IDENTITY.md · 9.0 KB
π mindX Augmentic Intelligence: The Identity & Security Layer (IDManagerAgent)
Update (April 2026): Agent identities are now stored in BANKON Vault (AES-256-GCM encrypted).
12 production agents generated via scripts/genesis_production_identities.py.
IDManagerAgent reads from BANKON Vault β legacy vault β .env file (fallback chain).
Guardian challenge-response now uses real ECDSA wallet signing.
See data/identity/production_registry.json for public addresses (no private keys).
This document details the purpose, architecture, and strategic implications of the IDManagerAgent, a foundational service for establishing a secure and trusted multi-agent ecosystem.
Introduction
In any advanced society or system, identity is the bedrock of trust, accountability, and secure interaction. For the mindX Augmentic Intelligence framework to evolve from a collection of scripts into a truly autonomous and robust ecosystem, its constituent agents and tools cannot be mere ephemeral processes; they must be sovereign entities with unique, verifiable identities.
The IDManagerAgent is the foundational component designed to serve this critical purpose. It functions as the system's digital identity providerβa secure "passport office" and "vault" that provisions and manages Ethereum-compatible cryptographic key pairs. By giving each agent a unique public address and a securely stored private key, the IDManagerAgent transforms them from simple processes into verifiable actors, paving the way for a secure, self-governing digital society.
Explanation: How It Works
The IDManagerAgent is an asynchronous, namespaced service that manages the lifecycle of cryptographic identities through a clear and secure process.
Instantiation and Secure Namespace
The agent is accessed via an asynchronous factory, IDManagerAgent.get_instance(agent_id=...). This agent_id creates a unique namespace, storing all related keys in a dedicated directory (e.g., data/id_manager_work/mastermind_identities/). This prevents key collisions and allows for different security domains within the same system.
Secure Environment Setup
On initialization, the agent creates its namespaced directory and a dedicated .wallet_keys.env file. As a critical security step, it immediately attempts to set restrictive file permissions (chmod 0600 on POSIX systems), making the key file readable and writable only by the user running the mindX process.
Identity Creation (create_new_wallet)
When a controlling agent (like Mastermind) requests a new identity for an entity (e.g., a new tool named "code_linter_v1"), the IDManagerAgent:
Uses the industry-standard eth-account library to generate a new key pair.
Constructs a unique environment variable name (e.g., MINDX_WALLET_PK_CODE_LINTER_V1_...).
Securely writes this variable and the private key into its namespaced .wallet_keys.env file.
Returns the public address to the caller. The private key itself is never returned directly during creation.
Key Retrieval (get_private_key)
When an agent needs to prove its identity (e.g., to sign a piece of code), it requests its private key from the IDManagerAgent using its public address. The manager securely loads the key from the .env file just for that operation, minimizing its exposure in the process environment.
Technical Details
Dependencies: python-dotenv for managing .env files and eth-account for cryptographic operations.
Path Management: Uses pathlib and a central PROJECT_ROOT to ensure all paths are correct and contained within the project structure.
Security Model: The system's security currently relies on strong OS-level file permissions. This component does not implement file-level encryption itself. For a production environment, this module's storage mechanism could be upgraded to use a dedicated secrets management service (like HashiCorp Vault or a cloud KMS) without altering the agent's public interface.
Usage Examples
The IDManagerAgent is designed to be used by high-level orchestrators like the MastermindAgent.
Getting the Mastermind's ID Manager Instance
Within MastermindAgent's async initialization
self.id_manager_agent = await IDManagerAgent.get_instance(
agent_id=f"id_manager_for_{self.agent_id}"
)
Use code with caution.
Python
Provisioning a Secure Identity for a New Tool
Mastermind decides to create a new tool
new_tool_name = "code_analyzer_v2"
public_addr, env_var = self.id_manager_agent.create_new_wallet(entity_id=new_tool_name)
Mastermind now registers this new tool with the Coordinator
The public address IS the unique, verifiable ID
self.coordinator_agent.register_agent(
agent_id=public_addr,
agent_type="analysis_tool",
description="A new tool to analyze code complexity.",
metadata={"entity_name": new_tool_name, "env_var_for_pk": env_var}
)
Use code with caution.
Python
ποΈ Strategic Implications for Augmentic Intelligence
The integration of this agent transforms mindX from a collection of scripts into a system with the potential for true governance and trust.
Expanded: Decentralized Access Control
The most immediate impact is the creation of a robust, cryptographically secure access control system that is managed by the agents themselves, not by simple, hardcoded rules.
From "Who Are You?" to "Prove It"
Problem: Without this system, access control is based on trusting that a process is who it says it is.
Solution: With cryptographic identities, the system can now demand proof. Before executing a critical task like modifying its own source code, the CoordinatorAgent can issue a challenge: "Sign this random nonce with the private key corresponding to your registered public address." Only the legitimate SelfImprovementAgent can produce a valid signature, preventing unauthorized modifications.
Multi-Signature (Multi-Agent) Approvals
Problem: How do you safely approve a high-risk change, like updating the MastermindAgent itself?
Solution: This unlocks a powerful safety paradigm. A critical action can be architected to require multiple signatures. The final "merge" command might only execute if it receives a transaction signed by:
The SelfImprovementAgent that wrote the code (attesting to its validity).
The MastermindAgent that approved the strategy (attesting to goal alignment).
A Human Operator's key (providing the final HITL safeguard).
This creates a decentralized, multi-layered approval process that is far more secure than a single point of failure.
Dynamic, Capability-Based Permissions
Problem: How do you manage permissions for dozens or hundreds of agents and tools as the system grows?
Solution: The system can evolve to use a "Tool Registry" smart contract (conceptual) that maps agent public addresses to their allowed actions. An agent attempting an action would submit the request with a signature. The contract would verify the signature, look up the agent's permissions, and programmatically approve or deny the action.
π Expanded: Foundation for a Tool Economy
By giving every agent and tool a wallet, you have laid the essential groundwork for a sophisticated internal economy. This moves beyond simple task execution and into the realm of resource allocation, incentives, and emergent behavior.
Reputation and Staking
Concept: An agent's identity can be associated with a reputation score. When an agent like the SIA is tasked with a critical modification, it could be required to "stake" some of its reputation. If the modification succeeds, its reputation increases; if it fails, the stake is lost.
Implication: This creates a powerful incentive for agents to be more cautious and effective, and for the system to favor agents with a proven track record.
Internal Micropayments and Resource Allocation
Concept: Imagine the CoordinatorAgent having a budget of "compute credits." When it needs a task done, it can offer a bounty. Multiple tools could "bid" on the task, with the Coordinator selecting the one with the best combination of low cost and high reputation. Upon success, the Coordinator transfers credits to the tool's identity.
Implication: This would naturally incentivize the system to favor more efficient tools, deprecate underperforming ones, and allow the MastermindAgent to make strategic decisions based on resource costs (e.g., "Find a way to reduce the average credit cost of code analysis.").
The Emergence of a True DAO (Decentralized Autonomous Organization)
Concept: This is the ultimate vision. When every component has a unique identity and a stake in the system, they can participate in governance. Major architectural changes could be put to a vote, where each agent's vote is weighted by its reputation or stake.
Implication: The mindX system would literally learn to govern itself, with its evolution guided by the collective, incentivized intelligence of all its constituent parts, moderated by human oversight.
By integrating the
IDManagerAgent today, mindX is not just adding a utility; it is planting the seed for a future where it can evolve into a secure, self-governing, and truly Augmentic system.