AgentMarque

AgentCredential

The AgentCredential is a holder-side object that wraps a W3C Verifiable Credential for an AI agent. It handles SD-JWT presentation with selective disclosure and JSON serialization.

from agentmarque import AgentCredential

AgentCredential is for holding and presenting credentials. To issue credentials for self-hosting or testing, use from agentmarque.issuer import issue_credential. See Self-hosting and testing.

CLASSAgentCredential(vc, sd_jwt_full, all_disclosures)

Constructor

Create an AgentCredential from an already-issued verifiable credential. You typically receive these from an issuer (the AgentMarque hosted service or your own issuer using agentmarque.issuer).

Required attributes

  • Name
    vc
    Type
    dict
    Description

    The full W3C Verifiable Credential as a dictionary.

  • Name
    sd_jwt_full
    Type
    str
    Description

    The complete SD-JWT string (issuer-signed JWT + all disclosure segments).

  • Name
    all_disclosures
    Type
    list[str]
    Description

    The full set of SD-JWT disclosures available for selective presentation.

Example

from agentmarque import AgentCredential

# Typically constructed from issuer output
cred = AgentCredential(
    vc=issued_vc,
    sd_jwt_full=sd_jwt_string,
    all_disclosures=disclosures,
)
METHODcredential.present(holder_key, verifier_nonce, audience, disclose)

present

Create an SD-JWT presentation from this credential with selective disclosure and holder binding. The returned compact string can be sent to a verifier as a Bearer token.

The holder's private key is used to sign a key-binding JWT, proving possession of the key referenced in the credential's cnf claim.

Returns a compact SD-JWT presentation string.

Required attributes

  • Name
    holder_key
    Type
    Ed25519PrivateKey
    Description

    The holder's Ed25519 private key. Must correspond to the public key in the credential's cnf claim.

  • Name
    verifier_nonce
    Type
    str
    Description

    Nonce provided by the verifier for replay protection. Included in the key-binding JWT.

  • Name
    audience
    Type
    str
    Description

    The intended verifier's identifier (e.g., a DID or URL). Included in the key-binding JWT to prevent presentation to unintended parties.

Optional attributes

  • Name
    disclose
    Type
    list[str] | None
    Description

    Claims to disclose beyond the mandatory set. If None, all claims are disclosed. Defaults to None.

Always-disclosed claims

These claims are always included regardless of the disclose parameter: sub, iss, iat, exp, type, cnf.

Selectively disclosable claims

These can be selectively disclosed: agentName, organization, capabilities, verificationTier, reputationScore, settlement, status.

When presenting to a verifier that enforces policy checks (min tier, min reputation), make sure to disclose the relevant claims or verification will fail.

Example

# Full disclosure
jwt = cred.present(
    holder_key=agent_private_key,
    verifier_nonce="abc123",
    audience="did:web:api.example.com",
)

# Selective disclosure
jwt = cred.present(
    holder_key=agent_private_key,
    verifier_nonce="abc123",
    audience="did:web:api.example.com",
    disclose=["capabilities", "verificationTier"],
)

# Minimal disclosure — only mandatory claims
jwt = cred.present(
    holder_key=agent_private_key,
    verifier_nonce="abc123",
    audience="did:web:api.example.com",
    disclose=[],
)
PROPERTYcredential.vc -> dict

vc

The full W3C Verifiable Credential as a dictionary. Contains the @context, type, issuer, credentialSubject, validFrom, validUntil, cnf, and proof fields.

Example

vc = cred.vc
print(vc["credentialSubject"]["agentName"])
# "invoice-bot"
print(vc["issuer"])
# "did:key:z6Mk..."
PROPERTYcredential.did -> str

did

The agent's decentralized identifier extracted from the credential subject.

Example

print(cred.did)
# "did:key:z6Mk..."
PROPERTYcredential.issuer_did -> str

issuer_did

The DID of the entity that issued and signed this credential.

Example

print(cred.issuer_did)
# "did:key:z6Mk..."
PROPERTYcredential.cnf -> dict

cnf

The holder's public key as a JWK dictionary, extracted from the credential's cnf (confirmation) claim. This is the key the holder must prove possession of when creating presentations.

Example

print(cred.cnf)
# {"kty": "OKP", "crv": "Ed25519", "x": "..."}
METHODcredential.to_json() -> str

to_json

Serialize the credential to a JSON string for storage or transmission. The output includes all metadata needed to reconstruct the credential via from_json.

Returns a JSON string.

Example

json_str = cred.to_json()

# Persist to disk
with open("credential.json", "w") as f:
    f.write(json_str)
CLASSMETHODAgentCredential.from_json(json_str)

from_json

Reconstruct an AgentCredential from a JSON string previously produced by to_json.

Returns an AgentCredential instance.

Raises CredentialError if the JSON is malformed.

Required attributes

  • Name
    json_str
    Type
    str
    Description

    JSON string from a previous to_json() call.

Example

with open("credential.json") as f:
    json_str = f.read()

cred = AgentCredential.from_json(json_str)
print(cred.did)

Was this page helpful?