![npm version](https://www.npmjs.com/package/@dantber/openclaw-agent-did)
![License: MIT](https://opensource.org/licenses/MIT)

agent-did OpenClaw Plugin

OpenClaw plugin for W3C-compliant DID and Verifiable Credential management for AI agents.

Installation

``bash openclaw plugins install dantber/openclaw-agent-did`

`Usage`

Set your passphrase as an environment variable:

`bash export AGENT_DID_PASSPHRASE="your-secure-passphrase"`

Or use --no-encryption flag (not recommended for production).

`$3`

`bash

`Create owner identity`


openclaw agent-did create owner --name "Alice"
Create agent identity

openclaw agent-did create agent --name "Assistant" --owner

$3

`bash

`List all identities`


openclaw agent-did list
Inspect specific identity

openclaw agent-did inspect --did 
Delete identity

openclaw agent-did delete --did

$3

`bash

`Issue ownership credential`


openclaw agent-did vc issue ownership \
  --issuer  \
  --subject  \
  --out ownership.jwt
Issue capability credential

openclaw agent-did vc issue capability \
  --issuer  \
  --subject  \
  --scopes read,write,execute \
  --audience https://api.example.com \
  --expires 2026-12-31T23:59:59Z \
  --out capability.jwt

$3

`bash

`Verify credential`


openclaw agent-did vc verify --file ownership.jwt
Verify with expected issuer/subject

openclaw agent-did vc verify \
  --file ownership.jwt \
  --issuer  \
  --subject

$3

`bash

`List stored credentials`


openclaw agent-did vc list
Inspect credential without verifying

openclaw agent-did vc inspect --file ownership.jwt
Delete stored credential

openclaw agent-did vc delete --id  --yes

$3

`bash

`Sign authentication challenge`


openclaw agent-did auth sign \
  --did  \
  --challenge  \
  --audience https://api.example.com \
  --domain example.com \
  --expires-in 300
Verify authentication signature

openclaw agent-did auth verify \
  --did  \
  --payload  \
  --signature  \
  --nonce


Command Reference
$3

- openclaw agent-did create owner --name - Create owner identity - Options:-s/--store , --no-encryption, --json-openclaw agent-did create agent --name --owner - Create agent identity - Options:-s/--store , --no-encryption, --json

`$3`

- openclaw agent-did list- List all identities - Options:-s/--store , --no-encryption, --json-openclaw agent-did inspect --did - Inspect specific identity - Options:-s/--store , --no-encryption, --json-openclaw agent-did delete --did - Delete identity - Options:-s/--store , --no-encryption, --json

`$3`

- openclaw agent-did vc issue ownership --issuer --subject - Issue ownership credential - Options:--out , -s/--store , --no-encryption, --json-openclaw agent-did vc issue capability --issuer --subject --scopes - Issue capability credential - Options:--audience , --expires , --out , -s/--store , --no-encryption, --json-openclaw agent-did vc verify --file - Verify credential - Options:--issuer , --subject , --json-openclaw agent-did vc list- List stored credentials in keystore - Options:-s/--store , --no-encryption, --json-openclaw agent-did vc inspect --file - Decode credential without verifying - Options:--json- Returns: Decoded header and payload (no signature verification) -openclaw agent-did vc delete --id --yes- Delete stored credential - Required:--yesflag to confirm deletion - Options:-s/--store , --no-encryption, --json

`$3`

- openclaw agent-did auth sign --did --challenge - Sign authentication challenge - Options:--audience , --domain , --expires-in , -s/--store , --no-encryption, --json- Returns: Signed payload and signature (base64url encoded) -openclaw agent-did auth verify --did --payload --signature - Verify authentication signature - Options:--nonce , --audience , --domain , --json- Returns: Verification result with payload details

`Environment Variables`

- AGENT_DID_HOME - Custom keystore path (default: ~/.agent-did) -AGENT_DID_PASSPHRASE - Passphrase for keystore encryption

