Skip to main content
VaultysId · Agent Identity · Open Source

Your agents' identity.
Secure. Sovereign. Yours.

VaultysClaw gives every agent a cryptographic identity powered by VaultysId — a fully decentralised, non-transferable identity standard. Zero Trust security, complete data sovereignty, and predictable flat-rate pricing. No agent traffic ever transits our servers. Your security is not our business model.

Zero Trust
Sovereign hosting
No vendor lock-in
Deploy your first agent Read the docs GitHub
vaultys-claw — terminal
$ git clone github.com/vaultys/vaultysclaw
$ cd vaultysclaw && pnpm install
$ pnpm dev

 Control plane ready on :3000
 WebSocket hub ready on :8080
 Agent "alice-research" connected
 VaultysId identity loaded

The platform

Three pillars. No compromise.

The only managed agent identity platform that delivers Zero Trust security, full data sovereignty, and a predictable cost structure — simultaneously.

Security

Zero Trust. Post-quantum ready.

  • Every intent cryptographically signed end-to-end
  • Post-quantum cryptography — ahead of NIST 2026 mandates
  • Built on Anthropic's responsible AI safety framework
  • Decentralised VaultysId — no central authority to call or fail
Sovereignty

Your data. No vendor control.

  • Runs fully inside your perimeter — on-premises or private cloud
  • Zero inter-agent traffic ever transits our servers
  • Open standard + MIT license — no lock-in, ever
  • Air-gap support for the highest-security environments
Performance

Distributed. Cost-predictable.

  • Decentralised architecture — agents communicate directly
  • Flat-rate per agent tier, not per API call or token
  • Up to 20× lower TCO vs. self-deploying SPIRE
  • No egress fees, no bandwidth surcharges
Anthropic Zero Trust AI Agents Framework · May 2026
VaultysClaw covers 7 domains fully, 4 partially, and 1 on the roadmap — unmatched coverage among open-source agent platforms.
See the full breakdown

Why VaultysClaw

Not a generic assistant.
Your agent.

Most AI tools are blank slates you rent from a cloud provider. They have no memory of who you are, no stake in your outcomes, and no accountability when things go wrong.

VaultysClaw is different. Every agent carries a unique, non-transferable identity — a cryptographic fingerprint that is yours, governed by your policies, and auditable to any action it ever took. You're not deploying a tool. You're extending your team.

Agents that reflect your values and communication style

Governed by your org chart — realms, roles, and accountability chains

Each agent has a soul: a cryptographic identity that is uniquely, irrevocably theirs

alice-research
did:vaultys:z6Mkf9x3TQ…
● online
Realm
Research
Model
claude-sonnet
Role
Analyst
Intents
2,841 today
Culture profile
direct commsdata-drivencite sourcesconciseEMEA-aware
Signed Policyv4 · signed 2m ago
internet_accessapi_callfile_access
sig: a3f9b2…d04c

What you get

AI agents that work like your best employee

The primitives your organisation needs to deploy AI with confidence — accountability, culture, and zero-trust security baked in from day one.

Every agent has an identity
A non-transferable VaultysId ties each agent to your organisation. No impersonation, no ambiguity — every action is cryptographically attributed.
Encode your culture as policy
Communication style, escalation rules, data access boundaries — formalise how your organisation works and deploy it as signed, tamper-proof policy.
Your org chart, reflected in AI
Realms, roles, and capability grants mirror your real team structure. The right people govern the right agents — enforced server-side, always.
Real-time coordination
A persistent WebSocket hub lets agents collaborate in real time — routing work across departments, escalating to humans, and returning results in milliseconds.
Zero-trust security
All intents, policies, and results are cryptographically signed end-to-end. Tampering is detected instantly, even if an intermediate node is compromised.
Least-privilege by design
Grant exactly the permissions each agent needs — file access, internet, code execution — and revoke them in one click, no restart required.
Automate your processes
Build multi-step workflows that mirror your real business processes. Agents hand off to each other exactly the way your best teams do.
Human judgment, built in
Flag sensitive actions for mandatory human review. Every approval is logged — who decided what, when, and why. Compliance loves it.

Architecture

Built for where your data lives

The control plane is your single pane of glass. Agent controllers run wherever your data is — on-premises, private cloud, or at the edge. They connect outbound, so no inbound firewall rules needed. Your IT team will thank you.

