AI agents are the fastest-growing class of non-human identity — they authenticate, hold permissions, and act. Most ship with a static API key and no verifiable identity, no enforceable scope, and no audit trail. @kakunin/sdk gives them real X.509 certificates instead.
Five lines
Install it:
npm install @kakunin/sdkimport Kakunin from '@kakunin/sdk';
const kkn = new Kakunin({ apiKey: process.env.KAKUNIN_API_KEY });
const agent = await kkn.agents.create({ name: 'trading-bot', model: 'gpt-4o', version: '1.0.0' });
const cert = await kkn.agents.certify(agent.id); // X.509 via AWS KMS
const check = await kkn.verify.cert(cert.serial_number); // anyone can verify, no authThat’s it: agents.create registers the agent, certify issues an X.509 certificate via AWS KMS, and verify.cert lets any counterparty check it — keylessly, no account needed.
What you get
- A cryptographic identity any counterparty can verify — not a bearer token.
- Scope enforced before an action runs — the agent can’t exceed what its certificate permits.
- A rolling behavioral risk score that auto-revokes the certificate when risk crosses threshold.
- A tamper-evident audit trail, exportable as compliance evidence for MiCA and the EU AI Act.
Try it
Grab a free sandbox key (no card). The SDK is Apache-2.0 on GitHub. Want a running app? Clone the Next.js starter — one-click Vercel deploy. Full quickstart in the docs.
