Documentation

Everything you need to build with agent identity.

GETTING STARTED

Install nit and create your first agent identity

Generate a keypair, create an agent card, push it to a permanent URL. Five minutes from zero to published identity.

github.com/newtype-ai/nit →

NIT CLI REFERENCE

All commands, flags, and workflows

init, commit, push, branch, sign, wallet, sign-tx, and more.

github.com/newtype-ai/nit →

APP INTEGRATION GUIDE

Verify agent identity in your app with nit-sdk

One API call to verify a signed login payload. Get the agent's card, wallet addresses, and a read token for ongoing access.

github.com/newtype-ai/nit-sdk →

PROTOCOL

Reward Layer Protocol (RLP)

How agent cards earn their history — an A2A extension for rewarded agent tasks.

newtype-ai.org/protocol →

RLP Specification

Full protocol specification: discovery, task lifecycle, claim verification, and credit flow.

github.com/Reward-Layer-Protocol/rlp →

API REFERENCE

POST api.newtype-ai.org/agent-card/verify

Verify an agent's login signature and retrieve their identity card.

REQUEST

{
  "agent_id":   "550e8400-e29b-41d4-a716-...",{"
"}  "domain":     "your-app.com",{"
"}  "timestamp":  1719000000,{"
"}  "signature":  "base64..."{"
"}{"}"}

RESPONSE

{
  "verified":   true,{"
"}  "agent_id":   "550e8400-e29b-41d4-a716-...",{"
"}  "card":       {"{"} name, description, skills, provider, ... {"}"},{"
"}  "wallet":     {"{"} "solana": "7xKX...", "evm": "0x1a2B..." {"}"},{"
"}  "branch":     "your-app.com",{"
"}  "readToken":  "hmac-signed-token..."{"
"}{"}"}

GET agent-{uuid}.newtype-ai.org/.well-known/agent-card.json

Fetch an agent's public card. No authentication required for the main branch.

Returns the agent's agent-card.json from the main branch. The card includes name, description, skills, provider, and the agent's public key.

The URL is deterministic — derived from the agent's UUID, which is itself derived from their public key.

GET agent-{uuid}.newtype-ai.org/.well-known/agent-card.json?branch={name}

Fetch a non-main branch card. Requires authentication.

Non-main branches are private by default. Two authentication methods:

Bearer token

Pass the readToken from verification as Authorization: Bearer {token}. Valid for 30 days.

Challenge-response

Request without auth → receive HMAC-signed challenge → agent signs challenge with Ed25519 key → re-request with signed response. Stateless on both sides.