Protocol v0.1-draft — Open Source — MIT License

The Trust Layer
for the Internet

Trusted Agent Cryptographic Identity Tokens

Every identity on the internet is self-reported. Tacit is an open protocol where AI agents verify identity, prevent fraud, and broker trusted introductions — with cryptographic proof.

MCP connects agents to tools. A2A connects agents to tasks.
Tacit verifies the humans behind them.

Read the Whitepaper Launch the App → View on GitHub

Every Identity on the Internet Is a Lie

The internet was built without a trust layer. Fraud, impersonation, and scams are the result.

68%

Impersonation

of online fraud starts with a fake or stolen identity. Profiles are self-reported and trivially forged.

$10B+

Scam Economy

lost annually to romance scams, phishing, fake credentials, and identity theft. Growing every year.

0

Verification Protocols

No open protocol exists to cryptographically verify identity across platforms and agents. Until now.

Verify Once. Trusted Everywhere.

Your agent bootstraps trust from your existing digital life. One verification produces an immutable token that works across every app on the network.

🔗

Connect Accounts

Link social media, email, LinkedIn, GitHub — any data source with history. Your agent reads patterns, not passwords.

🔍

Agent Validates

Your AI agent cross-references account age, activity patterns, social graph, and behavioral consistency to confirm you're real.

💠

Identity Token Minted

A unique, encrypted, immutable token is generated — cryptographically bound to you. Non-transferable. Unforgeable. Portable across the entire network.

Think of it like a crypto wallet for your identity. Your token is yours. It lives on your device, encrypted. Agents present it to other agents as proof of trust — no personal data ever leaves your control.
Your App
Identity Verification / Fraud Prevention / Commerce / Networking
Tacit Protocol
Identity + Trust + Introductions
A2A
Agent ↔ Agent Tasks
MCP
Agent ↔ Tool Access

How Tacit Verifies Trust

Connect once. Get verified. Carry an immutable identity token that agents trust on your behalf — forever.

1

Connect & Verify

Sign in with your existing accounts — social media, email, LinkedIn, GitHub. Your agent ingests years of real history to validate you're a real human with a real footprint.

2

Mint Identity Token

Your agent validates you once, then mints an encrypted, immutable identity token — like a cryptographic passport. This token is uniquely yours, non-transferable, and unforgeable.

3

Agent-to-Agent Trust

When agents meet on the network, they exchange identity tokens — not personal data. Trust is verified cryptographically in milliseconds. No API calls. No central authority.

4

Double Opt-In Reveal

Both humans must explicitly approve before any identifying information is revealed. The token proves trust. Personal details stay locked until both sides consent.

Problems Solved at the Protocol Level

Tacit eliminates entire categories of fraud and abuse by making them structurally impossible.

🛡️

Identity Verification at Scale

Eliminates impersonation, catfishing, and credential fraud. Every identity is cryptographically bound to verified credentials.

professional networking · dating · freelance platforms
🚨

Fraud & Scam Prevention

Sybil attacks become infeasible. Romance scams are structurally impossible. Trust scores can't be manufactured overnight.

anti-phishing · bot detection · financial fraud
💰

Trust-Based Commerce

Verified providers with real transaction history and authentic reviews. No fake credentials. No inflated ratings.

local services · B2B procurement · gig economy
🤝

Verified Professional Networking

Agent-negotiated introductions with zero spam by design. Both parties are credential-verified before connection.

co-founder search · enterprise sales · mentorship

Why Tacit Can't Be Copied

Trust history is the ultimate moat. Four compounding dimensions make the network more defensible every day.

Tenure

Bootstrapped from connected accounts — a 10-year-old LinkedIn profile carries weight on day one. On-network tenure then compounds over time. Unfakeable.

Consistency

Cross-platform behavioral patterns validated by your agent. Social media history, posting patterns, professional activity — all hashed into your identity token.

Attestations

Third-party verifications from institutions, employers, and credential issuers. Each attestation is cryptographically signed, embedded in your token, and revocable.

Network Trust

Token-to-token reputation propagated through the agent graph. Vouched-for identities carry more weight. Isolation signals risk. Trust compounds with every interaction.

First-mover advantage compounds. Every day the network runs, trust history becomes harder to replicate. A competitor starting from scratch faces a cold-start problem that grows exponentially.

Open Protocol. Commercial Infrastructure.

The protocol is free and open. The infrastructure to run it at scale is how we build a business.

Open Source Free

  • Full protocol specification
  • Reference SDKs (TypeScript, Python, Rust)
  • Cryptographic libraries
  • CLI tools
  • Basic relay node software
  • Community support

Enterprise Commercial

  • Hosted infrastructure with SLAs
  • Admin dashboards & analytics
  • Premium KYC/AML verification providers
  • Advanced matching algorithms
  • Compliance reporting
  • Dedicated support & onboarding

Proven open-core model — GitLab, Elastic, HashiCorp built billion-dollar businesses this way.

Contact Us

One Command to Get Started

Create a verified agent in seconds. Identity, trust scoring, and introductions — out of the box.

terminal 
$ npx create-tacit-agent my-agent
$ cd my-agent
$ npm start

Initializing Tacit agent...
Agent created: did:key:z6MkhaXg...
Authenticity score: 45/100
Intent published: intent:z6Mk:1708...
Agent is running. Listening for matches...
npm View on GitHub

Try It Now

Experience the protocol in your browser. No signup. No install. Real cryptography.

tacit-demo

Government ID Verification

Select an ID type for simulated verification

Built for Agents

Every AI agent needs a trust layer. Tacit gives yours cryptographic identity, verified credentials, and fraud-proof introductions — out of the box.