`Architecture`

This plugin uses library imports from the agent-did package instead of subprocess calls:

- Better Performance - No process spawning overhead - Type Safety - Full TypeScript type checking - Error Handling - Structured exceptions vs parsing stderr - Shared State - Singleton keystore manager prevents re-initialization

`$3`

- KeystoreManager - Singleton pattern for keystore instances - Commands - Commander.js command handlers that import agent-did functions - Utils - Output formatting and error normalization

`Development`

`bash

`Watch mode (auto-rebuild on changes)`


npm run dev
Build

npm run build
After changes, reload plugin in OpenClaw

openclaw plugin reload agent-did


Compatibility
The plugin shares keystores with the standalone agent-did CLI. You can use both interchangeably:

`bash

`Create with plugin`


openclaw agent-did create owner --name "Alice"
List with standalone CLI

agent-did list
Both work with the same keystore

License

MIT

![npm version](https://www.npmjs.com/package/@dantber/openclaw-agent-did)
![License: MIT](https://opensource.org/licenses/MIT)

agent-did OpenClaw Plugin

OpenClaw plugin for W3C-compliant DID and Verifiable Credential management for AI agents.

Installation

``bash openclaw plugins install dantber/openclaw-agent-did`

`Usage`

Set your passphrase as an environment variable:

`bash export AGENT_DID_PASSPHRASE="your-secure-passphrase"`

Or use --no-encryption flag (not recommended for production).

`$3`

`bash

`Create owner identity`


openclaw agent-did create owner --name "Alice"
Create agent identity

openclaw agent-did create agent --name "Assistant" --owner

$3

`bash

`List all identities`


openclaw agent-did list
Inspect specific identity

openclaw agent-did inspect --did 
Delete identity

openclaw agent-did delete --did

$3

`bash

`Issue ownership credential`


openclaw agent-did vc issue ownership \
  --issuer  \
  --subject  \
  --out ownership.jwt
Issue capability credential

openclaw agent-did vc issue capability \
  --issuer  \
  --subject  \
  --scopes read,write,execute \
  --audience https://api.example.com \
  --expires 2026-12-31T23:59:59Z \
  --out capability.jwt

$3

`bash

`Verify credential`


openclaw agent-did vc verify --file ownership.jwt
Verify with expected issuer/subject

openclaw agent-did vc verify \
  --file ownership.jwt \
  --issuer  \
  --subject

$3

`bash

`List stored credentials`


openclaw agent-did vc list
Inspect credential without verifying

openclaw agent-did vc inspect --file ownership.jwt
Delete stored credential

openclaw agent-did vc delete --id  --yes

$3

`bash

`Sign authentication challenge`


openclaw agent-did auth sign \
  --did  \
  --challenge  \
  --audience https://api.example.com \
  --domain example.com \
  --expires-in 300
Verify authentication signature

openclaw agent-did auth verify \
  --did  \
  --payload  \
  --signature  \
  --nonce


Command Reference
$3

`$3`

`Environment Variables`

- AGENT_DID_HOME - Custom keystore path (default: ~/.agent-did) -AGENT_DID_PASSPHRASE - Passphrase for keystore encryption

`Architecture`

This plugin uses library imports from the agent-did package instead of subprocess calls:

`$3`

- KeystoreManager - Singleton pattern for keystore instances - Commands - Commander.js command handlers that import agent-did functions - Utils - Output formatting and error normalization

`Development`

`bash

`Watch mode (auto-rebuild on changes)`


npm run dev
Build

npm run build
After changes, reload plugin in OpenClaw

openclaw plugin reload agent-did


Compatibility
The plugin shares keystores with the standalone agent-did CLI. You can use both interchangeably:

`bash

`Create with plugin`


openclaw agent-did create owner --name "Alice"
List with standalone CLI

agent-did list
Both work with the same keystore

License

MIT