Documentation — Cleerd

Quickstart

npm install @cleerd/sdk

import { Cleerd } from '@cleerd/sdk'

const client = new Cleerd({ apiKey: 'your-api-key' })
const agent = await client.registerAgent({
  name: 'my-agent',
  capabilities: ['read', 'write'],
})

console.log(agent.did) // did:cleerd:abc123...

Installation

Install the Cleerd SDK for your preferred language and runtime.

# Node.js / TypeScript
npm install @cleerd/sdk

# Python
pip install cleerd

# Go
go get github.com/cleerd/cleerd-go

DID Architecture

Cleerd uses W3C Decentralised Identifiers to give every AI agent a globally unique, cryptographically verifiable identity anchored to its deployer.

Each DID document contains the agent's public key, deployer reference, and capability attestations. Resolution is handled via the Cleerd resolver network.

Credential Types

Verifiable Credentials issued by Cleerd follow the W3C VC Data Model and include identity, capability, and constitutional compliance attestations.

Supported types: AgentIdentityCredential, CapabilityCredential, ConstitutionalComplianceCredential, and DeployerAttestationCredential.

Constitutional Hashing

A SHA-256 hash of the agent's system prompt and behavioural constraints is embedded in its credential, enabling receivers to verify the agent operates within declared boundaries.

const hash = await cleerd.hashConstitution({
  systemPrompt: agent.systemPrompt,
  constraints: agent.constraints,
})
// => "sha256:a1b2c3d4e5f6..."

Authentication

All API requests require a Bearer token in the Authorization header.

Authorization: Bearer <your-api-key>

# Example
curl -H "Authorization: Bearer sk_live_..." \
  https://api.cleerd.com/v1/agents

Verify Agent

Verify an agent's identity and credentials in real time.

POST /v1/agents/verify

Accepts a DID or credential presentation and returns a verification result with trust score, credential status, and deployer information.

Register Agent

POST /v1/agents/register

Requires deployer authentication. Returns the agent DID, public key, and a set of verifiable credentials.

Error Codes

Standard error responses returned by the Cleerd API.

401 — Invalid or missing API key

403 — Insufficient permissions

404 — Agent or credential not found

422 — Validation error

429 — Rate limit exceeded

Reputation API

Query agent reputation scores, breakdowns, history, and manage webhook subscriptions via the public Reputation API.

View Reputation API Reference →

JavaScript SDK

Official TypeScript/JavaScript SDK for Node.js and edge runtimes.

npm install @cleerd/sdk

import { Cleerd } from '@cleerd/sdk'
const client = new Cleerd({ apiKey: process.env.CLEERD_API_KEY })

Python SDK

Python SDK with async support for FastAPI, Django, and standalone scripts.

pip install cleerd

from cleerd import Cleerd
client = Cleerd(api_key=os.environ["CLEERD_API_KEY"])

Go SDK

Go module for high-performance server-side agent verification.

go get github.com/cleerd/cleerd-go

import "github.com/cleerd/cleerd-go"
client := cleerd.New(os.Getenv("CLEERD_API_KEY"))

MCP Server

The Cleerd MCP Server gives Claude and other MCP-compatible AI agents native access to the Cleerd trust infrastructure. Register agents, verify counterparties, emit behavioral events, and manage delegations — all as tool calls.

The MCP server is a thin adapter between Claude and the Cleerd REST API. It manages an in-memory agent session (DID + secp256k1 signing key) and translates MCP tool/resource/prompt requests into API calls. Supports STDIO (Claude Desktop) and SSE transports.

MCP Setup

Run with zero configuration via npx, or install globally.

# Run directly (no install needed)
CLEERD_API_KEY=your-key npx @cleerd/mcp-server

# Or install globally
npm install -g @cleerd/mcp-server
cleerd-mcp --api-key your-key

For Claude Desktop, add to your MCP config:

{
  "mcpServers": {
    "cleerd": {
      "command": "npx",
      "args": ["-y", "@cleerd/mcp-server"],
      "env": {
        "CLEERD_API_KEY": "your-api-key"
      }
    }
  }
}

MCP Tools Reference

11 tools available to Claude agents out of the box.

cleerd_register_agentRegister a new agent, receive a DID and on-chain constitutional hash

cleerd_set_agentBind an existing DID and signing key to the session

cleerd_resolve_didResolve any DID to its full document

cleerd_verify_quickFast trust status check — TRUSTED, FLAGGED, SUSPENDED, REVOKED, or UNKNOWN

cleerd_verify_fullFull trust report with credentials, reputation, delegation chain

cleerd_is_trustedBoolean trust check with human-readable reason

cleerd_emit_eventEmit a signed behavioral event to build trust profile

cleerd_create_delegationCreate a scoped, time-limited delegation to a sub-agent

cleerd_revoke_delegationRevoke an active delegation

cleerd_verify_delegationVerify a delegation chain for a specific scope

cleerd_get_credentialsList active credentials for an agent

Resources & Prompts

MCP resources provide read-only data, and prompt templates guide Claude through common trust workflows.

Resources

cleerd://agent/profile — Session agent's DID, name, credential summary

cleerd://agent/credentials — Active credentials for the session agent

cleerd://agent/delegations — Active delegations (parent and child)

cleerd://trust/status/{did} — Quick trust status for any DID

Prompt Templates

trust_handshake — Verify a counterparty before interaction

register_and_credential — Guide initial registration and credential setup

delegate_task — Create a scoped delegation to a sub-agent

Express Middleware

Drop-in middleware that verifies agent credentials on every incoming request to your Express API.

import { cleerd } from '@cleerd/sdk/express'

app.use(cleerd.verify({
  required: true,
  allowedCapabilities: ['read'],
}))

AWS Lambda

Lightweight wrapper for verifying agent identity in serverless Lambda functions.

import { withCleerd } from '@cleerd/sdk/lambda'

export const handler = withCleerd(async (event, context) => {
  const agent = context.cleerd.agent
  return { statusCode: 200, body: agent.did }
})

Kubernetes Sidecar

Deploy Cleerd as a sidecar container for transparent agent verification at the network level.

# Add to your pod spec
containers:
  - name: cleerd-sidecar
    image: cleerd/sidecar:latest
    ports:
      - containerPort: 9090
    env:
      - name: CLEERD_API_KEY
        valueFrom:
          secretKeyRef:
            name: cleerd-secrets
            key: api-key

Changelog

Recent updates and releases.

v0.5.0 — 2026-03-10

MCP Server for Claude integration (@cleerd/mcp-server)
11 native tools for agent registration, verification, events, and delegations
STDIO and SSE transport support

v0.4.0 — 2025-06-01

Added Go SDK with full API parity
Constitutional hashing now supports multi-prompt agents
New error code documentation

v0.3.0 — 2025-05-15

Python SDK async support
Kubernetes sidecar guide
Rate limiting improvements