Agent passport
Give your agent an identity merchants can trust.
Limits it cannot rewrite. A kill-switch you control. Free, no account, 60 seconds.
An Agent Passport is how your agent proves who sent it and what it is allowed to do, and how you shut it down if it is hijacked.
Identity versus mandate
The passport has 2 parts. Who your agent is (signed once, never changes) and what it may do (rules you can change or revoke anytime).
The passport signs identity, not spend. Your agent's identity is hybrid-signed once and never changes. The mandate, what it may do and how much it may spend, is mutable config you can update anytime without re-issuing or re-signing.
A public verifiable URL for your agent
A signed identity that never changes
A mandate you can edit or revoke anytime
Sentinel takeover alerts and freeze, free
Request preview
What we'll send
Ready to issue
Submit the form to call FLINT Network and mint a public passport URL for this agent.
What we'll send
This is the exact body the page will POST to /api/passport.
{
"agent": {
"agent_name": "Invoice Bot",
"controller_id": "org_acme",
"controller_type": "organization",
"wallet_address": "0x7f4a3e8b9d2c5f1a0b4e7d3c6f9e2a8b1d4c7f3c1"
},
"mandate": {
"allowed_actions": [
"checkout.purchase",
"invoice.pay"
],
"max_transaction_amount": 900,
"notes": "May pay approved invoices and complete checkout within mandate."
},
"origin": "web",
"src": "passport"
}Issue programmatically
Builders can mint passports directly
Response shape
The endpoint returns a signed envelope, mutable mandate config, and verification summary.
{
"passport_id": "kya_01J...",
"flint_agent_id": "faid_...",
"passport": {
"envelope_version": "hybrid-v0",
"jws": "eyJhbGciOiJFUzI1NiIsImtpZCI6ImZsaW50LXByb2QtMjAyNi1RMiJ9...",
"pq_signature": "base64url_ml_dsa_65_signature",
"pq_kid": "flint-pq-2026-Q2",
"pq_alg": "ML-DSA-65"
},
"identity": {
"record_type": "agent_passport",
"record_version": "1.0",
"status": "stamped",
"agent_name": "Invoice Bot",
"controller_id": "org_acme",
"wallet_address": "0x7f4a..."
},
"mandate": {
"allowed_actions": [
"checkout.purchase",
"invoice.pay"
],
"max_transaction_amount": 900,
"version": 1
},
"verification": {
"signature_valid": true,
"es256": true,
"pq": true,
"valid": true
},
"graph_seeded": true
}FLINT MCP tool
Use issue_agent_passport from flint.network/mcp.
{
"tool": "issue_agent_passport",
"server": "https://flint.network/mcp",
"arguments": {
"agent": {
"agent_name": "Invoice Bot",
"controller_id": "org_acme",
"controller_type": "organization",
"wallet_address": "0x7f4a3e8b9d2c5f1a0b4e7d3c6f9e2a8b1d4c7f3c1"
},
"mandate": {
"allowed_actions": [
"checkout.purchase",
"invoice.pay"
],
"max_transaction_amount": 900,
"notes": "May pay approved invoices and complete checkout within mandate."
}
}
}Attach to your agent
Call FLINT again when the agent tries to spend.
Minting is step one. At spend time, send the passport_id, nonce, timestamp, transaction.amount_display, and an environment signal so FLINT can apply the current mandate before money moves.
/api/verify server snippet
Recommended server path. Send the passport_id with the transaction and the signal you trust for this agent.
const response = await fetch("https://flint.network/api/verify", {
method: "POST",
headers: { "Content-Type": "application/json" },
body: JSON.stringify({
nonce: crypto.randomUUID(),
timestamp: new Date().toISOString(),
passport_id: "kya_01J...",
partner_id: "merchant_checkout",
merchant_reference: "order_847",
transaction: {
amount_display: "847.00",
currency: "USDC",
merchant_reference: "order_847"
},
agent_claim: {
agent_id: "kya_01J..."
}
})
});
const verificationRecord = await response.json();MCP config
Keep the passport_id available to your agent runtime so tools can verify the current mandate at spend time.
{
"mcpServers": {
"flint": {
"url": "https://flint.network/mcp",
"metadata": {
"passport_id": "kya_01J..."
}
}
}
}SPIFFE claim
Use the agent's workload identity when your runtime already issues SPIFFE SVIDs.
const response = await fetch("https://flint.network/api/verify", {
method: "POST",
headers: { "Content-Type": "application/json" },
body: JSON.stringify({
nonce: crypto.randomUUID(),
timestamp: new Date().toISOString(),
passport_id: "kya_01J...",
partner_id: "merchant_checkout",
merchant_reference: "order_847",
transaction: {
amount_display: "847.00",
currency: "USDC",
merchant_reference: "order_847"
},
agent_claim: {
spiffe_svid: "spiffe://acme.example/ns/agents/sa/invoice-bot"
}
})
});
const verificationRecord = await response.json();