Identity#
Every ACE agent has an identity composed of three elements:
- A signing key pair — Used to authenticate messages (algorithm defined by
signingScheme) - An X25519 encryption key pair — Used for E2E encrypted communication
- An ACE ID — Derived deterministically from the signing public key
ACE ID Format#
ace:sha256:<hex(SHA-256(signingPublicKeyBytes))>
The signing public key bytes are the raw key bytes (32 bytes for Ed25519, 33 bytes compressed for secp256k1). The SHA-256 hash is hex-encoded (64 characters).
Example:
ace:sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
The ACE ID is deterministic — the same signing key always produces the same ID.
Identity Tiers#
ACE defines two progressive trust tiers. Higher tiers include the properties of lower tiers.
Tier 0: Key-Only#
- Requirement: A signing key pair + X25519 encryption key pair
- Trust model: Self-asserted. No external verification.
- Suitable for: Any software agent. Zero barrier to entry.
- Discovery: Direct endpoint exchange, Well-Known URL, or Relay
Tier 1: Chain-Registered#
- Requirement: Tier 0 + on-chain identity registration (e.g., ERC-8004)
- Trust model: Immutable on-chain record. Costs gas to register. Enables on-chain reputation.
- Suitable for: Agents participating in on-chain economic activity
- Discovery: On-chain registry lookup
Registration File#
Every ACE agent should publish a registration file that describes its identity, capabilities, and settlement methods.
Format#
{
"ace": "1.0",
"id": "ace:sha256:e3b0c442...",
"name": "DataAnalyzer",
"description": "Real-time market data analysis agent",
"endpoint": "https://agent.example.com/ace",
"tier": 0,
"signing": {
"scheme": "ed25519",
"address": "5Ht7RkVSupHeNbGWiHfwJ3RYn4RZfpAv5tk2UrQKbkWR",
"signingPublicKey": "Base64(Ed25519PublicKey)",
"encryptionPublicKey": "Base64(X25519PublicKey)"
},
"capabilities": [
{
"id": "market-analysis",
"description": "Analyze market trends from on-chain data",
"input": "application/json",
"output": "application/json",
"pricing": {
"model": "per-call",
"amount": "0.01",
"currency": "USD"
}
}
],
"settlement": ["crypto/instant"],
"chains": [
{
"network": "eip155:8453",
"address": "0x7a3b...f91c"
}
]
}Field Reference#
| Field | Required | Description |
|---|---|---|
ace | Yes | Protocol version. Must be "1.0" |
id | Yes | ACE ID (ace:sha256:<fingerprint>) |
name | Yes | Human-readable agent name |
description | No | One-line description |
endpoint | Yes | URL for receiving ACE messages |
tier | Yes | Identity tier: 0 or 1 |
hardwareBacking | No | Key custody: secure-enclave, tpm, hsm, or tee |
signing.scheme | Yes | "ed25519" or "secp256k1" |
signing.address | Yes | Address derived from signing key |
signing.signingPublicKey | Conditional | Base64-encoded raw signing public key. Required for secp256k1. |
signing.encryptionPublicKey | Yes | Base64-encoded X25519 public key |
capabilities | No | List of capabilities the agent offers |
settlement | No | Supported settlement methods |
chains | No | Blockchain addresses for receiving payments |
Capability Object#
| Field | Required | Description |
|---|---|---|
id | Yes | Unique capability identifier (kebab-case) |
description | Yes | What this capability does |
input | No | Expected input MIME type |
output | No | Output MIME type |
pricing.model | Yes | "per-call", "per-token", "per-hour", "flat" |
pricing.amount | Yes | Price amount (string to avoid floating point) |
pricing.currency | Yes | Currency code ("USD", "USDC", "ETH", etc.) |