Skip to content

SubzeroLabs/latch-agent-identity

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

16 Commits
doc
doc
 
 
latch-agent-identity
latch-agent-identity
 
 
scripts
scripts
 
 
slipfetch
slipfetch
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
install.sh
install.sh
 
 

Repository files navigation

latch-agent-identity

Hardware-bound agent identity for HTTP calls — every request carries a header signed by a non-exportable Secure Enclave key on a specific Mac. The Latch server verifies the signature so it knows the call came from an enrolled Mac (and a specific agent on it), not from a stolen token.

Status: v0 dogfood, internal-only, ad-hoc signed (no notarization), Apple Silicon only.

Install + enroll (one command)

curl -fsSL https://github.com/SubzeroLabs/latch-agent-identity/releases/download/v0.1.5/install.sh | bash

The installer drops the binary at /usr/local/bin/latch-agent-identity, generates a Secure Enclave key for this Mac, and opens your browser to approve the enrollment on latch-beta.rialo.io. One Touch ID, one Approve click, you're done.

Override the Latch server with LATCH_URL=… before the curl.

Walkthrough

To create your first Link, connect Claude Desktop / OpenClaw / Hermes / Cursor / Claude Code, and watch the deny → allow demo: doc/HOW_TO_TEST.md

Commands

Command What it does
init [--force] Generates a P-256 Secure Enclave key (one-time per Mac). Run automatically by the installer.
register --url <latch> Opens a browser to approve binding this Mac to your Latch account. Run automatically by the installer.
agent create --url <latch> --label <name> Derives a per-agent key under your master identity. Usually auto-fires on first signed call; manual create is for power users.
sign --method … --url … --body <path> [--agent <kid_a>] Emits the X-Latch-Agent-Identity slip on stdout. Used internally by latchFetch in latch_web2; not for direct use.
gui --url <latch> Local browser UI for inspecting state. Optional; the Latch dashboard is the primary surface.

Wire-format details: doc/latch-agent-identity-plan_v1.0_2026-05-21.md.

Security caveats (v0)

  • Ad-hoc codesigned only. No Apple Developer ID, no notarization. Curl-pipe install.sh strips Gatekeeper quarantine.
  • No caller-binary measurement. The slip proves the request came from the enrolled Mac and a specific agent identity on it, not from an unmodified agent binary. Anything running as the enrolled user could (today) claim any of its agents' identities. Closing this gap is next-iteration security work.
  • No revocation UI. Column exists in the schema; endpoint TBD.

Releasing

See doc/RELEASING.md.

History

Previously named proofslip (see git history before the rename).

About

Hardware-backed proof-slip authentication for macOS API callers (POC)

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 7

v1.0.0 — caller-binary verification + OpenClaw/Hermes wrappers Latest
May 27, 2026
+ 6 releases

Packages

 
 
 

Contributors

Languages