x401 Approvals
Human approval for agent proofs
Passport Prime as the human authority for x401 proof requests: when a verifier asks an AI agent to prove personhood or authority, the Prime renders the exact intent, claims, and warnings for you to approve or deny before any credential is returned.
Last updated Jul 2026

Ready for verifier
Overview
A Passport Prime “Human Authority” app that puts a person in the loop of the x401 protocol. When software, often an AI agent, hits a protected route, the verifier returns an x401 PROOF-REQUEST. A local bridge normalizes it and hands it to the Prime, which renders the verifier, the action, the route, the requested claims, expiry, warnings, and any agent mandate. The human confirms presence and approves or denies on-device before a PROOF-RESPONSE is ever returned.
It runs against the real KeyOS simulator and the x401 Node SDK, keeping proof and payment as separate approval artifacts, so a credential approval is never hidden inside a payment. The verifier enforces replay, expiry, malformed-proof, wrong-route, and missing-payment checks. The pattern it demonstrates: software receives a request, Prime renders the exact human intent, the human approves on KeyOS, and the verifier receives stronger evidence of authorized human intent.
What it does
- Renders the full request on-device: verifier, action, route, requested claims, expiry, warnings, and agent mandate.
- Approval requires confirmed user presence on the Prime; denial returns no credential.
- Keeps proof (x401) and payment (x402-style) as separate approvals, so a credential is never buried inside a charge.
- A host bridge uses the x401 Node SDK to detect PROOF-REQUEST and normalize it into a generic Human Authority request.
- Verifier rejects replay, expiry, malformed proof, by-reference proof, wrong route, and missing payment.
- Demo scenarios: age-over-18 report, open account, high-risk agent mandate, wire-change authorization, and agent purchase.
Technical breakdown
How the proof-of-concept is built, for developers evaluating the platform.
Verifier, bridge, Prime
A mock x401 verifier issues SDK-generated PROOF-REQUEST headers. A host-only bridge uses @proof.com/x401-node to detect the requirement and normalize x401 into a generic HumanAuthorityRequest, then talks to the KeyOS app over a local WebSocket.
On-device human authority
The KeyOS Human Authority app renders verifier, action, route, claims, expiry, warnings, agent mandate, and payment hints on the Passport Prime simulator. The bridge only builds a PROOF-RESPONSE and retries the route once the human confirms presence and approves.
Proof separate from payment
The proof-plus-payment scenario keeps proof and payment as distinct approval artifacts, mirroring x401 for authorization and an x402-style flow for payment, so approving a proof never silently authorizes a charge.
Dig into the source
README, architecture notes, and the wire protocol live in the repo.
