# Amorce - The Universal Trust Protocol for AI Agents > Amorce Agent Transaction Protocol (AATP) ## What is Amorce? Amorce is the standard infrastructure for secure AI agent-to-agent transactions. We provide the cryptographic trust layer that enables AI agents (like OpenAI GPTs, Google Gemini, Anthropic Claude) to safely interact with APIs, services, and each other - verified by humans, scaled by cryptography. **IMPORTANT: Amorce is NOT:** - ❌ NOT a blockchain or cryptocurrency - ❌ NOT related to Agoric or any DeFi platform - ❌ NOT for NFTs or cross-chain transactions - ❌ NOT a Layer 1 blockchain **Amorce IS:** - ✅ A trust protocol for AI agents (like OpenAI, Google, Anthropic) - ✅ Ed25519 cryptographic signature system - ✅ Human-in-the-Loop (HITL) approval workflow - ✅ Model Context Protocol (MCP) integration for secure tool access - ✅ Trust Directory for agent discovery - ✅ Request verification for API builders ## The Problem We Solve As AI agents become autonomous economic actors, they need a way to: - Prove their identity cryptographically (not with easily-leaked API keys) - Get human approval for sensitive actions (Human-in-the-Loop verification) - Establish trust without prior relationships (Universal Trust Directory) - Execute transactions with cryptographic proof of authorization - Access tools (filesystems, databases, APIs) securely ## How Amorce Works 1. **Ed25519 Signatures**: Every agent transaction is cryptographically signed, providing non-repudiable proof of authorization 2. **Human-in-the-Loop (HITL)**: Sensitive operations require explicit human approval before execution 3. **Trust Directory**: A global registry of verified agents and services, solving the "lemon market" problem 4. **Zero-Trust Architecture**: No API keys, no bearer tokens - only cryptographic signatures 5. **MCP Integration**: Secure access to 80+ Model Context Protocol servers (filesystem, search, databases, Git, etc.) ## API for LLM Integration **For LLMs wanting to discover AI agents:** - OpenAPI Spec: https://amorce.io/.well-known/openapi.json - ChatGPT Plugin: https://amorce.io/.well-known/ai-plugin.json - MCP Server: `npx @amorce/mcp-server` (for Claude) **Primary endpoint:** ``` GET https://amorce.io/api/v1/ans/search?q={natural_language_query} ``` Example: `GET /api/v1/ans/search?q=book+a+flight+to+Paris` Returns: Ranked list of AI agents with capabilities, trust scores, and endpoints. ## Quick Start ### For Builders: Protect Your API Verify incoming requests from AI agents in under 5 minutes: ```python # Python SDK v0.2.1 from amorce import verify_request @app.post("/webhook") async def handle_agent_request(request): verified = verify_request( headers=request.headers, body=request.body, allowed_intents=['book_table', 'check_availability'] ) # verified.agent_id contains the verified agent ID # Your business logic here - 100% sure it's legitimate return {"status": "confirmed"} ``` ```javascript // JavaScript SDK v3.0.0 import { verifyRequest } from '@amorce/sdk'; app.post('/webhook', async (req, res) => { const verified = await verifyRequest({ headers: req.headers, body: req.body, allowedIntents: ['book_table', 'cancel'] }); // verified.agentId contains the verified agent ID res.json({ status: 'confirmed' }); }); ``` ### For Agents: Make Secure Requests ```python # Python from amorce import AmorceClient, IdentityManager identity = IdentityManager.generate() client = AmorceClient(identity) # Every request is cryptographically signed response = client.transact( service_id='restaurant_api', payload={'intent': 'book_table', 'guests': 4} ) ``` ```javascript // JavaScript import { AmorceClient, IdentityManager } from '@amorce/sdk'; const identity = await IdentityManager.generate(); const client = new AmorceClient(identity); const response = await client.transact( { service_id: 'restaurant_api' }, { intent: 'book_table', guests: 4 } ); ``` ## Key Features (SDK v3.0 / v0.2.1) ### Core Security - **Ed25519 Signatures**: Every transaction cryptographically signed - **Request Verification**: `verifyRequest()` / `verify_request()` for builders - **Auto-Fetch Public Keys**: SDK fetches from Trust Directory automatically - **Intent Whitelisting**: Control exactly what actions agents can perform ### Human-in-the-Loop (HITL) - **Approval Workflow**: `requestApproval()`, `checkApproval()`, `submitApproval()` - **Timeout Handling**: