OBSERVER PROTOCOL · ARCHITECTURE
Canonical Reference · AIP v0.5 · April 2026

Architecture & Technical Reference

The complete technical architecture of Observer Protocol and Agentic Terminal — from cryptographic primitives to enterprise identity management. W3C DID/VC at the core. AIP governing agent behavior above. AT delivering intelligence on top.

Published: February 24, 2026 · Updated: April 2026 · Permanent URL: observerprotocol.org/architecture · CC BY 4.0
Full Stack Diagram

Observer Protocol + Agentic Terminal

Five layers. One coherent trust stack. Read left to right: agent identity → payment rails → protocol verification → behavioral governance → enterprise intelligence.

Observer Protocol + Agentic Terminal — Architecture
Know Your Agent (KYA) · W3C DID/VC · AIP v0.5 · April 2026
Agent Identity
did:web · Agent DID live
did:web:observerprotocol.org
:agents:{id}/did.json
W3C-resolvable · public
did:web · Org DID
did:web:acme-corp.com
:op-identity
Domain = trust anchor
Ed25519 keypair
Signing + assertion
Agent ↔ Org DID domain
mismatch = fraud signal
Domain mismatch rule
Agent ↔ Org DID domain
mismatch = fraud signal
Universal DID resolver
GET /api/v1/resolve/{did}
Resolves any did:web
DIF Universal Resolver compat.
Payment Rails
L402 · Lightning live
Invoice → payment → preimage
Macaroon auth
x402 · Solana live
Ed25519 sig · native rail
USDC settlement
x402 · EVM / Base live
ECDSA sig over tx hash
ERC-20 settlement
MPP · Stripe / Tempo live
Sessions · stablecoin
Fiat bridge
USDT-on-TRON live
TRC-20 receipts · TronGrid
verified · ERC-8004 anchor
Observer Protocol
W3C DID resolver live
did:web resolution
DIF Universal Resolver compat.
VAC · Verifiable Agent Credential live
Portable · cumulative
One agent_did · many rails
W3C VC · Ed25519 proof
KYB VC new
W3C VC · Ed25519 proof
AT-anchored or provider-issued
Org registry · KYB provider
Challenge-response
Programmatic signing
Cryptographic · not policy
Observer registry
registry · immutable log
Identity consolidation
POST /observer/consolidate
Cross-rail portability
ERC-8004 / TRC-8004 new
On-chain agent registry
Base + TRON indexers
Cross-registry DID resolution
AIP v0.5
Delegation Credential new
Org → agent signed scope
Embedded in VAC extension
Full chain verified at query
Eager chain verification new
GET /aip/chain/verify/{id}
Full chain verified at query
Revocation + cascade new
POST /aip/revoke
Cascades to sub-delegations
Type Registry new
Enumerated counterparty types
Denial + revocation reasons
Remediation envelope new
Minimal protocol envelope
AT owns option content
Agentic Terminal
Enterprise dashboard live
Agent fleet · alerts
Audit trail · KYB badge
Credential Viewer new
GET /api/v1/credentials/{did}
Authenticated · org-scoped
Sovereign Dashboard live
Self-sovereign individual tier
Client-side keypair · free
AT-ARS score live
5-band trust score (0–100)
Receipt + counterparty + org
+ recency + volume signals
Magic-link authorization live
Soft-reject remediation
One-tap human approval
JWT · 15-min single-use
Delegation policy engine live
Multi-rail prioritization
Per-tx + per-month caps
Escalation thresholds
Bilateral handshake new
Sender + recipient prove DIDs
before settlement
Chargeback-resistant receipt
Sandbox tier live
sandbox.observerprotocol.org
Fixtures · deterministic
SDK + integration testing
Remediation config
Partner-configurable options
Endpoints · ordering · criteria
PostgreSQL store
agentic_terminal_db
verified_agents · events
Wallet Abstractions · Multi-Rail Provisioning
Tether WDK · Wallet Development Kit extension modules
Multi-rail wallet provisioning + identity binding for agentic commerce. @observer-protocol/wdk-protocol-trust + @observer-protocol/wdk-lightning-verifier compose with WDK to add bilateral trust handshake, ERC-8004 anchoring, and chargeback-resistant receipts.
OWS · Open Wallet Standard live
BIP-44-derived multi-chain agent vaults (EVM · Solana · Bitcoin). One vault, one identity, portable reputation. OWS-provisioned agents register on OP via the canonical SDK and inherit the full Observer Protocol trust surface.
MPP · Machine Payments Protocol live
Stripe-coauthored payment-session protocol for machine-to-machine settlement. Observer Protocol layers identity + reputation on top — every MPP / x402 seller can add agent reputation in one middleware line via the OP SDK.
Cross-Cutting Foundations
secp256k1 / Ed25519 · Cryptographic primitives
All signing, verification, and proof generation. Rail-agnostic. Censorship-resistant.
Bilateral trust handshake · A2A verification
Both parties verify before any transaction settles. First verified A2A tx: Lightning mainnet · Feb 22, 2026.
Open protocol · Rail-agnostic · Mainnet DIDs live
OP = open identity foundation. AT = enterprise complement. AIP = behavioral spec above VAC layer.
Observer Protocol is open infrastructure · Agentic Terminal is the enterprise service layer
observerprotocol.org · agenticterminal.io · AIP v0.5
Rails + DID live
OP protocol core
AIP v0.5
AT enterprise layer
Crypto foundations
Layer by Layer

How the stack fits together.

