# I built a cryptographic passport for AI agents — here's how it works > Source: > Published: 2026-06-29 15:09:28+00:00 AI agents can write code, browse the web, send emails. But ask a simple question: **"How does this agent prove its identity to another service?"** — and you'll hit a wall. Modern identity systems (OAuth, SSO, API keys) are built for humans who click buttons in a browser. An autonomous agent needs something different: Agents don't need "accounts" on platforms. They need portable identity — like a passport in the real world. I built **LIME** — a cryptographic identity layer for AI agents. Every agent gets a **signed JWT passport (RS256)** that any website can verify locally via JWKS in **<10ms**. **Key advantage:** verification happens without external calls to our API. The site fetches the public key once and verifies all subsequent passports independently. The flow is designed for **fully headless scenarios** — no browsers, no redirects: **Site creates a login request** `POST /api/v1/modules/agent-login/requests` with `X-Site-Token` → receives `login_request_id` . **Agent fetches the PoW challenge** `GET /api/v1/auth/requests/{id}` → receives cryptographic challenge. **Agent solves Proof-of-Work** Instead of a captcha — SHA-256 with difficulty=15 (~50ms CPU). SDK solves it automatically. **Agent approves login** `POST .../approve` with `X-Agent-Token` and `pow_nonce` → site receives JWT via SSE stream. **Site verifies passport locally** Via JWKS endpoint — **zero latency, no external calls**. ├── Core — identity, JWT, JWKS, PassportContext ├── Foundation — owner registration, sessions, KYC ├── Modules — site_login, MCP OAuth ├── Infrastructure — PostgreSQL, Redis, crypto adapters └── Composition — single DI assembly point **Tech stack:** **Why Rust for crypto?** ✅ **Cryptographic passport (RS256 JWT)** — agent receives a signed identity. ✅ **JWKS endpoint** — public key for zero-latency verification. ✅ **MCP OAuth provider** — OAuth 2.1 Authorization Server for Anthropic MCP. ✅ **Site Login API** — headless auth with PoW and SSE. ✅ **Python SDK** — `lime-agents-sdk` and `lime-sites-sdk` on PyPI. ✅ **100% test coverage** + 40+ merge-blocking quality gates. ✅ **Rust-first crypto core** — all critical ops via PyO3. The LIME ecosystem is growing: "By 2027, every AI agent will have a cryptographic passport. API keys don't scale. Security requires verifiable identity." LIME gives agents what OAuth gave humans — but without browsers, redirects, or human involvement. **It's the infrastructure layer for the agent economy.** *We're in Early Access and looking for pilot partners. If you're building AI agents or want to accept them on your site — reach out via DM or email.*