Every action cryptographically signed by a specific DID. No more guessing which agent did what.
Your SOC 2 auditor asks: "Which agent made this API call at 3:47am on Tuesday?" With API keys, you can't answer. You know the key was used. You don't know which of the 200 workers holding that key made the call.
You try to piece it together from application logs, IP addresses, and timestamps. You guess. You hope. You present a narrative to your auditor that starts with "We believe..." instead of "We can prove..."
Shared secrets destroy attribution. When 200 agents share one key, you have a 200-way aliasing problem. You can't identify the actor. You can't meet compliance requirements. You can't pass an audit.
DID-based audit trail. Every message is cryptographically signed by the sender's DID. Every action has a provable author. Your audit log shows exactly which agent did what, when, to whom.
The signature is part of the message envelope. It's verified before processing. If the signature doesn't match, the message is rejected. No guessing. No narratives. Just cryptographic proof.
Compliance frameworks love this: SOC 2 Type II (access logs with unique identifiers), ISO 27001 (information security event logging), HIPAA (audit controls § 164.312(b)), GDPR Article 32 (ability to ensure confidentiality and integrity).
const conn = await connect('payments') await conn.value.agent.send({ to, payload })
Learn how DID-based audit trails work under the hood. Message signing, verification, and compliance attestation patterns.
Read White Paper →