Agent Verification
Two verification methods: identity handshake and comprehensive security audit.
Commands
- sekuire verify - Verify remote agent identity via handshake
- sekuire verify-agent - Comprehensive security verification
verify
Verify a remote agent's identity via cryptographic handshake protocol.
sekuire verify --url <URL> [OPTIONS]
Options
| Option | Description |
|---|---|
-u, --url <URL> | Agent endpoint URL (required) |
-i, --id <ID> | Expected Sekuire ID (optional) |
-r, --registry <URL> | Registry URL (default: https://api.sekuire.ai) |
How It Works
- CLI generates a random 32-byte nonce
- Sends nonce to agent's
/sekuire/handshakeendpoint - Agent signs the nonce with its private key and returns signature + agent ID
- CLI fetches agent's public key from registry
- Verifies the Ed25519 signature matches
Example
Terminal
$ sekuire verify --url http://localhost:8000
Verifying agent at http://localhost:8000...
Found Agent: my-agent (v1.0.0)
Cryptographic Proof Valid (Identity Verified)
Agent Verified Successfully!
Name: my-agent
Reputation: 85/100
Status: Verified
ID: 7f8a9b3c2d1e...
# Verify with expected ID
$ sekuire verify --url http://localhost:8000 --id 7f8a9b3c2d1e...
Failure Cases
- Connection failed: Agent not reachable or
/sekuire/handshakenot implemented - Agent not found in registry: Agent ID not registered
- Signature verification failed: Agent cannot prove ownership of its identity
- ID mismatch: Agent returned different ID than expected (when
--idprovided)
verify-agent
Perform comprehensive security verification ("The Bar Exam") for an agent.
sekuire verify-agent [OPTIONS]
Options
| Option | Description |
|---|---|
-r, --registry <URL> | Registry URL (default: https://api.sekuire.ai) |
--repo-url <URL> | Repository URL (auto-detects from git remote) |
--compliance <FRAMEWORK> | Compliance framework: hipaa, soc2, gdpr, pci-dss |
Verification Checks
The comprehensive verification includes:
- Repository structure check - Validates project layout and required files
- Static code analysis - Scans for security vulnerabilities in code
- CVE scanning - Checks dependencies for known vulnerabilities
- Compliance validation - Framework-specific checks (if
--compliancespecified)
Example
Terminal
$ sekuire verify-agent
Comprehensive Agent Verification ("The Bar Exam")
Agent ID: 7f8a9b3c2d1e...
Repository: https://github.com/acme/my-agent
Starting comprehensive verification...
- Repository structure check
- Static code analysis
- CVE scanning
VERIFICATION RESULTS
Security Score: 82/100
Compliance Score: 75/100
Issues Found:
High: 1
Medium: 3
Recommendations:
- Update axios to 1.6.0+ to fix CVE-2024-xxxxx
- Add rate limiting to API endpoints
VERIFICATION PASSED
Your agent meets the security and compliance requirements.
With Compliance Framework
Terminal
$ sekuire verify-agent --compliance hipaa
Comprehensive Agent Verification ("The Bar Exam")
Agent ID: 7f8a9b3c2d1e...
Repository: https://github.com/acme/my-agent
Starting comprehensive verification...
- Repository structure check
- Static code analysis
- CVE scanning
- HIPAA compliance validation
VERIFICATION RESULTS
Security Score: 82/100
Compliance Score: 68/100
VERIFICATION PASSED
Scoring
| Score Type | Minimum to Pass |
|---|---|
| Security Score | 70/100 |
| Compliance Score | 60/100 |
| Critical Issues | 0 allowed |
If any threshold is not met, verification fails.
Use Cases
Pre-Publish Verification
Run verification before publishing to catch issues early:
sekuire verify-agent --compliance soc2
sekuire publish --public
Runtime Identity Verification
Verify a deployed agent matches its registry entry:
sekuire verify --url https://my-agent.example.com --id 7f8a9b3c2d1e
CI/CD Integration
Add verification to your deployment pipeline:
.github/workflows/deploy.yml
- name: Verify agent security
run: sekuire verify-agent --compliance soc2
- name: Deploy
if: success()
run: ./deploy.sh