GEIANT — The Agent Infrastructure for the Physical World

The problem

Existing agent infrastructure has no governance layer.

AI agents operate on OAuth tokens, API keys, and mutable log files — infrastructure designed for human users, not autonomous systems making thousands of decisions per hour across jurisdictions. Three structural gaps remain open.

Current state

OAuth tokens + CloudTrail logs

Service accounts, API keys, and mutable log files. Designed for humans clicking buttons — not for autonomous agents making thousands of decisions per hour across jurisdictions.

Delegation chains are not auditable — who approved the agent's creation?
No pre-flight jurisdiction enforcement — violations logged after the fact
Mutable logs — CloudTrail entries can be deleted or modified
No cryptographic proof of what the agent actually did
Service accounts obscure the human-to-agent authorization chain

GEIANT

Cryptographic agent governance

Every agent gets an Ed25519 identity. Every action is checked against a delegation certificate before execution. Every operation produces a signed, hash-chained breadcrumb that no one can tamper with.

Ed25519 keypair is the identity — no registry, no password, no token
Delegation certificates trace every agent back to a human principal
H3 cell-level jurisdiction — checked before execution, not after
SHA-256 hash chain — tamper with one block, every subsequent block breaks
Compliance reports generated on demand — Art. 12, ISO 42001, SOC 2
Works with any orchestrator — LangChain, CrewAI, AutoGen, custom

The governance pipeline

Five primitives. One verifiable chain.

Every agent action passes through the same cryptographic pipeline — from identity provisioning to compliance report generation. Pre-flight enforcement, not post-hoc logging.

Agent identity

Ed25519 keypair generated. The public key is the identity — same key signs breadcrumbs, delegation certificates, and (optionally) Stellar transactions.

DELEG

Delegation certificate

A human principal signs a certificate authorizing the agent: which H3 cells, which capabilities, until when. Verifiable offline — no server round-trip.

GATE

Pre-flight check

Before every tool call: Is the certificate valid? Is the H3 cell authorized? Is the capability in scope? If any check fails, the operation is blocked — not logged after the fact.

SIGN

Breadcrumb drop

Tool executes. Agent signs the result with Ed25519. SHA-256 context digest of input + output. Chained to previous block. Written to audit store.

EPOCH

Epoch rollup

Breadcrumbs are periodically Merkle-rolled into epochs — compact, signed summaries. Compliance reports generated on demand for any time period.

Regulation-agnostic governance

Same cryptographic primitives. Any jurisdiction.

Delegation certificates, breadcrumb chains, and H3 jurisdiction binding are regulation-agnostic by design. The compliance report endpoint formats evidence for whichever framework applies to your deployment.

● Aug 2, 2026

European Union

EU AI Act — Articles 12 & 14

Art. 12 requires automatic event recording traceable through the AI system's lifecycle. Art. 14 requires human oversight with "seamless chain traceable to a living person." Delegation certificates + breadcrumb chains satisfy both.

GEIANT mapping: Delegation certificate → Art. 14 (human oversight). Breadcrumb chain → Art. 12 (record-keeping). Epoch rollups → Art. 12 (lifecycle traceability). Compliance endpoint → Art. 61 (post-market monitoring).

Accelerating

United States

EO 14110, Colorado SB 205, NIST AI RMF

Federal executive order on AI safety. Colorado's algorithmic discrimination law. NIST AI Risk Management Framework. Fragmented but converging on the same requirement: prove what your AI did and who authorized it.

GEIANT mapping: Agent identity → NIST Govern 1.1 (accountability). Audit trail → NIST Map 2.3 (AI risk documentation). Trust tiers → NIST Measure 2.6 (performance monitoring).

● Enforced

China

Interim Measures for Generative AI + Algorithm Rules

Already enforced. Requires algorithm registration, content traceability, and user identity verification. AI providers must maintain audit logs of generated content and decisions.

GEIANT mapping: Breadcrumb chain → content traceability. Delegation certificates → algorithm provenance. Compliance reports → regulatory audit submissions.

