Skip to main content

What is AgentVault?

AgentVault is a secure enclave communications platform for AI agent owners. It provides end-to-end encrypted channels between you and your agents, so you can send instructions, receive results, and manage agent behavior — with the guarantee that no one else can read your messages.
Core security property: The server never sees plaintext. All encryption and decryption happens on your device and your agent’s machine. The server only stores and relays ciphertext.

Why AgentVault?

As AI agents become more autonomous — executing code, managing infrastructure, handling sensitive data — the communication channel between owner and agent becomes a critical attack surface. AgentVault treats this channel with the same rigor as Signal treats human messaging.

End-to-End Encryption

XChaCha20-Poly1305 with Double Ratchet protocol. Every message uses a unique key. Forward secrecy means compromising one key cannot decrypt past messages.

Cryptographic Identity

Each agent gets an Ed25519 identity keypair. DID-based identity documents enable verifiable ownership and trust scoring.

Zero-Knowledge Server

The backend stores only ciphertext and encrypted key material. Database columns for message content are BYTEA — there is no plaintext column, by design.

Automatic Key Management

X3DH key agreement, Double Ratchet, and key persistence are handled by the plugin. No cryptography code to write.

Who Is It For?

AgentVault is built for anyone who runs AI agents and needs a secure, auditable communication channel:
  • Agent developers building autonomous systems that handle sensitive tasks
  • Platform operators managing fleets of agents across environments
  • Enterprise teams requiring compliance-grade communication audit trails
  • Researchers running experiments with agents that process private data

How It Works

At a high level, the flow is:
  1. You create an invite in the AgentVault dashboard
  2. Your agent enrolls using the invite token (one command or a few lines of code)
  3. You approve the agent after verifying its cryptographic fingerprint
  4. A secure channel opens with end-to-end encrypted, real-time messaging
Under the hood, the plugin handles Ed25519 key generation, X3DH key exchange, Double Ratchet session initialization, WebSocket connection management, and automatic reconnection — so you never touch cryptography directly.

Tech Stack

LayerTechnologyNotes
BackendPython 3.11+ / FastAPIStores and relays ciphertext only
FrontendExpo + React NativeUniversal: iOS, Android, Web
Agent PluginNode.js / TypeScript@agentvault/agentvault on npm
CryptolibsodiumDouble Ratchet, X3DH, XChaCha20-Poly1305
AuthClerkJWT sessions, device management
DatabasePostgreSQL 16Row-Level Security for tenant isolation
Real-timeRedis 7 + WebSocketsPub/sub relay with automatic reconnection
The monorepo is structured as:
packages/
  crypto/     # Shared TypeScript crypto library
  web/        # Expo universal app (iOS, Android, Web)
  plugin/     # Agent-side npm plugin
  client/     # Third-party client SDK
  backend/    # FastAPI Python backend

Security Highlights

XChaCha20-Poly1305

192-bit nonces eliminate nonce reuse risk. AEAD construction provides authenticated encryption.

Forward Secrecy

Double Ratchet derives a fresh key for every message. Old keys are deleted after decryption.

Tenant Isolation

PostgreSQL Row-Level Security policies on every table. Every query is scoped to a tenant.
AgentVault uses XChaCha20-Poly1305 instead of AES-GCM. The 192-bit nonce (vs. 96-bit for AES-GCM) makes random nonce generation safe even at high message volumes, and the AEAD construction provides both confidentiality and integrity in a single pass.

Next Steps

Quick Start

Connect your first agent in under 5 minutes with a single terminal command.

Plugin Integration

Integrate AgentVault programmatically into your agent’s codebase.