private.me · AutoGen Integration
Identity-Based Authentication for Multi-Agent Systems
Replace API keys, OAuth tokens, and credentials with cryptographic identity for AutoGen multi-agent coordination. Zero-config setup, no cascading failures, 603× faster authentication.
15s
Setup time
603×
Faster auth
Zero
Cascading failures
0.36ms
Auth overhead
15 seconds to production
Quick Start
integrate into your existing applications with a single npm install. Works with any framework.
Create AutoGen agents with cryptographic identity. No API keys, no OAuth setup, no configuration files.
Installation
# Install both packages
npm install @private.me/autogen autogen-js
Basic Usage
import { AutoGenxBindAgent } from '@private.me/autogen'; // Create agents (identity generated automatically) const researcher = new AutoGenxBindAgent({ name: 'researcher' }); const writer = new AutoGenxBindAgent({ name: 'writer' }); // Agent-to-agent call (no credentials needed!) const result = await researcher.call(writer.getDID(), { task: 'write-summary', topic: 'AI trends' }); if (result.ok) { console.log('Result:', result.value); }
Installation
# 1. Install Node.js package (required backend) npm install @private.me/autogen autogen-js # 2. Install Python bindings pip install private-me-autogen
Basic Usage
from private_me import autogen_xbind # Create agents (identity generated automatically) researcher = autogen_xbind.AutoGenxBindAgent(name='researcher') writer = autogen_xbind.AutoGenxBindAgent(name='writer') # Agent-to-agent call (no credentials needed!) result = await researcher.call(writer.get_did(), { 'task': 'write-summary', 'topic': 'AI trends' }) if result['ok']: print('Result:', result['value'])
That's it
No API keys, no OAuth, no configuration files. Identity is generated automatically and can't be stolen.
LANGUAGE COMPARISON
TypeScript vs Python: Both APIs provide the same security guarantees and feature set. TypeScript runs directly in Node.js (~1ms overhead), while Python wraps the Node.js backend via subprocess (~2-5ms overhead).
Cascading failures
The Problem with Traditional Auth
Multi-agent systems using API keys or OAuth tokens face cascading failures when credentials expire.
Traditional Approach
Token-Based Auth (Problematic)
// OAuth token expires let accessToken = await getAccessToken(); // All agents retry simultaneously when token expires if (isExpired(accessToken)) { try { accessToken = await refreshAccessToken(); // 54,853ms latency } catch (error) { throw new Error('Re-authentication required'); } } // System-wide slowdown as all agents hit refresh endpoint
Cascading Failure
When one OAuth token expires, all agents retry simultaneously. Refresh server overloads, causing exponential backoff and system-wide slowdown.
Problems
- Token refresh adds 54,853ms latency on average
- Refresh failures cascade to all concurrent requests
- Complex token lifecycle management per agent
- Race conditions in parallel requests
- API keys can be stolen from environment variables
- Manual credential rotation required periodically
Identity-based
The xBind Solution
Agents use cryptographic identity instead of tokens. No expiry, no refresh, no cascades.
Identity-Based Auth (xBind)
// Create agent with cryptographic identity const agent = new AutoGenxBindAgent(); // Make request (identity-based, can't be stolen) const result = await agent.call(serviceName, payload); // 0.36ms auth overhead, no refresh logic, no cascades
How It Works
- Identity Generation: Agent creates Ed25519 keypair and derives DID
- Authentication Flow: Agent signs request, recipient verifies signature
- No Token Lifecycle: Identity never expires, no refresh needed
Stateless Authentication
Identity can't be stolen (cryptographic proof), never expires (no rotation), and eliminates cascading failures (each agent independent).
