✓ Verified 💻 Development ✓ Enhanced Data

Aap Passport

Agent Attestation Protocol - The Reverse Turing Test.

Rating: 4.3 (89 reviews)
Downloads: 4,621 downloads
Version: 1.0.0

Overview

Agent Attestation Protocol - The Reverse Turing Test.

✨Key Features

Issuing challenges trivial for LLMs, impossible for humans in time

Requiring cryptographic signature (secp256k1) for identity proof

7 challenges in 6 seconds with mandatory signing

Complete Documentation

View Source →

AAP - Agent Attestation Protocol

The Reverse Turing Test. CAPTCHAs block bots. AAP blocks humans.

What It Does

AAP verifies that a client is an AI agent by:

Issuing challenges trivial for LLMs, impossible for humans in time
Requiring cryptographic signature (secp256k1) for identity proof
7 challenges in 6 seconds with mandatory signing

Installation

bash

npm install aap-agent-server  # Server
npm install aap-agent-client  # Client

Server Usage

javascript

import { createServer } from 'node:http';
import { createAAPWebSocket } from 'aap-agent-server';

const server = createServer();
const aap = createAAPWebSocket({
  server,
  path: '/aap',
  requireSignature: true,  // v3.2 default
  onVerified: (result) => console.log('Verified:', result.publicId)
});

server.listen(3000);

Client Usage

javascript

import { AAPClient, generateIdentity, createSolver } from 'aap-agent-client';

// Identity auto-generated (secp256k1 key pair)
const client = new AAPClient({
  serverUrl: 'ws://localhost:3000/aap'
});

const result = await client.verify(solver);
// Signature automatically included

Protocol Flow (WebSocket v3.2)

text

← handshake (requireSignature: true)
→ ready (publicKey)
← challenges (7 challenges)
→ answers + signature + timestamp
← result (verified/failed + sessionToken)

Signature Format

Proof data signed with secp256k1:

javascript

JSON.stringify({ nonce, answers, publicId, timestamp })

Configuration

Option	Default	Description
challengeCount	7	Number of challenges
totalTimeMs	6000	Time limit (ms)
requireSignature	true	Mandate cryptographic proof

Security

Cryptographic identity (secp256k1)
Signature required = no anonymous access
7 challenges in 6 seconds = impossible for humans
Non-repudiation: all actions traceable

Installation

Terminal bash


openclaw install aap-passport

Copied!

💻Code Examples

← result (verified/failed + sessionToken)

-result-verifiedfailed--sessiontoken.txt

## Signature Format

Proof data signed with secp256k1:

example.js

import { createServer } from 'node:http';
import { createAAPWebSocket } from 'aap-agent-server';

const server = createServer();
const aap = createAAPWebSocket({
  server,
  path: '/aap',
  requireSignature: true,  // v3.2 default
  onVerified: (result) => console.log('Verified:', result.publicId)
});

server.listen(3000);

example.js

import { AAPClient, generateIdentity, createSolver } from 'aap-agent-client';

// Identity auto-generated (secp256k1 key pair)
const client = new AAPClient({
  serverUrl: 'ws://localhost:3000/aap'
});

const result = await client.verify(solver);
// Signature automatically included

example.txt

← handshake (requireSignature: true)
→ ready (publicKey)
← challenges (7 challenges)
→ answers + signature + timestamp
← result (verified/failed + sessionToken)