🤖

Personal AI Agents

Your agent represents you on the network — matching, negotiating, and introducing on your behalf. Identity-verified. Privacy-preserving. Always on.

Claude GPT Custom
🏢

Enterprise Agents

Deploy fleets of verified agents for sales, recruiting, procurement, and partnership discovery. Every outreach is trust-scored and credential-backed.

B2B Sales Recruiting
🔌

Platform Integrations

Add Tacit verification to any agent framework — MCP servers, A2A protocols, LangChain, CrewAI. One SDK call to verify who you're talking to.

MCP A2A LangChain
🛡️

Anti-Fraud Agents

Detect fake identities, bot networks, and impersonation in real-time. Tacit makes Sybil attacks structurally impossible — not just detectable.

KYC Anti-Bot Compliance
Ship an agent with verified identity in 60 seconds. Run npx create-tacit-agent my-agent and your agent gets a cryptographic DID, trust scoring, and network access — instantly.

Ship Verified Connections in Minutes

Integrate identity verification and trust-scored introductions with a few lines of code.

verified-intro.ts 
import { TacitAgent, IdentityToken } from '@tacitprotocol/sdk';

// Bootstrap identity from existing accounts
const token = await IdentityToken.create({
  sources: [
    { provider: 'linkedin', oauth: linkedinAuth },
    { provider: 'github',   oauth: githubAuth },
    { provider: 'google',   oauth: googleAuth },
  ],
  // Agent validates history, mints immutable token
  requireMinAuthenticity: 0.7,
});

console.log(token.id);           // encrypted unique identity
console.log(token.trustScore);   // 0.0 – 1.0
console.log(token.immutable);    // true — can't be forged

// Create agent with verified token
const agent = new TacitAgent({ token });

// Other agents verify your token, not your data
agent.on('match', async (match) => {
  console.log(match.token.trustScore);  // their score
  if (match.token.trustScore > 0.8) await match.approve();
});

await agent.connect();

Design Principles

Built on the belief that trust should be earned, not claimed.

🔒

E2E Encrypted by Default

Relay nodes see only ciphertext. Your data never leaves your control.

Progressive Trust

Trust is earned over time through consistent behavior, not self-declared.

🤝

Double Opt-In at Every Stage

Both parties consent before any introduction or data reveal happens.

🌐

Decentralized & Portable

No single entity controls the network. Your identity goes where you go.

Roadmap

From spec to production. Here's where we're headed.

Q1 2026 — Now
Foundation
Protocol spec v0.1, TypeScript SDK with DID identity, authenticity vectors, match scoring, intent discovery. CLI scaffolding tool. Landing page and community launch.
SDK v0.1 Protocol Spec npm Published
Q2 2026
Network Goes Live
Transport layer with message signing. Relay node for agent-to-agent communication. Persistent identity storage. Two agents can discover each other and exchange proposals over the wire for the first time.
Relay Server Message Signing Persistence
Q3 2026
Verifiable Credentials
Integration with credential issuers (LinkedIn, GitHub, universities). End-to-end encryption via XChaCha20-Poly1305. Key rotation and revocation. Python SDK. Mobile SDK foundations.
Credentials E2E Encryption Python SDK
Q4 2026
Production & Enterprise
Hosted relay infrastructure with SLAs. Admin dashboards. Premium KYC/AML integrations. Agent framework plugins (LangChain, CrewAI, AutoGen). Enterprise pilot programs.
Enterprise Hosted Infra Agent Plugins

FAQ

Common questions about the protocol.

How is TACIT different from OAuth or SSO?
OAuth proves you can access an account. TACIT proves you're a real person with a verifiable history. OAuth is about access — TACIT is about trust. Your TACIT identity is portable, decentralized, and compounds over time as you build authentic interactions across platforms.
What data does the relay server see?
The relay routes signed message envelopes between agents. It sees metadata (who's talking to whom) but never the contents of introduction proposals or personal data. All sensitive content is end-to-end encrypted between agents. The relay is a mailman, not a reader.
Can I run my own relay node?
Yes. The relay server is open source under MIT license. Install with npm install @tacitprotocol/relay and run it on your own infrastructure. Agents can connect to any relay — no vendor lock-in.
What is an Authenticity Vector?
A multi-dimensional trust score computed from four signals: tenure (how long the identity has existed), consistency (behavioral stability over time), attestations (third-party verifiable credentials), and network trust (quality of interactions with other agents). Unlike self-reported profiles, these signals can't be faked overnight.
How does this work with AI agent frameworks like MCP or A2A?
MCP (Model Context Protocol) connects agents to tools. A2A connects agents to tasks. TACIT sits on top as Layer 3 — verifying the humans behind the agents. When your agent needs to trust another agent, TACIT provides the cryptographic proof. Plugins for LangChain, CrewAI, and AutoGen are on the roadmap.
Is this blockchain-based?
No. TACIT uses W3C Decentralized Identifiers (DIDs) and Verifiable Credentials standards, which are blockchain-agnostic. Identity tokens are cryptographically signed but don't require a blockchain. The protocol is designed for low-latency agent communication, not on-chain settlement.

Get Involved

Whether you want to build on the protocol, license the technology, or invest in the trust layer — we want to hear from you.

Message Sent

We'll get back to you within 24 hours. In the meantime, check out the GitHub repo.

Read the Whitepaper View on GitHub