Performance
Benchmarks
Measured performance improvements from xBind core identity layer.
| Operation | Traditional Auth | xBind Identity | Speedup |
|---|---|---|---|
| Initial auth | 54,853ms | 91ms | 603× |
| Subsequent requests | 50ms | 0.36ms | 139× |
| Total E2E latency | 55,000ms | 14,634ms | 3.76× |
| Auth overhead | 99.8% | 0.6% | -99.4% |
Test environment: 500 concurrent agents, 1000 requests each
603×
Faster than OAuth
73.4%
Faster E2E
0.36ms
Auth overhead
Pricing & Subscription
Purchase AutoGen
Start with a 3-month trial. Upgrade as your multi-agent system scales.
Pricing Tiers
Standard pricing: $5/month Basic • $10/month Pro • $15/month Enterprise
Basic
$5/month
AutoGen integration, agent identity, group chat security, basic trust registry
Best for development
Pro
$10/month
Everything in Basic plus advanced agent policies, custom conversation controls, enhanced monitoring
Best for production
Enterprise
$15/month
Everything in Pro plus air-gapped deployment, white-label branding, dedicated support, SLA
Best for scale
Volume Discounts
- 5-9 ACIs: 10% off all tiers
- 10-19 ACIs: 20% off all tiers
- 20+ ACIs: 30% off all tiers
- Annual prepay: Additional 10-15% discount
How to Purchase
Subscribe to AutoGen via our secure checkout. All subscriptions include 3-month trial.
Purchase Endpoint (RFC 7807 Errors)
// POST to purchase endpoint with product ID const response = await fetch('https://private.me/api/purchase', { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ product: 'autogen', tier: 'basic', // or 'middle', 'enterprise' email: 'user@example.com' }) }); // Success Response (HTTP 200 OK) const result = await response.json(); // { "status": "success", "subscription_id": "sub_...", "trial_end": "2026-07-28T12:00:00Z" }
Error Responses (RFC 7807)
HTTP 400 BAD REQUEST
{
"type": "https://private.me/errors/invalid-tier",
"title": "Invalid Subscription Tier",
"status": 400,
"detail": "Tier must be 'basic', 'middle', or 'enterprise'",
"instance": "/api/purchase/req-abc123",
"fields": {
"tier": "Invalid value 'premium'. Expected 'basic', 'middle', or 'enterprise'."
}
}
Common Error Types
- invalid-tier — Tier must be 'basic', 'middle', or 'enterprise'
- invalid-email — Email format validation failed
- duplicate-subscription — Active subscription already exists for this email
Real-world applications
Use Cases
AutoGen powers identity-based authentication for multi-agent coordination across industries.
Multi-Agent Orchestration
Agent Coordination
Multiple AutoGen agents collaborate on complex tasks without shared API keys. Each agent has its own identity.
Group Chat Security
Secure Conversations
Group chat between agents with cryptographic verification. No central auth server, no token sharing.
Agent Pipelines
Sequential Workflows
Chain agents in pipelines where each step authenticates the next using identity, not credentials.
Dynamic Agent Networks
Self-Organizing Systems
Agents discover and authenticate each other dynamically using trust registry. No pre-shared secrets.
Setup
Installation
npm
npm install @private.me/autogen autogen-js
yarn
yarn add @private.me/autogen autogen-js
pnpm
pnpm add @private.me/autogen autogen-js
Install — Python bindings
# 1. Install Node.js package (required backend) npm install @private.me/autogen autogen-js # 2. Install Python bindings pip install private-me-autogen
Python bindings wrap the Node.js backend via subprocess. Both TypeScript and Python provide the same security guarantees and feature set.
Code examples
Usage Examples
Basic Multi-Agent Setup
Create Multiple Agents
import { AutoGenxBindAgent } from '@private.me/autogen'; const researcher = new AutoGenxBindAgent({ name: 'researcher', verbose: true }); const writer = new AutoGenxBindAgent({ name: 'writer', verbose: true }); console.log(`Researcher DID: ${researcher.getDID()}`); // Output: Researcher DID: did:key:z6Mkh... console.log(`Writer DID: ${writer.getDID()}`); // Output: Writer DID: did:key:z6Mke...
