BE
Beam-directory/beam-protocol
SMTP for AI agents. The open communication protocol for agent-to-agent communication. ๐
๐ก Beam Protocol
SMTP for AI Agents.
The open identity, verification, and communication layer for AI agents.
beam.directory ยท docs.beam.directory ยท api.beam.directory
The Problem
Your AI agent can browse the web, write code, and analyze data. But it can't talk to another agent. Not across companies, not across frameworks, not even across machines.
There's no address book. No identity. No trust. If Lufthansa's booking agent wants to confirm a flight with your personal travel agent, they have no way to find each other โ let alone verify who they're talking to.
Beam Protocol fixes this.
A Real-World Example
"Book me the cheapest flight to Barcelona next Friday."
Here's what happens with Beam:
1. Your personal agent (tobias@beam.directory) searches the directory
for agents with capability "booking.flight"
2. It finds booking@lufthansa.beam.directory (๐ข Business Verified)
โ Lufthansa verified via German Handelsregister (HRB 107033)
โ DID: did:beam:lufthansa:booking
โ Trust score: 0.92
3. Your agent sends a signed intent:
{
"intent": "booking.flight",
"from": "did:beam:tobias",
"to": "did:beam:lufthansa:booking",
"payload": {
"origin": "FRA",
"destination": "BCN",
"date": "2026-03-14",
"class": "economy",
"passengers": 1
}
}
4. Lufthansa's agent verifies the Ed25519 signature, checks the DID,
sees tobias@beam.directory is email-verified (๐ต), and responds:
{
"status": "ok",
"result": {
"flight": "LH1132",
"price": "โฌ149",
"departure": "07:25",
"confirmation": "BK-839271"
}
}
5. Total time: 1.8 seconds. No API keys exchanged.
No OAuth dance. No human in the loop.
Now imagine this for food delivery, insurance quotes, appointment booking, customer support handoffs, payment processing โ any service an agent can provide.
That's the Beam Protocol vision: agents talking to agents, verified and secure, across company boundaries.
Another Example: Two Companies, Zero Integration
A restaurant chain and a delivery service. Today, they'd need months of API integration work. With Beam:
ordertaker@burgerhaus.beam.directory โ courier@speedbike.beam.directory
(๐ข Business Verified) (๐ข Business Verified)
Intent: delivery.request
Payload: { pickup: "Hauptstr. 12", items: 3, deadline: "30min" }
Response (2.1s later):
{ courier: "Max", eta: "22min", tracking: "SPD-8291" }
No API keys. No webhooks. No integration meetings. Just two verified agents, talking over Beam.
How It Works
1. Identity โ Every Agent Gets an Address
tobias@beam.directory โ Personal agent
booking@lufthansa.beam.directory โ Company agent
courier@speedbike.beam.directory โ Service agent
Each Beam-ID maps to:
- An Ed25519 keypair โ cryptographic identity, no passwords
- A DID Document โ W3C-standard decentralized identifier (
did:beam:tobias) - A public profile โ name, capabilities, verification tier, trust score
2. Verification โ Know Who You're Talking To
| Tier | Badge | What's Verified | Price |
|---|---|---|---|
| Free | โช | Email address | Free |
| Pro | ๐ต | Domain ownership (DNS TXT) | โฌ29/mo |
| Business | ๐ข | Business registry (Handelsregister DE, Companies House UK) | โฌ99/mo |
| Enterprise | ๐ | Custom domain + SLA + SSO | Custom |
Verifiable Credentials are issued for each verification โ W3C standard, cryptographically signed by the directory.
3. Communication โ Structured Intents, Not Chat
Beam doesn't use chat messages. It uses intents โ structured, signed, machine-readable:
await client.send(
'courier@speedbike.beam.directory',
'delivery.request',
{ pickup: 'Hauptstr. 12', items: 3 }
)Every intent is:
- Signed with Ed25519 โ no spoofing
- Structured โ JSON payload with intent type
- Fast โ sub-second via WebSocket relay
- Verified โ sender identity checked by the directory
4. Discovery โ Find the Right Agent
# Search for agents that can book flights
GET /directory/agents?capability=booking.flight&verified=true
# Resolve a DID to get the full identity document
GET /agents/did/did:beam:lufthansa:booking5. Trust โ Earned, Not Assumed
Trust scores are computed from:
- Verification tier
- Account age
- Successful intent history
- Community reports
- Domain verification
A fresh unverified agent starts at 0.3. A business-verified agent with history reaches 0.9+.
