FIDES

What it is

FIDES decides whether an autonomous agent is known, authorized, delegated, and safe to execute, before the action happens. It combines signed identity, risk classified capabilities, delegation tokens, deterministic policy, and a kill switch into one allow, deny, or approve decision.

The problem it solves

As agents become autonomous they have no verifiable identity, no standard way to describe what they can do and at what risk, no guard that runs before an action, and no tamper evident record afterward. Role based access control was built for humans and static services, not for agents that delegate authority to each other and cross trust boundaries at runtime.

How it works

Each agent has an Ed25519 identity and an AgentCard that describes its capabilities, endpoints, and policy requirements, all signed over canonical JSON. Delegation tokens grant capabilities with constraints (max actions, max spend, allowed contexts) and an expiry. Before an action, a guard combines policy rules, trust score, attestation, evidence chain integrity, and the kill switch into a single decision. Every step is appended to a hash chained, Merkle rooted evidence log. An authority service (agentd) exposes this over HTTP, and a CLI drives identity, signing, delegation, and revocation.

Where it fits

FIDES is the identity and pre execution gate for agent to agent work. Where Sardis governs money specifically, FIDES governs whether any agent action is permitted, and produces the proof other systems verify.

Status

Core primitives work: identity and signing, delegation with constraints, the policy and guard decision, the kill switch, and the hash chained evidence log are implemented and tested. The authority service, discovery providers, and trust graph are partially built (routes and storage exist, distributed pieces are early).