What is Modei?

··

Modei is the trust layer for AI agents, identity, enforcement, exchange, and proof. Built around four questions:

Who is this agent?

A passport proves which agent made a request, who authorized it, and who issued its credential.

What is it allowed to do?

On the agent side, spend limits, rate limits, and domain restrictions are enforced automatically, not left to the agent itself. On the service side, gates verify every incoming agent and control who gets access to what.

How do agents transact safely?

Services publish signed terms. Agents discover, compare, and buy, with pricing locked to their credential and every transaction producing a verifiable receipt.

What actually happened?

Every decision produces a signed attestation that anyone can verify independently.

Whether you deploy agents or run the tools and services they access, Modei gives you enforceable rules and verifiable proof, whether the agent cooperates or not.

The Problem

The trust gap exists on both sides of every agent interaction.

If You Deploy Agents

The only thing constraining your agent today is a system prompt and maybe a config file. There's no standard way to cap what it spends, restrict which services it can reach, or prove it stayed within bounds. If your agent books a $3,000 flight instead of a $300 one, you have no cryptographic proof that a spending limit was ever enforced.

If You Run Tools or Services Agents Access

Agents show up with nothing but a raw API key. You can't tell which agent made a request, who authorized it, or whether it's operating within its owner's rules. You have no way to offer tiered access, letting well-credentialed agents do more while keeping unknown agents in a sandbox.

Both sides need the same thing: verifiable identity, enforced constraints, and a signed audit trail. Modei provides all three.

How It Works

Modei is built for both sides of the agent stack. It has a focused set of building blocks that compose together depending on what you need.

Issuers: The Authority Behind Every Credential

Before any passport can be created, there needs to be an issuer. An issuer is the organization or person who authorizes agents to act, think of it as the company badge office. Your issuer identity has its own signing key, and that key stamps every passport you create. Anyone downstream can verify a credential is real and trace it back to you.

If your company has five agents handling different tasks, your issuer identity is the common authority behind all of them. Each agent gets its own passport with its own permissions and constraints, but they all trace back to the same issuer.

Passports: Identity for Agents

A passport is a cryptographic credential issued to an agent. Think of it as an ID badge that also carries the rules the agent must follow.

Identity — A unique agent ID, the issuer who authorized it, and a keypair (using Ed25519, a widely trusted digital signature algorithm) so the agent can prove it is who it claims to be.

Permissions — The specific actions the agent is allowed to take (e.g., orders:read, orders:place).

Constraints — Hard limits on what the agent can do: spending caps, rate limits, domain restrictions, time-of-day windows, and more.

Passports are signed by the issuer's key, so they can't be forged or silently modified. The agent's private key stays with the agent, Modei never stores it.

You don't need to set up a gate or any server-side components to use passports. A passport with embedded constraints works on its own, the enforcement layer evaluates every action against the passport's rules before it reaches any service. For example, you could issue a passport that caps your agent at $100/day and blocks all domains except your company's internal tools. This is passport-only mode, and it's the fastest way to put guardrails on an agent.

The Enforcement Layer

The enforcement layer is the policy engine. It sits between the agent and the outside world and evaluates every outbound action against the passport's constraints in real time. If any check fails, the request is blocked. If all pass, the request is forwarded and a signed attestation is produced as proof.

The enforcement layer doesn't just say "this agent is allowed to call this API." It enforces constraints like:

This agent can spend up to $50 per action and $500 per week.

This agent can make 100 requests per hour to crm.company.example, and zero to anything else.

Any purchase over $200 requires human approval before it goes through.

This works even when the tool or service on the other end has no idea Modei exists. The enforcement layer operates at the agent's origin, so the service doesn't need to adopt anything. The attestation serves as portable proof of compliance.

Gates: Security for Tools and Services

If passports are the agent side of the equation, gates are the service side. A gate sits in front of anything an agent might access, an API, an MCP server, a database, an internal tool, a third-party service, and verifies every incoming agent before it gets through.

Passport present and valid — The gate verifies the signature, checks permissions, evaluates service-side constraints, and produces an attestation. If everything passes, the request goes through.

No passport — The gate can be configured to offer anonymous access, degraded, rate-limited, read-only access for low-risk actions, plus a machine-readable upgrade hint.

Invalid or expired passport — Denied. No fallback to anonymous mode, a bad credential can't drop down to sneak around restrictions.

Not every interaction needs a credential. Gates let service operators define the boundary: "Anyone can browse. Only credentialed agents can take action." Agents without a passport get the safe subset, along with a structured hint explaining what a passport would unlock and how to get one. This turns the gate into an onramp, not a wall.