Each layer is independently valuable. Together they form a complete trust infrastructure for autonomous agent economies.

LAYER 01

Agent Identity

W3C did:web · Ed25519 · Domain-anchored

Every agent and organization on Observer Protocol receives a W3C Decentralized Identifier. Agent DIDs resolve to DID Documents at standard URLs — no central registry required. The domain is the trust anchor: an agent whose DID domain doesn't match its organization's DID domain is a fraud signal.

did:web agent DID · live
did:web org DID · live
Universal resolver · live
Domain mismatch rule
LAYER 02

Payment Rails

Rail-agnostic · Verification is the constant

Observer Protocol supports six payment rails today. The verification logic is identical regardless of settlement layer — a Lightning preimage, an ECDSA signature over a transaction hash, or a verifiedSend() call all produce the same output: a cryptographically verified economic event that cannot be faked at scale.

Lightning / L402 · live
x402 / Solana · live
x402 / EVM · live
Stripe MPP · live
Tether WDK
OWS / MoonPay
LAYER 03

Observer Protocol

W3C VC · VAC · KYB · Open infrastructure

The core protocol layer. OP issues Verifiable Agent Credentials — W3C-compliant, cryptographically signed, portable across any platform. VACs attest to verified facts: economic activity, payment history, counterparty network, and KYB linkage. OP is open infrastructure — free to use, self-hostable, MIT licensed.

VAC issuance · live
W3C DID resolver · live
KYB VC · new
ERC-8004 / TRC-8004 · new
Challenge-response
Identity consolidation
LAYER 04

Agent Interaction Protocol (AIP)

Behavioral governance · Delegation · Remediation

AIP governs how agents interact — not just who they are. It defines delegation credentials (org → agent signed scopes), bilateral attestation, remediation flows when trust thresholds aren't met, and a type registry for counterparty classification. AIP v0.5 is deployed. It sits above the VAC layer, adding behavioral governance to cryptographic identity.

Delegation credentials · new
Remediation envelope · new
Revocation + cascade · new
Type registry · new
Eager chain verification · new
Agent Interaction Protocol · AIP v0.5

Behavioral governance for the agent economy.

Identity tells you who an agent is. AIP governs what an agent is permitted to do, how it must behave when interacting with other agents, and what happens when trust breaks down. No other agent identity protocol has a formal behavioral governance layer.

AIP v0.5 is deployed as of April 6, 2026. The spec lives in the Observer Protocol GitHub repository and is referenced by the API. AIP sits above the VAC layer — credentials establish identity, AIP governs interaction.

Read the AIP spec on GitHub →
NEW

Delegation Credentials

Organizations issue signed delegation credentials to agents, defining the scope of what an agent is authorized to do. Embedded in VAC extensions. Full chain verified at query time.

NEW

Remediation Flow

When an agent fails a trust threshold check, AIP defines the remediation envelope — a minimal protocol that triggers the appropriate response. AT owns the option content; OP owns the envelope structure.

NEW

Revocation + Cascade

Revoking a delegation credential cascades automatically to all sub-delegations. No manual cleanup required. Revocation reasons are enumerated in the Type Registry.

NEW

Type Registry

Enumerated counterparty types, denial reasons, and revocation reasons. Makes agent interactions machine-readable and auditable across any implementation.

Design Principles

The architecture is not accidental.

Every structural decision in Observer Protocol follows from six principles that do not bend to convenience.

01

Don't trust claims. Verify behavior.

Reputation is the cryptographic record of what an agent did — not what it says. Behavioral identity is the only model that survives adversarial conditions.

02

The key is the identity.

Public key hash is canonical. Alias is UX. Verification always checks against the cryptographic key — never the label. This model works across every chain.

03

Verification is the constant.

The payment rail is not the constant — verification is. Lightning preimage, ECDSA signature, Ed25519 — the logic is identical. OP is settlement-agnostic by design.

04

The record is permanent.

Verified events are timestamped forever. Historical behavioral data cannot be backfilled. Every day of verified data from day one is irreplaceable.

05

Open source. Always.

Verification logic is public, reproducible, and auditable. No authority required. OP does not custody funds, execute payments, or control access.

06

Self-hostable.

Run your own OP node. The protocol is infrastructure — not a platform. Anyone can implement it, extend it, or fork it under CC BY 4.0.