Agent-to-Agent Calls
Make Authenticated Calls
// Call another agent using its DID const result = await researcher.call(writer.getDID(), { task: 'write-summary', topic: 'AI trends', data: { finding1: 'Large models improving efficiency', finding2: 'Reduced hallucination rates' } }); if (result.ok) { console.log('Result:', result.value); } else { console.error('Error:', result.error); }
Agent Messaging
Send/Receive Messages
// Send message to another agent await researcher.send(writer.getDID(), { type: 'notification', message: 'Research complete, ready for writing' }); // Receive messages const messages = await writer.receive(); if (messages.ok) { for (const msg of messages.value) { console.log('Received:', msg); } }
Identity Persistence
Export/Import Identity
// Export identity for storage const exportResult = await researcher.exportIdentity(); if (exportResult.ok) { await fs.writeFile('researcher.key', exportResult.value); } // Import identity on restart const identityBytes = await fs.readFile('researcher.key'); const importResult = await AutoGenxBindAgent.fromIdentity(identityBytes); if (importResult.ok) { const restoredResearcher = importResult.value; console.log(`Restored: ${restoredResearcher.getDID()}`); }
Technical reference
API Reference
AutoGenxBindAgent
Main agent class with xBind identity-based authentication.
new AutoGenxBindAgent(config?: AutoGenxBindConfig)
Create a new AutoGen agent with cryptographic identity. Identity is generated automatically if not provided.
Config options:
Config options:
name?: string- Agent name (for logging/debugging)agentOptions?: AgentOptions- xBind agent optionsverbose?: boolean- Enable verbose loggingidentityProvider?: xBindIdentityProvider- Custom identity provider
getDID(): string
Get the agent's DID (Decentralized Identifier). Returns a string like
did:key:z6Mkh...
call<T>(agentName: string, payload: unknown): Promise<Result<T, Error>>
Call another agent using identity-based authentication. No credentials required.
Parameters:
Returns:
Parameters:
agentName- Name or DID of the agent to callpayload- Request payload (task data, parameters, etc.)
Returns:
Result<T, Error> - Operation result with ok flag
send(to: string, payload: unknown): Promise<Result<void, Error>>
Send a message to another agent. Fire-and-forget messaging.
Parameters:
Parameters:
to- Recipient agent name or DIDpayload- Message payload
receive<T>(): Promise<Result<T[], Error>>
Receive messages from other agents. Returns array of all pending messages.
register(registryUrl?: string): Promise<Result<void, Error>>
Register this agent with a trust registry for service discovery. Optional for basic usage.
Parameters:
Parameters:
registryUrl- Optional trust registry URL
exportIdentity(): Promise<Result<Uint8Array, Error>>
Export agent identity for persistence. Returns PKCS#8 private key bytes.
static fromIdentity(pkcs8: Uint8Array, config?: AutoGenxBindConfig): Promise<Result<AutoGenxBindAgent, Error>>
Create agent from existing identity. Use this to restore a previously saved agent.
Parameters:
Parameters:
pkcs8- PKCS#8 private key bytes (fromexportIdentity)config- Agent configuration
Transition path
Migration from Traditional Auth
Before: API Keys
Token-Based (Old)
// Configure credentials const apiKey = process.env.AUTOGEN_API_KEY; if (!apiKey) throw new Error('API key not configured'); // Every agent needs credentials const agent1ApiKey = process.env.AGENT1_API_KEY; const agent2ApiKey = process.env.AGENT2_API_KEY; // Make request with credentials const response = await fetch(agentUrl, { headers: { 'Authorization': `Bearer ${apiKey}` } }); if (response.status === 401) { throw new Error('Authentication failed'); }
Problems: API keys can be stolen, keys expire and require rotation, revoked keys cascade to all agents, manual credential management per agent.
