Personal AI.
Private. Yours.

NajaCoder builds it. NajaForge ships it. GrokingClawID proves who ran it. One ecosystem, zero cloud โ€” your machine, your models, your data.

Get the code Read the launch post
terminal
# One command. Real identity.
$ grokingclawid issue --name my-agent --crypto hybrid --ttl 7d
โœ“ Agent card: ./id/agent-card.json
โœ“ Private key: ./id/agent-key.pem (0600)
โœ“ Crypto: Ed25519 + ML-DSA-65 (FIPS 204)

# Now it can prove itself to anything
$ grokingclawid challenge --agent-card ./peer/card.json --key ./id/agent-key.pem
โœ“ Challenge sent ยท Response verified ยท Ed25519 โœ“ ML-DSA-65 โœ“

# Lock down any MCP server in one line
$ grokingclawid guard -- npx @modelcontextprotocol/server-filesystem /tmp
โœ“ Only verified agents can call tools now
The problem

500K lines of agent code.
Zero lines of identity.

Every major agent framework has the same blind spot.

๐Ÿ”‘

API keys aren't identity

Bearer tokens, env vars, shared secrets. Any process on the machine can read them. That's not identity โ€” it's a Post-it note.

๐Ÿค

Agents can't trust each other

MCP and A2A give agents ways to talk. But neither says how to prove who's talking. Two agents meet โ€” and neither can verify the other is real.

๐Ÿ’ฅ

The attacks are already here

Four supply chain attacks in 12 days. 100M+ downloads hit. Agent-to-agent exploits aren't theoretical โ€” they're being used right now.

How it works

Four steps to unforgeable identity.

No SDK. No containers. No cloud account. Just a ~5MB binary.

Issue an identity

One command creates a signed agent card with Ed25519 + ML-DSA-65 keys, scoped permissions, and a SPIFFE ID. Takes under a second.

Prove it anywhere

Sign HTTP requests (RFC 9421). Run challenge-response auth. Any service can verify your agent's identity without a third party.

Delegate safely

Agent A grants Agent B a subset of its permissions. Scopes can only narrow, never widen. Cryptographic chain all the way back to a human.

Rotate and revoke

New keys, re-signed cards, zero downtime. Or permanent revocation โ€” once revoked, it's done. Tamper-evident audit log records everything.

Proof

Measured, not promised.

15,500
Lines of Rust
~5MB
Binary size
119
Tests passing
0
Critical vulnerabilities
Technology

Built for problems we actually had.

Quantum-resistant today, not "eventually."

Every signature uses both Ed25519 and ML-DSA-65 (FIPS 204). Both must validate. If either algorithm breaks, the other still holds. Agent identities outlive the agents that use them โ€” plan accordingly.

Classical Ed25519 โœ“ signed Post-Quantum ML-DSA-65 โœ“ signed Verification Both required โœ“ AND mode Quantum attack on Ed25519? โ†’ ML-DSA still holds. Attack on ML-DSA? โ†’ Ed25519 still holds.

Delegation that can't escalate.

Human โ†’ agent โ†’ sub-agent. Each step can only narrow scope and shorten TTL. A sub-agent with "calendar:read" can never promote itself to "calendar:write". Any downstream service verifies the full chain in one call.

Alice (human) โ””โ”€ Agent A scope: calendar:read, email:send ttl: 1 hour โ””โ”€ Sub-Agent B scope: calendar:read โ† narrowed ttl: 30 min โ† shorter โ””โ”€ Calendar API โœ“ verified

One binary. No internet required.

Download it. Run it. That's the install process. No cloud. No Docker. No Python. No npm. Works air-gapped โ€” defense, fintech, healthcare, edge devices. Everything's stored in local SQLite.

$ ls -la grokingclawid -rwxr-xr-x 4.9M grokingclawid $ file grokingclawid Mach-O 64-bit executable arm64 Runtime deps: none Cloud: no Internet: no Containers: no License: Apache 2.0

Submitted to NIST NCCoE as a reference implementation.

Working code, not whitepapers. We responded to the NCCoE's call for AI agent identity solutions with something you can cargo install today.

Read the submission
Products

Everything you need for personalShip identity now.
Add validation and monitoring later.nbsp;AI.

Open Source โ€” v0.4.1

GrokingClawID

Cryptographic agent identity. Issue, verify, delegate, rotate, revoke. Includes an A2A server, MCP auth guard, agent daemon, and IOTA wallet โ€” all in one binary.

  • Ed25519 + ML-DSA-65 hybrid (FIPS 204)
  • A2A protocol server (Google A2A JSON-RPC 2.0)
  • MCP auth guard โ€” lock down any tool server
  • Agent daemon with birth protocol
  • Scope-narrowing delegation chains
  • Key rotation + permanent revocation
  • IOTA wallet + Merkle anchoring
  • Hash-chained tamper-evident audit log
  • 119 tests ยท security audited ยท zero critical
Coming Q2 2026

GrokingClawWatch

Agent observability. Know what your agents are doing, what they're spending, and when something goes wrong. Real-time monitoring that ties every action to a verified identity.

  • Real-time behavioral monitoring
  • Anomaly detection
  • Per-agent cost tracking
  • Authorization deviation alerts
  • SIEM-compatible export
Coming Q3 2026

NajaForge

Turn AI agents into products. Package, ship, and deploy AI-powered applications โ€” from prototype to production in one workflow.

  • Agent-to-product packaging pipeline
  • One-click deploy to any target
  • Built-in versioning and rollback
  • Private hosting โ€” your models stay yours
  • Integrates with NajaCoder projects
Beta Preview

NajaCoder

Natural Language Developer Environment. An AI coding agent that reads, writes, and executes code directly on your machine โ€” zero dependencies, one binary.

  • Multi-provider (Anthropic, OpenAI, DeepSeek, Ollama)
  • Built-in tools: read, write, bash, web, desktop
  • macOS automation (mouse, keyboard, screenshots)
  • Confidence-decay memory engine
  • Standalone binary โ€” no runtime, no install
Install โ†’

Try it in 30 seconds.

Install, issue an identity, run the E2E lab. Everything works offline.

get started
$ git clone https://github.com/grokingclaw/grokingclawid
$ cargo install --path crates/grokingclawid-cli
$ grokingclawid issue --name my-agent --crypto hybrid
โœ“ Identity issued

# Full lifecycle test: identity โ†’ birth โ†’ A2A โ†’ revocation โ†’ audit
$ ./examples/run-lab.sh
โœ“ 33/33 assertions passed
Star on GitHub Talk to us