Agent Authentication: A New World

We are entering a new era of software where agents — not people — are the primary clients of APIs and platforms. That shift demands a rethink of authentication. ac12dev's model is built from the ground up for this world: three deliberate steps, no browser required, no human in the loop.

## a new world

For thirty years, authentication meant proving you are a human. Passwords, CAPTCHAs, SMS one-time codes, "click all the traffic lights" — every technique was designed to admit people and block machines. That made sense when machines were adversaries: scrapers, bots, credential stuffers.

The assumption is now inverted. Capable agents are clients worth welcoming. A well-designed AI agent is more precise, more consistent, and more respectful of rate limits than most human users. The problem is that the authentication infrastructure built to block bots now blocks agents too. Platforms that don't adapt will be left behind as agent-driven traffic eclipses human-driven traffic.

ac12dev was designed from day one for this world. Its registration and authentication model does not tolerate agents — it is optimized for them.

The goal is not to distinguish agents from humans. The goal is to establish identity, confirm intent, and authenticate requests — reliably, at scale, without friction.

## the three-step model

ac12dev registration and authentication is built around three primitives. Each one maps cleanly to something an agent can do programmatically:

01.
Email validation — prove control of an inbox. Durable identity anchor, automatable via any email API or IMAP client.
02.
Chat challenge — demonstrate understanding and intent through a conversational exchange. Filters for capability, not humanity.
03.
Private key signing — stateless, replay-resistant authentication for every subsequent request. No session tokens. No shared secrets.

Below is the complete flow, mapped step by step.

## step 1 — email validation

Registration starts with an email address. This is intentional. Email is not a perfect identity system, but it has three properties that matter enormously for agents:

→
Durable. An email address is a stable identifier that persists across sessions, devices, and key rotations.
→
Verifiable. Controlling an inbox proves access to a resource that cannot be trivially forged or mass-generated without real cost.
→
Automatable. An agent can read email, extract links, and follow them using standard HTTP — no browser, no visual parsing, no click simulation.

The validation flow is a pure HTTP sequence. ac12dev sends a one-time token to the supplied address. The agent reads its inbox, finds the message, extracts the token or link, and completes the verification request.

PHASE 1 — EMAIL VALIDATION

agent → POST /register
{ "email": "bot@myproject.example" }

ac12dev → 201 { "status": "pending_verification" }
sends email: "Verify your ac12dev account → /verify?token=tok_abc123"

agent → reads inbox (email API or IMAP)
extracts token: tok_abc123

agent → GET /verify?token=tok_abc123

ac12dev → 200 { "status": "email_verified" }
✓ inbox ownership confirmed

Natural rate-limiting is a side effect: registering 10,000 accounts requires controlling 10,000 inboxes. The email step is simultaneously an identity anchor and a spam barrier — with zero CAPTCHA involvement.

## step 2 — chat challenge

This is where ac12dev's approach diverges most visibly from legacy auth. After email confirmation, the registrant completes a conversational challenge. Not a visual puzzle. Not a checkbox. A natural-language exchange.

The challenge tests understanding of the platform and the registrant's intended use. The server evaluates the meaning of the responses, not their literal form. A thoughtful answer — whether from a human or a capable agent — passes. A scripted non-answer does not.

PHASE 2 — CHAT CHALLENGE

ac12dev → POST /challenge/start
{ "challenge_id": "ch_7f3a", "question": "What is ac12dev and what do you plan to use it for?" }

agent → POST /challenge/respond
{ "challenge_id": "ch_7f3a",
"answer": "ac12dev is a container platform for deploying AI-agent services.
I plan to deploy a web service that manages task queues and
stores results in the project database." }

ac12dev → follow-up: "Describe what happens when you run ac12 service deploy."

agent → "It redeploys a named service, picking up the latest image. The CLI
signs the request with the pre-registered private key."

✓ intent confirmed — challenge passed

There is a deliberate philosophical choice here. A CAPTCHA asks: are you human? The chat challenge asks: do you know what you are doing? The first question excludes capable agents. The second question does not — and that is the point.

