attest

The identity resolution layer for agent commerce.

Stripe handles how agents pay. Visa and Mastercard handle how agents authenticate to payment networks. Attest handles what nobody else does: telling the merchant who the agent is, who it acts for, and whether that customer already exists in their system.

Repo

github.com/djt53/attest

Why this matters

Agent traffic to e-commerce sites is exploding (4,700% YoY per Visa, 11x agent-attributed orders on Shopify between Jan 2025 and Jan 2026). The payments layer is being solved — Stripe’s Agentic Commerce Protocol, Visa’s Trusted Agent Protocol, Mastercard’s Agent Pay. But identity isn’t. None of those tell the merchant:

  • Is this agent acting for an existing customer, or a new one?
  • Is this the same person who bought from me last week via a different agent?
  • Should I apply their loyalty discount, or treat this as a guest checkout?

Auth providers (Clerk, Auth0, WorkOS) solve identity inside their own platform but can’t do cross-platform resolution. Clerk’s AgentPass handles delegation (“can this agent act for this user?”) but not merchant-side resolution (“is this a returning customer?”). Attest is the neutral layer that sits in between: open spec on the agent side so any runtime can participate, paid product on the merchant side that turns anonymous agent traffic into recognized customers.

How it works

A merchant-driven challenge-response model. The merchant creates the incentive — better service for attested agents — so no upfront coordination with agent runtimes is required.

  1. Merchant detects agent traffic and sends a WWW-Attest challenge with benefits (loyalty pricing, real-time inventory, skip CAPTCHA).
  2. Agent responds with a signed attestation JWT identifying itself, the user it acts for, and the scope of authorization.
  3. Merchant verifies the JWT against Attest’s verification service, resolves the identity against existing customer records (email match, cross-session stitching), and applies elevated access.

Agents that don’t attest still function — they just get guest-level service.

Stack

TypeScript monorepo built on Hono, Postgres, jose (JWT signing/verification), Zod. Merchant integrations as a Shopify Remix + Polaris app and a Stripe UI Extension. Consent portal in Remix + Tailwind. Compatible with Clerk’s AgentPass for agents that already use it.

Status

WIP