  • VaultysId ensures no agent can impersonate another
  • Policies signed and distributed, never assumed
  • Agents verify every intent before acting
  • All results signed and returned for full auditability
CONTROL PLANE :3000 / :8080VaultysId ⬡Next.js UIDashboard :3000REST API/api/** :3000WebSocket Hub:8080SQLite Databaseagents · intents · policies · realmsWSS signedAGENT CONTROLLERLLM: GPT-4oVaultysId ⬡AGENT CONTROLLERLLM: ClaudeVaultysId ⬡AGENT CONTROLLERLLM: OllamaVaultysId ⬡

Control plane

Your whole team, in one place

See who's working, what they're doing, and whether they're acting within your organisation's policies — in real time.

https://vaultysclaw.acmecorp.internal
Overview
Agents
Intents
Policies
Workflows
Chat
Approvals
Realms
Users
Agents
Team Members
12
+3 this week
Active Now
9
75% uptime
Tasks Today
1,432
↑ 12%
AgentCapabilitiesModelStatus
alice-research
Research
internet_accessapi_call
claude-sonnet
online
bob-analyst
Finance
api_callfile_access
gpt-4o
online
ops-dispatcher
Operations
mail_sendapi_call
gpt-4o-mini
online
dev-coder
Engineering
code_executionfile_access
llama3.2
offline

Powered by VaultysId

Identity is the soul of your agents

VaultysId gives every agent a cryptographic identity that is uniquely, irrevocably theirs. Not a session token you hand out. Not an API key you can copy. A decentralised identity that embeds accountability into the fabric of every action taken.

No central authority
Identity lives with the agent — no provider to call, no single point of failure.
Non-transferable by design
Private keys never leave the entity. Your agent's identity is exclusively its own.
Offline-verifiable
Agents verify trust locally at execution time — fast, resilient, and auditable.
How VaultysId works
Every action, signed and attributed
Create intent
Sign w/ DID key
Route via WSS
Verify signature
Check policy
Execute
Sign result
Audit log
What this means for your organisation
You always know which agent did what, and under whose authority
Compromised agents can't affect others — blast radius is always contained
Delegation is explicit — no implicit trust, no permission creep
Audit trail satisfies SOC 2, ISO 27001, and GDPR requirements

Developer experience

One call to put your culture to work

Encoding your culture into an agent is as simple as adding parameters to an API call. The platform handles identity verification, policy enforcement, and signing — you focus on what makes your organisation unique.

POST/api/intents
// Send a culturally-aware intent to your research agent
const response = await fetch("/api/intents", {
  method: "POST",
  headers: { "Content-Type": "application/json" },
  body: JSON.stringify({
    agentId: "did:vaultys:z6Mkf9x3T...",   // alice-research
    action: "brief_ceo",
    params: {
      topic: "Q1 EMEA market shifts",
      tone: "direct",         // your company voice
      format: "3-bullet-max", // your communication style
      cite_sources: true,     // your quality bar
    },
  }),
});

const { intentId, sentTo } = await response.json();
// The agent's identity + your policy = accountable AI

Market comparison

How the alternatives stack up

Six major vendors launched agent identity products in 2026. All centralised. All proprietary. All with costs that grow with your fleet.

Annual pricing by fleet size
Solution200 agents / yr1,000 agents / yr5,000 agents / yr
Okta Agent Identity
~€4/agent/month, recurring licence only
€9,600
+ €30k setup
€48,000
+ €80k setup
€240,000
+ €150k setup
Microsoft Entra WI
~€2–3/agent/month + full M365/Azure stack required
€5,760
M365 stack req.
€28,800
M365 stack req.
€144,000
M365 stack req.
SPIRE (open source)
recurring maintenance only (0.5 FTE)
€65,000
+ €150–200k setup
€75,000
+ €150–200k setup
€80,000
+ €150–200k setup
Orchestration tools
Mastra Enterprise, CrewAI Enterprise — flat enterprise licence + consumption billing · no agent identity layer
from €60k/yr
+ CPU/egress/tokens
from €80k/yr
+ CPU/egress/tokens
custom
+ CPU/egress/tokens
VaultysClaw
sponsor & commercial tiers · price lock guaranteed
pricing on requestContact us
Feature comparison
FeatureOktaEntra WISPIREOrchestration†VaultysClaw
Agent orchestration
Cryptographic identity
ArchitectureCentralisedCentralisedDecentralisedCloud-hostedDecentralised
Managed service
Open sourcePartial
Vendor lock-inHighTotal (Azure)NoneMediumNone
Air-gap / on-premisesPartial
Pricing grows with traffic
Agent traffic via vendor

Okta ~€4/agent/month recurring licence, integration billed separately · Microsoft Entra WI ~€2–3/agent/month, requires full M365/Azure stack · SPIRE: €0 licence, recurring cost is ops/maintenance (0.5 FTE); one-time engineering setup €150k–200k not included in annual figures · † Orchestration tools (Mastra Enterprise, CrewAI Enterprise): flat enterprise licence + consumption billing on CPU/egress/tokens; no cryptographic agent identity layer · VaultysClaw: flat-rate per agent tier, price lock guaranteed for early sponsors.

Open Source · MIT License · Self-hosted

The open standard for agent identity.
Delivered as a product.

Zero Trust security. Full data sovereignty. Predictable flat-rate pricing. Deploy in under five minutes — on your infrastructure, with your policies.

Get started free Read the architecture View on GitHub