After: xBind Identity
Identity-Based (New)
// Create agents (identity generated automatically) const agent1 = new AutoGenxBindAgent({ name: 'agent1' }); const agent2 = new AutoGenxBindAgent({ name: 'agent2' }); // Make request (identity-based, can't be stolen) const result = await agent1.call(agent2.getDID(), payload); if (!result.ok) { // Handle error (but never "key expired") console.error(result.error); }
Benefits: Identity can't be stolen (cryptographic proof), never expires (no rotation needed), no cascading failures (each agent independent), zero credential management.
Feature comparison
xBind vs Traditional Auth
| Feature | API Keys | OAuth 2.0 | xBind Identity |
|---|---|---|---|
| Setup Time | Minutes | Hours | 15 seconds |
| Auth Latency | ~50ms | ~55,000ms | 0.36ms |
| Can Expire? | Yes | Yes | No |
| Can Be Stolen? | Yes | Yes | No |
| Cascading Failures? | Yes | Yes | No |
| Rotation Required? | Yes | Yes | No |
| Credential Storage? | Required | Required | Optional |
| Revocation Support? | Manual | Automatic | Trust Registry |
Cryptographic security
Security
Identity Storage
Development (File Storage)
// Store identity in file (for testing only) const identity = await agent.exportIdentity(); if (identity.ok) { await fs.writeFile('agent.key', identity.value); }
Production (KMS)
// Store in secure key management system const identity = await agent.exportIdentity(); if (identity.ok) { await kms.storeSecret('agent-identity', identity.value); }
Recommended Storage
- AWS KMS / Secrets Manager
- HashiCorp Vault
- Azure Key Vault
- Google Cloud Secret Manager
Best Practices
- Never commit identity files to git - Add
*.keyto.gitignore - Encrypt identities at rest - Use KMS or similar encryption service
- Rotate identities periodically - Create new identity, update registry, revoke old
- Use trust registries in production - Enable discovery and revocation
Security Warning
Private keys are sensitive. Never log them, never commit them to version control, and always encrypt them at rest.
How it works
Architecture
Identity Generation
Agent creates Ed25519 keypair and derives DID. Ready to authenticate immediately.
Authentication Flow
- Agent signs request with private key
- Recipient extracts DID from request
- Recipient verifies signature using public key from DID
- Request authorized if signature valid
No Token Lifecycle
Traditional vs xBind
Traditional: Generate → Use → Refresh → Expire → Repeat xBind: Generate → Use → (forever, no expiry)
Identity Format
DID Structure
did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK │ │ └─────────────────────────────┬─────────────────────────┘ │ │ │ │ │ Public key (base58) │ │ │ method (key or privateme) │ scheme (did)
No Cascading Failures
In traditional auth systems, one expired token causes all agents to retry simultaneously, overloading the refresh server and triggering exponential backoff.
With xBind identity, each agent has independent cryptographic identity. No tokens expire, so cascading failures are impossible.
Common issues
Troubleshooting
Agent creation fails
Solution
// Wrap in try/catch try { const agent = new AutoGenxBindAgent(); console.log(`Created: ${agent.getDID()}`); } catch (error) { console.error('Agent creation failed:', error); }
Agent-to-agent calls fail
Solution
// Always check result.ok const result = await agent.call('service', data); if (result.ok) { console.log('Success:', result.value); } else { console.error('Failed:', result.error); }
Identity persistence issues
Solution
// First run: export identity const agent = new AutoGenxBindAgent(); const identity = await agent.exportIdentity(); await fs.writeFile('agent.key', identity.value); // Subsequent runs: import identity const identityBytes = await fs.readFile('agent.key'); const result = await AutoGenxBindAgent.fromIdentity(identityBytes); const agent = result.value;
Metrics
Performance
Memory Usage
- Agent creation: ~2KB per agent
- Identity storage: 64 bytes (PKCS#8)
- Provider: ~1KB
Latency Breakdown
Traditional (OAuth)
Token check: 10ms Token expired: yes Refresh token: 54,853ms ← BOTTLENECK Retry request: 50ms ──────────────────────── Total: 54,913ms
xBind
Sign request: 0.36ms Send request: 50ms ──────────────────────── Total: 50.36ms (1091× faster)