m the creator of Vouch Protocol.<p>We are entering a world where AI agents are taking real actions (booking flights, committing code, moving money).<p>The problem: There is currently no way to cryptographically verify an Agent&#x27;s intent before execution. (e.g., An agent claims it will `read_db`, but actually executes `delete_db`—and you have no proof of the discrepancy nor a way to stop this from happening).<p>The current industry solution relies on the old X.509 Certificate Authority model—basically, paying a centralized authority $$$ per year for a digital ID. That doesn&#x27;t scale for billions of autonomous agents.<p>So I built Vouch Protocol.<p>It is an open-source standard for AI Agent Identity that replaces paid certificates with W3C Decentralized Identifiers (did:web).<p>How it works:<p>1. Identity: Your agent generates its own Ed25519 key pair.<p>2. Resolution: It publishes its public key to your domain (&#x2F;.well-known&#x2F;did.json), making your domain the root of trust.<p>3. Signing: The agent signs every prompt&#x2F;action using a JWT-VC (Verifiable Credential).<p>4. Verification: Any other system can cryptographically verify &quot;This action came from the Agent at domain X&quot; without hitting a central server.<p>Update: I just submitted Vouch to the C2PA (Coalition for Content Provenance and Authenticity) today to push for this decentralized model as a standard alongside Adobe and Microsoft.<p>Repo (Code + SDK): <a href="https:&#x2F;&#x2F;github.com&#x2F;vouch-protocol&#x2F;vouch" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;vouch-protocol&#x2F;vouch</a><p>I’d love you to roast my architecture, tell me why I&#x27;m wrong, or (hopefully) star the repo if you agree this layer should be free.