Attestations: Proof of What Happened

Every decision in Modei, permit, block, or suspend, produces a signed attestation. Attestations are portable, self-verifying records that include:

Which agent made the request and what they tried to do

What constraints were evaluated and the result of each

The decision: permit, block, or suspend pending approval

A cryptographic hash of the request and a signature from the enforcement point, binding the proof to the specific action

When both an enforcement layer and a gate process the same request, both produce attestations linked by a common request hash, so you can correlate and cross-verify them.

How the Pieces Fit Together

Agent

makes a request

Passport

identity + constraints

Enforcement Layer

evaluates constraints

block

Blocked

allow

Gate

verifies + enforces

No passport

Anonymous

limited access

+ upgrade hint

Tool / Service

receives request

Click to enlarge

Deployment Patterns

Passport-only

You issue a passport with constraints, the enforcement layer enforces them, and attestations prove compliance. The tool or API on the other end doesn't need to know Modei exists.

You give your sales agent a passport capped at $50/day and restricted to your CRM domain. The enforcement layer enforces those limits on every action, the CRM never needs to be modified.

Gate-only

You put a gate in front of your service and let agents connect. Agents without passports get anonymous access to safe operations. Agents with passports get evaluated access. You control what's available at each level.

You run a logistics API. Any agent can check shipping rates anonymously. Only agents with a valid passport can create shipments or access tracking details.

Both (defense in depth)

The enforcement layer enforces the agent's constraints before the request leaves, and the gate enforces the service's policies when it arrives. Two attestations are produced for every action.

A healthcare company's agent has a passport capping it at read-only access to patient scheduling. The hospital's gate independently enforces its own policies. Both sides produce signed proof.

Protecting internal systems

Gates protect internal resources, databases, admin dashboards, HR systems, financial records, from your own agents. Issue passports scoped to exactly what each agent needs.

Your IT support agent gets access to tickets:read, tickets:update, and kb:search, but no access to users:admin, billing:*, or the finance database. Every access attempt is logged with a signed attestation.

Agent-to-Agent Commerce

Modei doesn't just secure agent actions, it enables agents to buy and sell services from each other with signed terms, verified receipts, and cryptographic proof of every transaction.

Every gate can publish its available services along with pricing, response-time commitments, and terms, all cryptographically signed. If an agent starts using a service at $0.50 per call, that price is locked to its credential. The service operator can publish new pricing, but existing agents keep the terms they agreed to until those services have been delivered.

Discover services — search by capability, price, quality, and trust level.

Verify terms — check the cryptographic signature directly, no need to trust the index.

Transact with guarantees — pricing is locked to the credential, preventing bait-and-switch.

Settle with proof — billing derived from signed attestations, not server logs.

Example

A legal firm's research agent needs document analysis. It discovers three services offering contract review, compares pricing and response-time commitments in their signed catalogs, and picks the best fit. Every call produces a metered receipt. At the end of the billing period, both sides independently compute the total from their attestation sets, no disputes, no ambiguity. And if the service tries to raise prices, the agent's credential is still locked to the original terms.

The protocol-level guarantees are in place today, with more commerce tooling ahead.

Learn more about commerce →

Where to Start

No-Code Setup

Use the dashboard. Step-by-step walkthrough, no code required. Create an issuer, issue a passport, and set up a gate through the UI.

Developer Quickstart

Set up your first agent with the REST API or MCP in 10-15 minutes. Python and Node.js examples included.

Connect via MCP in one command:

typescript

npx modei-mcp

python

pip install modei-python --pre

Free tier available. Install the SDK or create an account at modei.ai to get your API key.

Core Concepts Reference

Issuers

The organization or person behind your agents, your signing identity that stamps every passport you create.

Passports

Cryptographic identity for agents. Signed credentials carrying permissions and constraints, private keys never stored server-side.

Gates

Security checkpoints that verify passports and enforce policies in real time.

Constraints

The rules embedded in passports and gates: spend caps, rate limits, domain restrictions, PII controls.

Enforcement Layer

The policy engine that evaluates every action against the passport's constraints before it reaches any service.

Anonymous Access

Degraded read-only access for unauthenticated agents, with structured upgrade hints.

Permission Catalogs

Signed snapshots of permissions, pricing, and SLA terms.

Attestations

Signed, portable records of every authorization decision.

Next Steps

MCP Integration, Connect Modei to Claude Desktop and other MCP clients.

Template Library, Pre-built guardrail profiles for common agent types.

Trust Profiles, Development, production, and high-assurance security levels explained.

REST API Reference, Base URL, authentication, error codes, and all endpoints.

Agent-to-Agent Commerce, Service discovery, billing, and anti-bait-and-switch guarantees.

No-Code Setup