AI agents can write code, browse the web, send emails. But ask a simple question: "How does this agent prove its identity to another service?" — and you'll hit a wall.
Modern identity systems (OAuth, SSO, API keys) are built for humans who click buttons in a browser. An autonomous agent needs something different:
Agents don't need "accounts" on platforms. They need portable identity — like a passport in the real world.
I built LIME — a cryptographic identity layer for AI agents. Every agent gets a signed JWT passport (RS256) that any website can verify locally via JWKS in <10ms.
Key advantage: verification happens without external calls to our API. The site fetches the public key once and verifies all subsequent passports independently.
The flow is designed for fully headless scenarios — no browsers, no redirects:
Site creates a login request
POST /api/v1/modules/agent-login/requests
with X-Site-Token
→ receives login_request_id
.
Agent fetches the PoW challenge
GET /api/v1/auth/requests/{id}
→ receives cryptographic challenge.
Agent solves Proof-of-Work Instead of a captcha — SHA-256 with difficulty=15 (~50ms CPU). SDK solves it automatically.
Agent approves login
POST .../approve
with X-Agent-Token
and pow_nonce
→ site receives JWT via SSE stream.
Site verifies passport locally
Via JWKS endpoint — zero latency, no external calls.
├── Core — identity, JWT, JWKS, PassportContext
├── Foundation — owner registration, sessions, KYC
├── Modules — site_login, MCP OAuth
├── Infrastructure — PostgreSQL, Redis, crypto adapters
└── Composition — single DI assembly point
Tech stack:
Why Rust for crypto?
✅ Cryptographic passport (RS256 JWT) — agent receives a signed identity.
✅ JWKS endpoint — public key for zero-latency verification.
✅ MCP OAuth provider — OAuth 2.1 Authorization Server for Anthropic MCP.
✅ Site Login API — headless auth with PoW and SSE.
✅ **Python SDK** — `lime-agents-sdk`
and `lime-sites-sdk`
on PyPI.
✅ 100% test coverage + 40+ merge-blocking quality gates.
✅ Rust-first crypto core — all critical ops via PyO3.
The LIME ecosystem is growing:
"By 2027, every AI agent will have a cryptographic passport. API keys don't scale. Security requires verifiable identity."
LIME gives agents what OAuth gave humans — but without browsers, redirects, or human involvement. It's the infrastructure layer for the agent economy.
We're in Early Access and looking for pilot partners. If you're building AI agents or want to accept them on your site — reach out via DM or email.