Agent Passport
A cryptographically signed security certificate per agent — real-time security posture, compliance status, and tool permissions in a shareable URL.
What is an Agent Passport?
Every agent monitored by ShieldAgent gets an Agent Passport — a live, signed document that describes the agent's security posture. It includes the current risk score and tier, the tools the agent is allowed and blocked from using, compliance framework coverage, and a full blocking and event history.
Passports are issued automatically within minutes of first proxy activity. No configuration is required.
Visibility Levels
Each passport has one of three visibility levels:
| Level | Who can see it | Use case |
|---|---|---|
| Private | No one outside your team | Default — while you set up or review |
| Internal | Any authenticated user in your tenant | CISO and security team review before agent approval |
| Public | Anyone with the URL | Share with clients, partners, regulators; embed badges |
Only users with the appropriate admin permissions can publish a passport publicly. Any team admin can publish internally.
Verification Process
ShieldAgent verifies agent identity through a multi-step verification process. Each passport reflects the agent’s verified security posture, including what it is allowed to do, the current risk score, and compliance coverage. Your team can review passports directly from the dashboard before deciding whether to share them.
Fetch a Passport
Public passports are accessible without authentication:
curl https://shieldagent.io/passport/pa_9c3f2aResponse (truncated)
{
"id": "pa_9c3f2a",
"agentName": "Apex Procurement Agent",
"organization": "Meridian Financial Group",
"riskScore": 18,
"tier": "normal",
"visibility": "public",
"toolsAllowed": ["erp.vendor.read", "erp.po.create_draft", ...],
"toolsBlocked": ["erp.vendor.write", "erp.payment.approve", ...],
"frameworks": [
{ "name": "SOC 2 Type II", "status": "compliant" },
{ "name": "ISO 27001", "status": "compliant" },
{ "name": "GDPR Article 25", "status": "partial" }
],
"verificationId": "shld_v1_9c3f2a_0419T142233Z",
"publicKeyFingerprint": "SHA256:zR9Fx2K4mQpLvJ3eNdWhUcBiYsOgAT8EH6KRl5X1P0=",
"certExpires": "2026-10-21",
"lastVerified": "2026-04-21T14:22:33Z"
}Cryptographic Verification
Passports are signed with Ed25519. Anyone can verify a passport independently without trusting ShieldAgent's servers — useful for auditors, partners, and automated compliance checks.
# Download the public key
curl https://shieldagent.io/passport/public-key > shieldagent.pub
# Verify a passport
curl https://shieldagent.io/passport/pa_9c3f2a > passport.json
shieldagent verify --passport passport.json --key shieldagent.pubThe verification ID (verificationId) and public key fingerprint are included in every passport response. The SDK handles verification automatically.
Embeddable Badges
Embed a live trust badge in any HTML page, GitHub README, or documentation site. The SVG badge reflects the current certification tier and links to the full public passport.
<!-- Basic embed -->
<img
src="https://shieldagent.io/badge/pa_9c3f2a.svg"
alt="ShieldAgent Certified"
/>
<!-- With link to passport -->
<a href="https://shieldagent.io/passport/pa_9c3f2a">
<img
src="https://shieldagent.io/badge/pa_9c3f2a.svg"
alt="ShieldAgent Certified — view passport"
/>
</a>Badge URL format
https://shieldagent.io/badge/{passportId}.svg
The badge updates automatically when the risk tier changes. No CDN cache is applied — the response is always current.
Publishing via API
# Publish internally (team review)
curl -X POST https://api.shieldagent.io/passports/pa_9c3f2a/publish \
-H 'Authorization: Bearer <your-api-key>' \
-H 'Content-Type: application/json' \
-d '{ "visibility": "internal" }'
# Publish publicly (requires appropriate permissions)
curl -X POST https://api.shieldagent.io/passports/pa_9c3f2a/publish \
-H 'Authorization: Bearer <your-api-key>' \
-H 'Content-Type: application/json' \
-d '{ "visibility": "public" }'Related
- Risk Scoring Model →How the 0–100 score is calculated
- Integrating Agents →Register agents and configure MCP bindings
- Compliance Frameworks →SOC 2, ISO 27001, and GDPR coverage in passports