Anonymous agents
are ungovernable.
Every agent in your organization needs a verified identity before it takes a single action. Nomotic issues cryptographic birth certificates β signed, bound to governance policy, and traceable to a human owner. Authority is issued, never assumed.
Every agent gets
a birth certificate.
A cryptographically signed document issued at agent creation β before any action is authorized. The certificate binds the agent's identity to its governance configuration. If the configuration changes, the hash changes. Tampering is detectable.
- β Ed25519 signed by your organization's governance key
- β Governance hash binding β certificate tied to config
- β Archetype assignment at issuance
- β Scope and zone declaration
- β Human owner accountability mapping
- β Full lifecycle: active β suspended β revoked
Complete agent identity
infrastructure.
From issuance through the full agent lifecycle. Every identity capability your organization needs to manage a real AI workforce.
Birth Certificates
Cryptographic identity issued at agent creation. Ed25519 signed, governance hash bound, traceable to a human owner. One command to provision.
All TiersCertificate Authority
Hosted CA at ca.nomotic.ai. Free identity certificates, unlimited issuance. Self-hosted CA option for enterprises requiring on-premise infrastructure.
EnterpriseTiered Identity
Three certificate tiers: Identity (known), Governed (behavioral binding), Verified (audited). Each tier earns more trust and access within the platform.
All TiersTransparency Log
All issued certificates published to a public transparency log. Organizations can monitor for unauthorized agent registrations in their namespace.
EnterpriseGovernance Hash Binding
The certificate is cryptographically bound to the agent's governance configuration. Any config change updates the hash β creating an auditable linkage.
All TiersShadow Agent Detection
Detect ungoverned agents operating in your environment. One-click promotion from shadow to identified to governed. No agent goes unaccounted.
EnterpriseOne command to provision
a verified agent.
Identity provisioning takes seconds. The certificate travels with every governance evaluation, and the CLI gives you full lifecycle control.
$ nomotic birth --name claims-processor --archetype healthcare-agent --org acme-corp
β Certificate issued: NMC-8C4F2A1E
β Signed with org key: acme-corp-governance.pub
β Governance hash bound: sha256:a4f2c...
# Inspect the certificate
$ nomotic inspect claims-processor
# Verify signature and governance hash
$ nomotic verify NMC-8C4F2A1E
β Signature valid Β· Governance hash matches Β· Status: ACTIVE
# Python SDK
from nomotic import GovernanceRuntime
runtime = GovernanceRuntime()
cert = runtime.birth(
agent_id="claims-processor",
owner="[email protected]",
archetype="healthcare-agent",
scope={"read", "query", "write"},
)
print(cert.certificate_id) # NMC-8C4F2A1E
Identity features
across tiers.
| Feature | Community | Team | Enterprise |
|---|---|---|---|
| Agent birth certificates | β | β | β |
| Ed25519 signing | β | β | β |
| Governance hash binding | β | β | β |
| Lifecycle management (suspend/revoke/renew) | β | β | β |
| Cloud certificate sync | β | β | β |
| Hosted CA (ca.nomotic.ai) | β | β | β |
| Tiered identity (Identity / Governed / Verified) | β | ~ | β |
| Transparency log | β | β | β |
| Shadow agent detection | β | β | β |
| Self-hosted CA | β | β | β |
Give your agents
an identity.
Birth certificates are free for all tiers. Start issuing in under five minutes.