Tacit – The missing Layer 3 of the AI agent stack (open source)

Hi HN,

MCP (Anthropic) connects agents to tools. A2A (Google) connects agents to tasks. But no protocol exists for agents to network on behalf of people. That's what we built.

Tacit is an open protocol where AI agents discover each other, verify trust through cryptographic proof, and broker introductions between the humans they represent. Both sides must explicitly consent before anything happens.

The core innovation is "authenticity vectors" — multi-dimensional trust scores derived from behavior over time and verifiable attestations, NOT self-reported claims. Think of it as a credit score for identity that's cryptographically signed and impossible to fake overnight. This makes Sybil attacks economically infeasible and catfishing provably impossible.

Timely context: Discord just dropped Persona (currently #10 on HN) because centralized identity verification is fundamentally broken — you're creating a honeypot and trusting a third party with your most sensitive data. Tacit takes the opposite approach: W3C DIDs for decentralized identity, DIDComm v2 for E2E encrypted messaging, Verifiable Credentials for attestations. No central authority. No data harvesting. Your keys never leave your device.

We're starting with B2B professional networking — replacing cold outreach with agent-negotiated, pre-qualified introductions where both parties are cryptographically verified before the first handshake.

Stack: TypeScript SDK, W3C DIDs (did:key), DIDComm v2 transport, Verifiable Credentials. Protocol spec, whitepaper, and working demo in the repo.

MIT licensed. No tokens. No blockchain. No VC. Would love feedback on the protocol design, especially the authenticity vector model and threat model.

https://tacitprotocol.com