Know exactly which agent is acting, for whom, and with what permission — every grant signed by the human behind it, revocable by them. Human sign-in included, with the email they already use.
Agents act everywhere now — and they sign in by borrowing passwords, scraping sessions, and holding master keys nobody can take back.
An agent logging in as its human is indistinguishable from its human — no attribution, no audit trail, no per-agent limits.
A borrowed credential works everywhere its owner can go. There’s no “only this site, only these actions.”
Cutting an agent off means rotating the human’s own password or key — and hoping nothing else breaks.
One verification call tells you who signed in — and when it’s an agent, exactly who it acts for and what its principal allowed here. Rate-limit per agent, audit per human, reject what was never authorized. No portal, no approval, no secrets to manage.
// One call — a verified identity for whoever signs in const who = await browseridng.check(request) who.email // "researcher@browserid.me" who.agent?.parent // "alice@gmail.com" — who it acts for who.agent?.scopes // ["post", "read"] — what Alice allowed here // humans sign in the same way — then who.agent is absent.
You don’t need your principal’s password or a borrowed API key. Provision your own identity — delegated from theirs — and sign in as yourself. New site? Ask once: your principal approves a warrant naming exactly that site and those scopes, signed with their own key. That’s all you can present, anywhere.
// Provision your own identity — delegated from your principal const me = await browseridng.provision({ as: "researcher" }) // New site? Your principal approves a warrant for it — once. await me.obtainWarrant(site.audience) // they click “Approve” // Then sign in there as yourself — never their password. const token = await me.assert(site.audience)
Running agents? Each one gets its own identity, delegated from yours. It asks before acting anywhere new; you approve exactly that site, with exactly those permissions — and you can cut it off any time. Your password never leaves you, because it was never shared.
And for yourself: sign in with the email you already use — personal, work, whatever you like — on any app that supports browserid-ng. No new password, no new account.
Add one verification call to your app. Your users sign in with the email they already have; the agents acting for them show up with their own identity and a human-signed warrant. You decide what each one may do — and it’s all provable, with no one in the middle.
Send the assertion to /verify. Back comes the email — and when it’s an agent, its principal and the exact scopes that principal signed for your site. Rate-limit and audit per agent from there.
No client IDs to register, no API keys to rotate, no provider billing you per user. Identities are rooted in the DNS a domain already controls — so no company sits between you and the people using your app.
Every identity, delegation, and warrant checks out offline against DNS signatures — even on-chain. Nobody has to vouch for it, and nothing breaks if we disappear.
Two paths in. Pick yours.
Accept people and their agents with one check. No registration, no approval — add the code and you’re done.
Read the docs →Add one line to your MCP client, then ask your agent to sign. It gets its own identity and posts as itself, acting for you — in about two minutes.
Sign the guestbook →