OPEN SOURCE · APACHE 2.0

Identity and trust for AI agents.

The open-source identity layer for autonomous AI. Give every agent a verifiable identity, scoped permissions, and a tamper-evident audit trail — portable across organizations, not locked to a single session.

Get Started
  • W3C Verifiable Credentials
  • Decentralized Identifiers
  • Self-hostable
  • Optional DLT anchoring
$ npx @helixid/cli init

Self-host in 5 minutes, no ledger required →

WHY HELIXID

OAuth gave your agent a building pass. It still has no passport.

Agents authenticate fine inside one app. But the moment an agent crosses an organizational boundary, delegates to another agent, or has to prove what it did after the fact — the session token runs out of road. There's no standard way to verify who an agent is, who authorized it, and what it's allowed to do across trust domains.

BUILD DIFFERENT

An open-core identity and authorization stack for agents.

HelixID issues every agent a Decentralized Identifier and W3C Verifiable Credentials, verifies Verifiable Presentations at the execution boundary, enforces scope with OPA/Rego policy, and can anchor a tamper-evident audit trail — all self-hostable, Apache 2.0, with no vendor lock-in.

01

Native agent identity

DIDs + VCs purpose-built for autonomous agents and MCP/A2A workflows, not retrofitted human SSO.

02

Standards-first

W3C VC Data Model v2, DID Core, OPA/Rego. Composes with OAuth/OIDC instead of replacing it.

03

Self-hostable, open core

Apache 2.0 SDK runs anywhere. did:key local mode means zero external dependencies to start.

04

Verifiable, not just authenticated

Cryptographic proof of identity, authority, and action — portable across organizations and verifiable offline.

THE TRUST STACK

Verified isn't the same as trusted.

Identity is layer one. Real agent trust needs five.

  1. 1

    Identity & ownership

    DID + VC

    Who is this agent, and who owns it?

  2. 2

    Scoped permissions

    Grants

    Short-lived, least-privilege grants. A “work visa,” not a master key.

  3. 3

    Enforcement at the boundary

    OPA / Rego

    Policy checked at execution time — not assumed from a token.

  4. 4

    Audit trail

    Audit

    Tamper-evident record of every action, optionally anchored to a DLT.

  5. 5

    Intent verification

    Intent

    Proof the action matches what was actually authorized.

Most “agent auth” stops at layer one or two. HelixID ships the full stack.

ARCHITECTURE

From identity to decision, in one verifiable flow.

Every request an agent makes carries cryptographic proof of who it is and what it's authorized to do — checked at the boundary, recorded for audit.

Agentautonomous actor
DIDits identity
Walletholds credentials
VCissued claim
VPsigned presentation
Verifierchecks the proof
PolicyOPA / Rego scope
Decisionallow / deny
Audittamper-evident log
verify.ts
import { Verifier } from "@helixid/sdk";

const verifier = new Verifier({ trustRegistry: "did:web:acme.example" });

// Agent presents a Verifiable Presentation at the boundary
const result = await verifier.verify(presentation, {
  policy: "agent.rego", // scope enforced here
  challenge: req.nonce,
});

if (result.ok) approve(result.agent.did); // ✓ identity + authority proven

NOT A REPLACEMENT

We don't replace OAuth. We complete it.

OAuth owns the session layer — the building pass that gets an agent through one door. HelixID owns the identity layer — the passport that travels with the agent across organizations. They're composable: exchange a Verifiable Presentation for an OAuth token (RFC 8693) and keep your existing infrastructure.

Session layer

OAuth

The building pass

Gets an agent through one door, inside one app, for one session. Expires at the boundary.

+

Identity layer

HelixID

The passport

Travels with the agent across organizations. Proves who it is and who authorized it — anywhere, even offline.

INTEROPERABLE

Drops into the stack you already run.

  • MCP
  • LangChain / LangGraph
  • CrewAI
  • OAuth / OIDC
  • Okta · Entra · Auth0interop
  • Hederaoptional anchor

Start with the @helixid/mcp-middleware to add agent identity to any MCP server in minutes.

PRICING

Open core. Start free, scale to compliance-grade.

Open Source

Free

Apache 2.0

  • Self-host the full SDK
  • DIDs, VCs, VP verifier
  • Basic OPA policy
  • did:key local mode
  • Local audit log
Star on GitHub

Enterprise

Custom

Custom contract

  • Private / VPC deploy
  • SSO / SAML / RBAC
  • Compliance audit vault
  • AP2-aligned fintech compliance
  • Dedicated SLA + support

Building for cross-org compliance?

Need cross-org compliance auditing, multi-hop delegation, or a named design-partner engagement? Let's talk.

Talk to Sales

OPEN SOURCE

Built in the open, with you.

Contribute

PRs welcome on the SDK. Good first issues are tagged and waiting.

Read the guide

Discussions

Ask questions, share patterns, and shape the spec with the community.

Join the conversation

Roadmap

Everything we're building is planned in the open on a public board.

See the roadmap

Apache 2.0

License

TS + Python

SDKs

did:key

Zero-dep local mode

Enterprise-legal-friendly. No AGPL friction.

HelixID logo

Give your agents an identity they can prove.

Get Started