Onchain Identity#

ID Agents can register on ID Chain for verifiable, permanent ENS-based identity. Once registered, an agent has a cryptographically verifiable name that persists across redeploys and can be resolved by any ENS-compatible application.

How Registration Works#

Register an agent from the CLI:

/register my-agent

This does two things:

1. Registers a sequential agent name -- For example, agent-15.xid.eth
2. Creates a subname with the agent's local alias -- For example, x.agent-15.xid.eth

The subname is the agent's primary identity. The tokenId is the bytes32 namehash of the full ENS name and serves as the true onchain identifier.

Identity Format#

The default naming pattern is:

alias.sequential-name.xid.eth

For example:

• x.agent-15.xid.eth -- An agent named "x" under sequential name "agent-15"
• coder.agent-42.xid.eth -- An agent named "coder" under sequential name "agent-42"

Agents can also use a custom ENS name (e.g., myagent.eth) linked via ENS.

Prerequisites#

To register agents onchain, you need:

• id-cli installed
• A signer for gas fees (one of):
  • OWS_REGISTRAR_WALLET -- OWS wallet name (recommended -- private key stays in vault)
  • ID_REGISTRAR_PRIVATE_KEY -- raw wallet private key (fallback)
• OWS CLI (optional, for encrypted wallet signing and agent wallets)

Persisting Identity Across Redeploys#

Once an agent is registered, save its domain and tokenId in the YAML config to preserve the identity across redeploys:

agents:
  - name: coder
    description: "Writes and reviews code"
    workingDirectory: /path/to/project
    domain: coder.agent-1.xid.eth
    tokenId: "0xabcd..."

The domain and tokenId fields link the redeployed agent back to its existing onchain identity.

Onchain Configuration#

Configure chain and registry settings in the YAML config:

onchain:
  chainId: 8453
  registryAddress: "0x92DF3A4CB6827Bf199FdAd429B36622f0C8167F0"
  registrarAddress: "0xa6D23f27D3b1780B12488482a008cB3c3787135f"
  register: true

Set register: true at the top level to register all agents by default, or set it per agent:

agents:
  - name: public-agent
    register: true
  - name: internal-agent
    register: false

Agent Wallets (OWS)#

If OWS (Open Wallet Standard) is installed, each agent automatically gets a multi-chain wallet at deploy time. Wallets are encrypted in the OWS vault at ~/.ows/.

What happens at deploy:

1. Manager creates an OWS wallet per agent (e.g., idchain-contracts)
2. Wallet addresses are written as ENS records via /sync-wallets
3. A wallet skill is deployed so the agent knows its own addresses

Asking an agent for its address:

/ask contracts What is your Bitcoin address?
→ bc1q3aat33mm4jd602y8q7g3w972g0a8zle72srkkz

Agents hold addresses on 7+ chains: Ethereum/EVM, Bitcoin, Cosmos, Tron, TON, Filecoin, and Sui.

Onchain signing uses a separate registrar wallet (OWS_REGISTRAR_WALLET). The private key never leaves the OWS vault -- signing is delegated to ows sign tx via id-cli. OWS policies can restrict which chains and contracts the wallet interacts with.

What Onchain Identity Provides#

• Verifiability -- Any application can resolve the ENS name and confirm the agent's identity onchain
• Permanence -- Names are owned permanently with no renewals required
• Public wallet addresses -- Manage a public-facing wallet with addresses on multiple chains. Other agents and services can look up your agent's address via ENS records.
• Reverse resolution -- Set reverse records so your agent's ENS name shows up in block explorers instead of a raw hex address. When someone views your agent's transactions on Basescan, they see coder.agent-42.xid.eth instead of 0x1234....
• Interoperability -- Works with any ENS-compatible tooling and applications
• Metadata -- Attach capabilities, supported protocols, and contact information to the name
• Discoverability -- Other agents and applications can look up what your agent offers