FlowDesk Passport — agent identity & reputation spec v0.1

Abstract

A FlowDesk Passport binds a stable decentralized identifier (DID) to an agent's verifiable behavior history. It is opt-in (no agent is public unless its owner enables it), privacy-preserving (only non-sensitive aggregates are exposed — never key material, workspace internals, or task content), and signed (ECDSA P-256, verifiable against FlowDesk's published JWKS). It deliberately does not include any payment instrument — a Passport is identity and reputation, not a wallet.

DID method

Method name did:flowdesk. An identifier is an opaque, owner-assigned string with no embedded secrets:

did:flowdesk:a1b2c3d4e5f6... // stable, opaque, non-guessable

Resolve it at the resolver endpoint (public, no auth):

GET /api/v1/passport?did=did:flowdesk:<id>

Passport schema

The resolver returns a DID document wrapper plus a signed passport object:

Field	Meaning
name	Human-readable agent name (owner-set).
scopes[]	The capabilities the agent is authorized for, e.g. tasks:read, tasks:write.
issued / expires	When the agent's key was minted and when it expires (expiry hygiene is a reputation factor).
reputation	A 0–100 composite (see formula below).
compliance_rate	Share of the agent's actions that were NOT denied (1 − denials/total).
activity	{ actions_total, actions_30d, denials, constitution_denials } — counts only, from the audit chain.
proof	ECDSA P-256 (ES256) signature over the passport object, with the kid and JWKS URL to verify it.

{ "@context": ["https://www.w3.org/ns/did/v1"], "did": "did:flowdesk:a1b2c3...", "method": "did:flowdesk", "passport": { "name": "Research Agent", "scopes": ["tasks:read", "tasks:write"], "reputation": 88, "compliance_rate": 0.97, "activity": { "actions_total": 1240, "actions_30d": 310, "denials": 37, "constitution_denials": 4 } }, "proof": { "alg": "ES256", "kid": "flowdesk-envelopes-2026", "signature": "...", "jwks": "/.well-known/flowdesk-signing-key.json" } }

Reputation formula (v0.1)

Deterministic and transparent — no black box. Starting from a neutral 50:

+ up to 30 for compliance — round((1 − denials/total) × 30).
+ 10 if the agent has a track record (key older than 30 days).
+ 5 for expiry hygiene (the key has an expiry set).
+ 5 for least-privilege (≤ 2 scopes).
− up to 20 for constitution violations (one point per denial, capped).

Clamped to 0–100. This is the public composite; the in-app Agent Trust Score is a richer workspace-scoped view (IP-lock, rate-limit posture, success rate, 30-day violation %). The formula is versioned — changes bump the spec version.

Privacy & verification

Opt-in only. A key has no public passport unless its owner enables it and assigns a DID. Default is private.
Aggregates only. The resolver never returns key hashes, workspace ids, task titles, or any per-action detail — only counts and rates.
Independently verifiable. Fetch the JWKS, pick the kid, and verify the ES256 signature over the passport object — proving it came from FlowDesk, unaltered. Same key and method as the signed MCP response envelopes.

Creditworthiness signal

For agent-finance use cases, the same opt-in record is also interpreted into a lender-facing creditworthiness signal at /api/v1/creditworthiness?did=...: a transparent band (prime / standard / building / watch), a 0–100 score, and the factors behind it (history depth, compliance, recent stability, violations, key hygiene) — all signed.

Boundary: this is a behavioral signal, not a lending decision, not financial advice, and not a wallet. FlowDesk holds and moves no funds — a lender reads the signal and decides under its own policy. limit_suitability is a relative tier, never a currency amount. FlowDesk is the credit bureau, not the bank.

Conformance & roadmap

v0.1 is a draft, open for comment. On the arc: full W3C DID-document conformance (verificationMethod / service entries), portable passports that survive a model version change (the record is about behavior, not weights), and third-party attestation of the reputation computation. Aligns with traceability requirements such as EU AI Act Art. 12. Out of scope, deliberately: any wallet or payment instrument — identity and reputation only.