ISO

Certification

Global Standards

ISO 42001 · SOC 2 · GDPR Art. 22

ISO 42001 (AI Management System) is available now for certification. SOC 2 Type II requires continuous monitoring evidence. GDPR Art. 22 requires proof of human oversight for automated decisions.

GEIANT mapping: Chain verification → SOC 2 evidence. Delegation certificates → ISO 42001 control 6.2 (AI governance). Trust tiers + violation log → ISO 42001 control 8.4 (monitoring).

Deployment patterns

Two integration paths. Same governance model.

Start with the SDK for identity and compliance. Extend to the full runtime when agents need geospatial perception.

SDK

● npm

Door 1 — Identity & compliance

Keep your orchestrator. Add governance.

Install @gns-aip/sdk. Generate agent identity. Create delegation certificate. Every tool call drops a signed breadcrumb. Works with LangChain, CrewAI, OpenAI Agents, or any custom stack.

Outcome: Compliance evidence generated at runtime — not after the fact. Delegation chain traces every agent back to the human who authorized it. Zero changes to existing orchestration logic.

FULL

● Live

Door 2 — Full geospatial runtime

Agents that see the physical world.

The complete GEIANT runtime adds perception: Sentinel-2 satellite imagery, Prithvi-EO flood detection, weather data, geospatial embeddings. Every observation cryptographically signed and audit-trailed.

Outcome: Agents that monitor energy grids, detect floods, manage telecom infrastructure — with every action anchored to a real location, a real observation, and a verifiable proof chain.

M+

Energy

Energy grid

Smart meter monitoring with auditable agent governance

Agents deployed across millions of smart meters. Every anomaly alert backed by satellite classification, weather context, and a cryptographic proof chain — no false positives without physical evidence.

Outcome: Zero unverified alerts. Full regulatory audit trail. Live compliance dashboard with delegation chain, breadcrumb viewer, and epoch rollups.

FTTH

Proposal

Telecom infrastructure

Fiber network monitoring with geospatial agents

Agents manage fiber cabinets, splice points, and customer premises equipment. Each piece of infrastructure gets a permanent geographic address. Maintenance events are timestamped, signed, and anchored.

Outcome: Tamper-evident maintenance chains for regulated infrastructure. Every service event cryptographically provable — not self-reported.

Production deployment

Live infrastructure. Verifiable on demand.

The GEIANT perception service is deployed on Railway with audit breadcrumbs stored in MobyDB — every breadcrumb Ed25519-signed, Merkle-sealed per epoch, and queryable via MobyQL. Compliance reports available via HTTP endpoint.

Ed25519

Every agent action cryptographically signed

SHA-256

Hash-chained audit trail — tamper one block, chain breaks

Merkle

Epoch rollups with binary Merkle tree verification

100%

Chain verification passing — zero violations, zero gaps

Open source + managed

Open core. Managed at scale.

Self-hostable SDK under Apache 2.0 and MIT. Managed platform for teams that need infrastructure, SLA, and dedicated support.

OSS

Open source (Apache 2.0 / MIT)

github.com/GNS-Foundation

@gns-aip/sdk Agent identity, delegation, breadcrumbs, compliance scoring
langchain-gns-aip LangChain integration — wrap any agent in 3 lines
@geiant/core GeoRouter, base agent types, registry protocol
@geiant/mcp-perception Satellite tile pipeline, weather, classification
@geiant/mcp-audit Audit engine — breadcrumb chain, epochs, compliance reports
@geiant/mcp-postgis PostGIS MCP server — 11 spatial tools
mobydb Geospatial-native database — 48-byte composite key, MobyQL, Ed25519 writes · mobydb.com

IETF

TrIP Internet-Draft submitted to IETF. Trajectory-based Recognition of Identity Protocol — the open standard for agent identity verification. GEIANT implements it.

