Agent Binding Model

Version: GD/1.2 — Module: Identity Model

Definition#

AI agents operate under domain authority. They are not independent identities. They inherit authority from the parent domain — and that authority is explicit, scoped, and revocable.

Without a domain-anchored identity, an AI agent is a black box: unknown authorization, unknown scope, no accountability. With Gao Domain, every agent is a verifiable entity under a known authority.

Structure#

merchant.gao
├── Owner Key (root authority)
└── Agent Keys (scoped, delegated)
    ├── assistant.merchant.gao   [read:data, respond:messages]
    ├── booking.merchant.gao     [read:calendar, write:appointments]
    └── pay-agent.merchant.gao   [initiate:payment ≤ $200]

Agents are bound as subdomains of the parent domain. They inherit the parent’s trust badge. A ✅ Business Verified merchant means every agent under that merchant is also ✅ Business Verified — verifiably so.

Permission Model#

Each agent has an explicit permission scope defined at binding time:

{
  "agent_domain": "assistant.merchant.gao",
  "parent_domain": "merchant.gao",
  "public_key":    "0xAGENT_KEY...",
  "scope":         ["read:data", "respond:messages", "schedule:appointments"],
  "created_at":    "2026-02-01T00:00:00Z",
  "expires_at":    "2027-01-01T00:00:00Z",
  "revocable":     true,
  "active":        true
}

Example Agent Scopes

Agent

Permitted

Not Permitted

assistant.merchant.gao

Read data, respond to messages, schedule appointments

Access financial data, make payments

booking.merchant.gao

Read calendar, write appointments, send confirmations

Access payment records, modify pricing

pay-agent.merchant.gao

Initiate payments ≤ $200, issue receipts

Access private keys, exceed payment limit

Security Principles#

Cannot escalate. An agent authorized for booking cannot grant itself payment permissions. Scope is set at binding time by the owner key. No in-flight escalation is possible.

Cannot override owner. The owner key is the root authority. An agent operating under merchant.gao cannot modify the domain’s wallet mapping, change ownership, or grant additional permissions to itself.

Explicit, not implicit. Agents have only the permissions the owner assigns. There are no default permissions. An agent with no scope has no authority.

Time-bound. Permissions automatically expire on the set date. No agent can hold permanent authority without the owner actively renewing it.

Instantly revocable. The owner can revoke any agent’s authority at any time. Revocation takes effect immediately — no grace period for the agent.

Verification#

Any external system can verify an agent’s identity and authority scope before accepting its requests:

GET /v1/agent/verify?domain=assistant.merchant.gao&action=schedule_appointment

{
  "agent_domain":      "assistant.merchant.gao",
  "parent_domain":     "merchant.gao",
  "authorized":        true,
  "scope":             ["read:data", "respond:messages", "schedule:appointments"],
  "action_permitted":  true,
  "action_requested":  "schedule_appointment",
  "expires_at":        "2027-01-01T00:00:00Z",
  "parent_trust_level": 2,
  "parent_trust_label": "Business Verified"
}

If the action is outside scope:

{
  "authorized":        true,
  "action_permitted":  false,
  "action_requested":  "initiate_payment",
  "reason":            "Action 'initiate_payment' is outside the declared scope for this agent."
}

---

### Trust Inheritance

The agent inherits the parent domain’s trust badge. If `merchant.gao` is `✅ Business Verified`, then `assistant.merchant.gao` displays as:

🤖 assistant.merchant.gao ✅ Authorized agent of merchant.gao Business Verified — Merchant Inc · Houston, TX Scope: read:data, respond:messages, schedule:appointments Expires: 2027-01-01


An unverified parent produces an unverified agent — regardless of what the agent claims about itself. The trust signal cannot be spoofed through the agent path.

---

### Integration with Layer 8 (Gao AI OS)

When an AI agent operates through Gao AI OS (Layer 8), the agent binding at Layer 5 (Domain) provides the authority anchor for the CAP token system at Layer 8.

Layer 5 — Gao Domain agent.merchant.gao [scope: booking, payment ≤ $200] ↓ Layer 8 — Gao AI OS CAP token issued within domain scope GAR v1 validates CAP against domain binding Receipt references both agent_domain and parent_domain


The domain binding is the root that makes the Layer 8 execution auditable end-to-end: from domain authority → CAP grant → execution → on-chain receipt.

---

### Why This Matters

**The problem without agent identity:**

-   An AI agent contacts your business. You have no way to know who authorized it, what it is permitted to do, or how to hold it accountable.
    
-   A scammer deploys an agent claiming to be from a known company. There is no verification mechanism.
    

**With Gao Domain agent binding:**

-   Every agent has a verifiable identity under a known domain
    
-   The parent domain’s trust badge signals the trustworthiness of the agent
    
-   Scope is verifiable on-demand by any system
    
-   Expiry is automatic — no persistent, unchecked access
    
-   Revocation is immediate and cryptographically enforced
    

This is the foundation that makes a trustworthy multi-agent internet possible.

---

_Agent binding is one capability of the identity container. See Identity Container for the full model. For Layer 8 AI OS execution, see Gao AI OS documentation._