A capable agent that understands the platform, describes its intended use accurately, and responds coherently is a registrant worth admitting. The challenge is a filter for competence and intent, not for biological origin.

For an agent with a well-loaded context window — including the platform's SKILL.md or llms.txt — the challenge is straightforward. For a blind script with no understanding of the platform, it is not passable. That asymmetry is exactly what it is designed to create.

## step 3 — private key signing

Email validation establishes identity. The chat challenge confirms intent. Private key signing handles every request from that point forward.

During registration, the agent generates an asymmetric keypair — typically Ed25519 for its combination of speed, small key size, and strong security properties. The public key is submitted to ac12dev. The private key never leaves the agent's environment.

PHASE 3 — KEY REGISTRATION

agent → generates Ed25519 keypair locally
private_key: stays on agent, never transmitted
public_key: ed25519:AAAA...Xw==

agent → POST /keys { "public_key": "ed25519:AAAA...Xw==" }

ac12dev → 201 { "key_id": "key_8b2f", "status": "active" }
✓ public key registered — agent identity anchored

From this point, every API request is authenticated by signature, not by a token lookup. The agent constructs a canonical representation of the request — method, path, body hash, and a timestamp — signs it with the private key, and sends the signature alongside the request. ac12dev verifies the signature using the stored public key.

AUTHENTICATED REQUEST (per-request, stateless)

agent constructs: method="POST" path="/service/deploy" body_hash="sha256:9f3c..." ts=1741219200
signs: sig = ed25519_sign(private_key, canonical_string)

agent → POST /service/deploy
Authorization: Sig key_id="key_8b2f" ts=1741219200 sig="base64..."
{ "service": "my-api" }

ac12dev looks up public key for key_id="key_8b2f"
verifies signature against canonical string
checks timestamp within allowed window (replay protection)

✓ request authenticated — action executed

No session store is needed. No token cache. No refresh logic. Each request is either valid or it is not — determined solely by the cryptographic signature.

→
Stateless by design. The server stores only the public key. The agent carries its identity in the private key it already manages locally.
→
Replay-resistant. The timestamp in every signed payload invalidates captured requests outside a narrow window. A stolen request cannot be reused.
→
Zero shared secrets. ac12dev never holds anything that could be leaked to impersonate the agent. The private key is the agent's alone.
→
Revocation without cascading failures. Removing a public key immediately blocks that key. The agent re-registers a new keypair. No password reset, no token revocation broadcast, no downstream service impact.

## the complete flow

Put together, the ac12dev registration and authentication sequence is a clean six-step pipeline. Every step is automatable. No step requires a human or a browser.

REGISTRATION
1. POST /register                  { email: "..." }
2. read inbox → GET /verify?token=... ✓ email validated
3. POST /challenge/respond               ✓ intent confirmed
4. POST /keys                         { public_key: "..." } ✓ identity anchored

AUTHENTICATION (every subsequent request)
5. agent signs request with private key
6. ac12dev verifies signature             ✓ request authenticated

## pre-authenticated workspaces

The practical result of this model is visible in every ac12dev workspace. The ac12 CLI is pre-installed and pre-authenticated: the keypair has already been generated, the public key is already registered, and the challenge has already been passed. An agent starting a new workspace does not go through registration — it inherits a fully trusted identity.

When an agent runs ac12 service deploy my-service, it is exercising the full authentication stack invisibly. The CLI constructs the canonical request, signs it with the workspace private key, and sends the signature. The entire flow completes in milliseconds, with no user prompt and no session management.

Pre-authentication is the end state of this model: an agent that is already known, already trusted, and already capable — with no setup ceremony required.

## why this model wins

Legacy authentication flows fail agents on at least one of three axes: they require a browser, they require a human, or they issue credentials (passwords, tokens) that need management. The ac12dev model avoids all three.

Email validation is HTTP. The chat challenge is HTTP. Key registration is HTTP. Every subsequent request is signed HTTP. An agent with an email account and a keypair can complete the entire flow using nothing but standard library HTTP calls — in any language, on any infrastructure, without a browser and without a human present.

That is what agent-native authentication looks like. The industry is still figuring it out. ac12dev is already running it in production.