☁

GEIANT Cloud

Managed platform · Zero ops

Audit Managed audit trail — MobyDB geospatial-native storage, Merkle epochs, compliance reports
Perception Dedicated Prithvi-EO-2.0 GPU endpoints — no provisioning
Dashboard Live delegation chains, breadcrumb viewer, territory map
Identity Multi-tenant agent registry with RBAC
MCP SSE endpoint for Claude Desktop, Cursor, custom MCP clients
Enterprise MSA, dedicated support, 99.9% uptime SLA

Agent Identity SDK

Governance layer for any AI orchestrator.

The SDK is the standalone identity and delegation layer — open source, framework-agnostic, and deployable in under 10 minutes. LangChain, CrewAI, OpenAI Agents, or custom stacks.

Every AI agent that runs code, queries data, or takes action needs to answer three questions a regulator will eventually ask: Who authorized this agent? What scope was it given? Can you prove it?

The SDK answers all three with Ed25519 cryptographic identity, signed delegation chains, and a virtual breadcrumb trail — without recording prompts or outputs. The identity primitive is the same whether the agent runs in the cloud, at the edge, or in the full GEIANT geospatial runtime.

→ Full developer docs at docs.geiant.com

// npm install @gns-aip/sdk
import { generateAgentIdentity, createDelegationCert, createVirtualBreadcrumb } from '@gns-aip/sdk';

// 1. Provision: create agent identity (Ed25519 keypair)
const agent = generateAgentIdentity();

// 2. Delegate: human principal authorizes the agent
const cert = await createDelegationCert({
  agentIdentity:    agent.publicKey,
  principalIdentity: human.publicKey,
  territoryCells:   ['851e8053fffffff'],  // Rome metro
  facetPermissions: ['energy'],
  validityHours:    720,
}, human.secretKey);

// 3. Operate: every tool call drops a signed breadcrumb
const crumb = await createVirtualBreadcrumb({
  agentIdentity: agent.publicKey,
  operationCell: '851e8053fffffff',
  meta: { operationType: 'weather_query', delegationCertHash: cert.certHash, facet: 'energy', withinTerritory: true },
}, agent.secretKey, null); // null = genesis block

// npm install langchain-gns-aip
import { GNSAgentIdentity } from 'langchain-gns-aip';

// 1. Provision + delegate
const id = await GNSAgentIdentity.provision({ domain: 'energy' });
await id.delegate(principalPk, { scope: { territoryCells: ['851e8053fffffff'], facets: ['energy'] } });

// 2. Wrap: every tool call now drops an audit breadcrumb
const agent = id.wrap(myLangChainAgent);

// That's it. Your existing agent is now governance-compliant.
// Delegation certificate verifiable offline.
// Breadcrumb chain verifiable by any third party.
// Compliance report available on demand.

SDK vs. Full Runtime. The SDK gives you identity, delegation, and audit trails — works with any orchestrator. The full GEIANT runtime adds geospatial perception: satellite imagery, weather, flood detection, and a managed MCP server. Start with the SDK, scale to the runtime when you need the physical world.

Pricing

Open source core. Managed infrastructure.

The SDK is open source under Apache 2.0. The managed platform provides audit storage, compliance report generation, and GPU inference endpoints.

Open Source

Self-hosted. Full SDK. Unlimited agents. Bring your own audit storage.

@gns-aip/sdk — identity, delegation, breadcrumbs
langchain-gns-aip integration
Unlimited agents, unlimited operations
Self-hosted audit storage (MobyDB)
Community support via GitHub

Get started

Professional

$990/mo

Managed audit trail. Compliance reports. Perception stack included.

Up to 100 connected agents
Managed audit storage (12-month retention)
Compliance dashboard + report endpoint
20,000 perception calls/mo included
Slack support · 99.5% SLA

Request Access

Enterprise

Custom

Dedicated endpoints. Unlimited agents. Custom MSA. Designed for national-scale deployments.

Unlimited agents
Dedicated GPU endpoints
Custom retention & data residency
Dedicated CSM + Slack
99.9% SLA + custom MSA

Talk to us

Cryptographic identity for autonomous agents.