← 11th.network
AMPAgentic MultiPass

The Agentic Economy

What happens when agents go rogue?

When your agent discloses private information, who is accountable? How do you prevent it from being tricked into your assets while still giving it enough freedom to find opportunities, negotiate access, and act with speed?

Our Perception
The Reality
Dual-face synthetic being with a professional human-facing side and a chaotic digital-facing side surrounded by private data, assets, wallets, and permission risks
The same agent can look helpful to the user and become chaotic at the boundary where it touches APIs, wallets, private records, and external systems.
Agentic MultiPass

A pass that is not just an identity, it is a harness for trust.

A verifiable trust layer for AI agents: identity, control, mandate, capabilities, limits, authorization level, and live status that put humans in-the-loop with authority and agency, without forcing to disclose unnecessary private information.

01

Identity

Which agent is acting, and can that identifier be resolved?

02

Control

Which human, wallet, organization, or issuer approved it?

03

Mandate

What is the agent authorized to pursue, and under whose purpose?

04

Capabilities

Which tools, APIs, workflows, or actions may it access?

05

Limits

What boundaries, budgets, expiries, or review gates constrain it?

06

Status

Is the authority active, expired, suspended, or revoked now?

Why this exists

Machines will optimize the procedural layer. Humans must keep authorship of purpose.

AI agents are becoming the operational layer of capitalism: search, negotiation, allocation, logistics, contracting, compliance, arbitrage, and coordination. That shift can make markets faster and less performative, but only if agents can prove who they are, who controls them, what they are authorized to do, and whether that authority is still active.

Agentic MultiPass is the trust primitive for that transition. It does not ask humans to become perfectly rational, and it does not ask machines to become moral authors. It separates the work: machines execute procedural intelligence; humans define the why, the limits, and the legitimacy of action.

Open reference stack

Grounded in the repo: DIDs, credentials, proofs, and human approval.

The reference stack turns the liability question into a verifiable workflow. Agents do not merely hold secrets; they request a DID, receive human-approved authority, carry selectively disclosable credentials, and expose live status that a verifier can check.

Midnight acts as the privacy-preserving anchor for identity state and proof-oriented commitments. The full mandate, policy graph, MCP keys, private records, and operational context remain off-chain unless a specific interaction requires disclosure.

Agent DID architecture showing wallets, services, credentials, and Midnight network trust layers
The proposed architecture: agent identity, human approval, credential proofs, and Midnight as the privacy-preserving anchor.
Application screen showing an issued agent DID
Agent DID request and issued DID workflow.
Application screen showing human approvals and proof history
Human approval as the governance checkpoint.
Application screen showing registry proof verification
Verifier-facing proof and registry validation.
What we are inviting

Not another theory of agents. A field kit for verifiable action.

Agentic MultiPass is for builders, platform engineers, security reviewers, ecosystem contributors, wallet teams, protocol designers, and facilitators of the coming agent economy who believe autonomy needs a proof boundary.

Build reusable identity, mandate, and proof flows.

Validate where selective disclosure is necessary and where it is not.

Operate human-governed approval, revocation, and status systems.

Teach the difference between identity, possession, permission, and purpose.

Call for builders

Help define the authority layer for agents that act in the world.

Fork the reference, test the hypothesis, critique the proof model, contribute wallet and verifier flows, or bring a real external agent workflow where “trust my logs” is no longer enough.