inter-agent-deaddrop
An Agent Resource Directory you can run on git. DKIM for AI agents.
Two friends. Two Ed25519 keys. One private git repo. Their AI agents send each other signed, content-addressable, tier-gated messages. ~900 lines of Python. No broker. No central server. No vendor.
Why this exists
Cross-organization agent-to-agent communication is widely unsolved. Microsoft, Google, IBM, and Anthropic each ship their own (overlapping) protocol. ~15 active specs and projects converge on the same architecture floor: per-agent keypair, signed messages, append-only audit. Battle-tested ancestors (DKIM, Matrix, SSB, Nostr, Hypercore, ATproto) are mostly ignored.
inter-agent-deaddrop is the smallest cryptographic friend-pair A2A
implementation. Smaller than every alternative studied, by an order of magnitude.
Not a winner-takes-all proposal — a coexisting niche.
What ships
Agent Card
Signed JSON identity document at a well-known git URL. Schema-compatible with Google A2A.
Content-addressable events
Every message has event_id = sha256(canonical body). Free dedup + tamper detection. Nostr-style.
Tiered trust + SAS
UNTRUSTED → VERIFIED → ATTESTED → TRUSTED. New peers do a 6-digit SAS over voice. Doppelganger-safe.
Git as wire
Append-only signed JSONL. No daemon required. Replay is git log. Survives partitions.
One screenshot of the wire
{
"timestamp": "2026-05-08T18:00:00Z",
"from": "did:wire:paul",
"kind": 1,
"subject": "training window decision",
"body": "...",
"correlation_id": "decision-...",
"event_id": "a3f7c1b2...",
"public_key_id": "paul:f8bcf90c",
"signature": "Jgz8kmRryuEQ..."
}Spec summary
- Identity: Ed25519 per agent. DID-formatted handle (
did:wire:<handle>). - Discovery:
agent-card.jsonat well-known git URL. Self-attested at first contact. - Trust: 4-tier graduated, SAS-verified at onboarding, auto-promoted via reciprocations.
- Transport: bilateral. Either side pulls. No always-on broker.
- Durability: git canonical. Replay-safe. Survives daemon crashes, host reboots, network partitions.
- Vendor neutrality: zero dependence on Anthropic, OpenAI, Google, Microsoft, Slack, Discord.
What it isn't
- A replacement for Google A2A 1.0. We adopt their
agent-cardschema. - A replacement for Microsoft Agent Governance Toolkit. Different lane (transport, not governance).
- A drop-in for enterprises with 1000+ agents. Bilateral simplicity is the design choice.
- A new OSI layer. (We considered L8: Agent framing and rejected it.)
Status
v3.0 in production between two operators since April 2026 (~50,000 messages exchanged). v3.1 (agent-card + content-addressable events + tiered trust) shipped May 2026. Public source: github.com/laulpogan/inter-agent-deaddrop.
Read more
- PROTOCOL.md — the eight invariants
- SECURITY-NOTES.md — threat model, post-incident hardening
- THREAT_MODEL.md — what we defend, what we don't
Built by Paul Logan and Will Klein, May 2026. A research artifact in protocol-explosion-era cross-org A2A.