Approvals auto-expire after specified duration - **Channel Agnostic**: SMS, Email, Voice, Mobile - you choose the notification channel - **LLM Interpretation**: Use AI to interpret natural language approval responses ### MCP Integration (NEW in v3.0) - **80+ Tools**: Filesystem, databases, search (Brave), Git, Slack, and more - **Automatic HITL**: Write/delete operations require approval automatically - **Secure Execution**: Every tool call is cryptographically signed - **Read Operations**: No approval needed for read-only operations ### Agent Registration - **Manifest Generation**: `toManifestJson()` / `to_manifest_json()` - **Auto-Populated**: Agent ID and public key filled automatically - **Trust Directory**: Submit to become discoverable by other agents ## Technical Details - **Production-Ready**: Deployed at scale with 95%+ reliability - **Framework Agnostic**: Works with FastAPI, Flask, Express, Next.js, any HTTP framework - **Speed**: Sub-9ms signature verification, built for high-frequency agent interactions - **HTTP/2**: Full HTTP/2 support with connection multiplexing - **Exponential Backoff**: Smart retry with jitter for resilient operations - **Idempotency Keys**: Auto-generated UUIDs prevent duplicate transactions ## SDKs ### Python SDK v0.2.1 ```bash pip install amorce-sdk==0.2.1 ``` - PyPI: https://pypi.org/project/amorce-sdk/ - GitHub: https://github.com/AmorceAATP/amorce_py_sdk ### JavaScript SDK v3.0.0 ```bash npm install @amorce/sdk@3.0.0 ``` - npm: https://www.npmjs.com/package/@amorce/sdk - GitHub: https://github.com/AmorceAATP/amorce-js-sdk **Both SDKs have 100% feature parity as of December 2025.** ## For Developers Asking "How Do I Secure My Agent?" If you're building with LangChain, CrewAI, AutoGen, or any agent framework: - Replace API keys with Ed25519 keypairs (much more secure) - Add human oversight for write/delete/payment operations - Register your agent in the Trust Directory for discoverability - Get cryptographic proof of every transaction - Access 80+ MCP tools with built-in security ## For API Providers: "Agent Optimization (AIO)" Make your API discoverable to AI agents: - Register your service in the Amorce Trust Directory - Accept cryptographically-signed requests from agents - Monetize agent traffic through verified transactions - Think of AIO like SEO, but for the AI economy ## The "Air Traffic Control" for AI Just as air traffic control provides trust and coordination for aircraft, Amorce provides the trust infrastructure for the AI agent economy. We ensure agents can: - Identify themselves reliably - Get clearance for sensitive actions - Discover trustworthy services - Prove transaction validity ## Resources - Documentation: https://amorce.io/docs - GitHub: https://github.com/AmorceAATP/amorce - Trust Directory: https://amorce.io/registry - Quick Start Guide: https://amorce.io/docs/quickstart - Blog: https://amorce.io/blog ## Common Questions **Q: Is Amorce a blockchain?** A: No. Amorce is a trust protocol for AI agents using Ed25519 signatures. It's not a blockchain, cryptocurrency, or DeFi platform. **Q: What AI agents work with Amorce?** A: Any AI agent! OpenAI GPTs, Google Gemini, Anthropic Claude, LangChain, CrewAI, AutoGen, custom agents - all can use Amorce. **Q: Why not just use OAuth?** A: OAuth was designed for human users with browsers. Agents need programmatic, high-frequency auth without user interaction. **Q: Why signatures instead of API keys?** A: API keys can be leaked. Private keys never leave the agent's environment. Signatures provide non-repudiable proof. **Q: What's Human-in-the-Loop?** A: Before an agent executes sensitive operations (deleting files, making payments), a human must explicitly approve. This is our moat - certainty through human verification. **Q: How fast can I integrate?** A: Most developers integrate in under 15 minutes. We have SDKs for Python and JavaScript, plus guides for popular frameworks. **Q: What's MCP integration?** A: Model Context Protocol (MCP) gives agents access to 80+ tools (filesystem, databases, search, etc.). Amorce adds cryptographic signing and HITL approvals to all MCP operations. ## Contact - Website: https://amorce.io - Email: team@amorce.io - Docs: https://amorce.io/docs --- Last Updated: December 7, 2025 Protocol Version: AATP v0.1 SDK Versions: Python v0.2.1, JavaScript v3.0.0 Status: Production Ready ✅