A blockchain-based system for registering and verifying the identity of AI agents using unique fingerprints.
This application allows users to:
- Register AI Agent Fingerprints: Generate and store unique identifiers for AI agents on the blockchain
- Verify AI Agent Fingerprints: Confirm the authenticity of an AI agent by checking its fingerprint against the blockchain record
- React with TypeScript for the frontend
- Ethers.js for blockchain integration
- Solidity for smart contracts
- OpenZeppelin contracts for security and access control
- Hardhat for contract deployment and testing
- Webpack for bundling
- Node.js (v16+)
- npm or yarn
- MetaMask or another Ethereum wallet browser extension
Clone the repository and install dependencies:
git clone <repository-url>
cd Fingerprint
npm install-
Copy the example environment file and update it with your values:
cp .env.example .env
-
Edit the
.envfile with your:- Ethereum wallet private key for deployment
- Alchemy API key for accessing the Ethereum network
PRIVATE_KEY=your_wallet_private_key_here SEPOLIA_URL=https://eth-sepolia.g.alchemy.com/v2/your-alchemy-api-key -
After deploying the contract, update the
blockchainConfiginsrc/App.tsxwith your:- Alchemy API URL
- Deployed contract address
-
Compile the contract:
npm run compile
-
Deploy to Sepolia testnet:
npm run deploy:sepolia
-
Deploy to a local Hardhat network (for development):
npm run deploy:local
Start the development server:
npm startThe application will automatically open and be available at http://localhost:3000.
-
Connect Your Wallet:
- Click "Connect Wallet" and approve the connection in your wallet extension
-
Register an AI Agent Fingerprint:
- Fill in the agent details (ID, name, provider, version)
- Click "Generate" to create a unique fingerprint hash based on the agent details, or manually input a hash
- Optionally enable EIP-712 typed data signatures for enhanced security
- Submit the form to register on the blockchain
- View Registration Example
-
Verify an AI Agent Fingerprint:
- Enter a fingerprint hash
- Click "Verify" to check if it exists on the blockchain
- View the registration details if verified
- Check revocation status to ensure the fingerprint is still valid
- View Verification Example
-
Revoke an AI Agent Fingerprint:
- Enter the fingerprint hash you wish to revoke
- Only the original registrant (wallet address) can revoke their fingerprints
- Once revoked, a fingerprint will be permanently marked as invalid
-
Administrative Functions (Contract Owner Only):
- Emergency Pause: Pause all contract operations in case of security incidents
- Admin Revocation: Revoke any fingerprint regardless of original registrant
- Ownership Transfer: Transfer fingerprint ownership between addresses
- Contract Management: Transfer contract ownership to another address
The fingerprint hash is generated using the keccak256 algorithm, combining the agent's ID, name, provider, version, and a timestamp to ensure uniqueness.
This project also supports EIP-712 typed data signatures for enhanced security and structure:
- Structured Data: EIP-712 provides a structured format with explicit typing for all fields
- Human-Readable Format: Makes signatures more interpretable and prevents signature replay attacks
- Domain Separation: Includes domain information to prevent cross-application signature reuse
- Optional Feature: Can be enabled via a checkbox during agent registration
The smart contract implements robust security mechanisms using OpenZeppelin libraries:
- Access Control: Uses OpenZeppelin's Ownable pattern for secure, standardized role management
- Emergency Controls: Implements Pausable mechanism to halt all contract operations in case of security incidents
- Administrative Functions: Provides owner-only functions for contract management and issue resolution
- Standards Compliance: Follows industry best practices for smart contract security
The fingerprinting system includes a revocation mechanism to invalidate fingerprints:
- Dual Revocation Paths:
- Self-Revocation: Original registrants can revoke their own fingerprints
- Administrative Revocation: Contract owners can revoke any fingerprint to handle compromised accounts
- Permanence: Once revoked, a fingerprint cannot be un-revoked
- Transparency: Revocation information is stored on-chain with timestamp and revoker address
- Verification Integration: All verification operations automatically check revocation status
- Backward Compatibility: Works with both new and legacy contract deployments
The contract includes features for managing fingerprint ownership:
- Ownership Transfer: Contract owner can transfer fingerprint ownership between addresses
- Dispute Resolution: Provides mechanisms to resolve ownership disputes or recover from compromised accounts
- Audit Trail: All ownership transfers are recorded on-chain with complete history
This application can be configured to work with:
- Ethereum Mainnet
- Ethereum Testnets (Sepolia, Goerli)
- Layer 2 solutions (Arbitrum, Optimism)
- Other EVM-compatible chains
This project was built with assistance from Claude AI (Anthropic). The AI contribution has been fingerprinted and registered on the Sepolia testnet blockchain with the following details:
- ID: AI Agent Fingerprinting System Code Assistant
- AI: Claude (Anthropic)
- Version: Claude-3-7-Sonnet-20250219
- Fingerprint Hash:
0x59bba0ed5a7d4a5ba2c3ecad48fa376f9383b834ad28b581a5ea97e11f3d1385
To verify this fingerprint:
- Ensure you have MetaMask connected to the Sepolia testnet
- Go to the "Verify Fingerprint" tab in the application
- Enter the hash:
0x59bba0ed5a7d4a5ba2c3ecad48fa376f9383b834ad28b581a5ea97e11f3d1385 - Click "Verify" to see the registration details
Alternatively, you can verify using Etherscan:
- Visit the Sepolia Etherscan
- Navigate to the contract address:
0x92eF65Ba802b38F3A87a3Ae292a4624FA3040930 - Go to the "Read Contract" tab
- Call the
verifyFingerprintfunction with the hash above
This verification process ensures the authenticity of the AI assistance used in this project, regardless of any UI modifications in forks.