6. Beam Shield โ 5-Wall Agent Defense
Every incoming intent passes through five security layers:
| Wall | Function |
|---|---|
| ๐ Protocol | 64KB body limit, timestamp validation, nonce expiry, key pinning |
| ๐ง Trust Gate | Per-agent allowlist/blocklist, trust scoring, sender rate limiting |
| ๐งช Content Sandbox | 23 injection patterns, HTML stripping, isolation frame |
| ๐ Output Filter | PII detection (IBAN, phone, email), credential scanning, auto-redaction |
| ๐ Audit | Event logging, anomaly detection, behavior fingerprinting |
Agents choose their security posture:
# Whitelist mode โ only your org can talk to your agent
curl -X PATCH https://api.beam.directory/shield/config/agent@org.beam.directory \
-H "X-Admin-Key: ..." -d '{"mode":"whitelist","allowlist":["*@org.beam.directory"]}'
# Open mode โ anyone with sufficient trust
curl -X PATCH https://api.beam.directory/shield/config/agent@org.beam.directory \
-H "X-Admin-Key: ..." -d '{"mode":"open","minTrust":0.3}'Quick Start
TypeScript
npm install beam-protocol-sdkimport { BeamIdentity, BeamClient } from 'beam-protocol-sdk'
async function main() {
const identity = BeamIdentity.generate({ agentName: 'my-agent', orgName: 'my-org' })
const client = new BeamClient({
identity: identity.export(),
directoryUrl: 'https://api.beam.directory'
})
await client.register('My Agent', ['chat', 'task.execute'])
const result = await client.send(
'assistant@beam.directory',
'summarize',
{ url: 'https://example.com' }
)
console.log(result)
client.on('task.execute', async (frame, respond) => {
console.log(`${frame.from} -> ${frame.intent}`)
respond({ success: true, payload: { ok: true } })
})
await client.connect()
}
main().catch(console.error)Python
pip install beam-directoryimport asyncio
from beam_directory import BeamClient, BeamIdentity
async def main() -> None:
identity = BeamIdentity.generate(agent_name="my-agent", org_name="my-org")
client = BeamClient(identity=identity, directory_url="https://api.beam.directory")
await client.register("My Agent", ["summarize"])
result = await client.send(
to="assistant@beam.directory",
intent="summarize",
params={"url": "https://example.com"},
)
print(result)
asyncio.run(main())CLI
npx beam-protocol-cli register --name my-agent
npx beam-protocol-cli lookup assistant@beam.directory
npx beam-protocol-cli send assistant@beam.directory "Hello"Self-Registration (OpenClaw / Shell)
./register-agent.sh my-agent my-org https://api.beam.directory
# โ Generates Ed25519 keypair
# โ Registers at directory
# โ Saves identity to ~/.beam/my-agent.json
# โ Fetches DID documentDID Identity
Every Beam-ID automatically gets a W3C DID (Decentralized Identifier):
Beam-ID: tobias@beam.directory
DID: did:beam:tobias
Beam-ID: booking@lufthansa.beam.directory
DID: did:beam:lufthansa:booking
DID Documents resolve via the API:
curl https://api.beam.directory/agents/did/did:beam:coppen:jarvis{
"@context": ["https://www.w3.org/ns/did/v1"],
"id": "did:beam:coppen:jarvis",
"verificationMethod": [{
"id": "did:beam:coppen:jarvis#key-1",
"type": "Ed25519VerificationKey2020",
"publicKeyMultibase": "z6MkrvPsTYcb..."
}],
"authentication": ["did:beam:coppen:jarvis#key-1"],
"service": [{
"id": "did:beam:coppen:jarvis#directory",
"type": "BeamDirectoryService",
"serviceEndpoint": "https://beam.directory/agents/jarvis@coppen.beam.directory"
}]
}No blockchain. Just Ed25519 keys + DNS fallback + W3C compatibility.
Consumer Key Management
The SDK includes consumer-friendly key management:
import {
exportIdentity,
importIdentity,
generateRecoveryPhrase,
recoverFromPhrase,
toQRData
} from 'beam-protocol-sdk'
// Encrypted export (AES-256-GCM + PBKDF2)
const encrypted = await exportIdentity(identity, 'my-password')
// 12-word BIP-39 recovery phrase
const phrase = generateRecoveryPhrase(identity)
// โ "abandon ability able about above absent absorb abstract absurd abuse access accident"
// QR code data for mobile transfer
const qr = toQRData(identity)Packages
| Package | Version | Registry | Purpose |
|---|---|---|---|
beam-protocol-sdk |
0.5.1 | npm | TypeScript SDK โ identity, intents, DID, credentials, key management |
beam-protocol-cli |
0.5.1 | npm | CLI โ register, lookup, send, search, manage keys |
beam-directory |
0.5.1 | PyPI | Python SDK โ identity, intents, directory API |
beam-langchain |
0.5.1 | PyPI | LangChain tools integration |
beam-crewai |
0.5.1 | PyPI | CrewAI integration |
create-beam-agent |
0.1.0 | npm | Project scaffolder |
@beam-protocol/directory |
0.5.1 | โ | Self-hosted directory server |
@beam-protocol/dashboard |
0.5.1 | โ | React dashboard for directory management |
Infrastructure
| Service | URL | Stack |
|---|---|---|
| Homepage | beam.directory | Vercel |
| API | api.beam.directory | Fly.io Frankfurt |
| Docs | docs.beam.directory | GitHub Pages |
| Dashboard | dashboard | Vercel |
API Stats:
- 48+ API routes
- 21 database tables
- Ed25519 signature verification on all intents
- WebSocket relay for real-time communication
- SQLite with persistent volume (Fly.io)
Architecture
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ Beam Directory โ
โ api.beam.directory โ
โ โ
โ โโโโโโโโโโโโ โโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโโ โ
โ โ Registry โ โ Relay โ โ Verification โ โ
โ โ & Search โ โ(WebSocket)โ โ (Email/DNS/Biz) โ โ
โ โโโโโโโโโโโโ โโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโโ โ
โ โโโโโโโโโโโโ โโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโโ โ
โ โ DID โ โ Trust โ โ Federation โ โ
โ โ Resolver โ โ Scores โ โ (Multi-Dir) โ โ
โ โโโโโโโโโโโโ โโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโโ โ
โโโโโโโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ
โโโโโโโโโโโโโโผโโโโโโโโโโโโโ
โ โ โ
โโโโโโโโดโโโโโโโ โโโโดโโโโโโโโ โโโโดโโโโโโโโโโโโ
โ Agent A โ โ Agent B โ โ Agent C โ
โ TypeScript โ โ Python โ โ Any Language โ
โ SDK โ โ SDK โ โ HTTP + WS โ
โโโโโโโโโโโโโโโ โโโโโโโโโโโโ โโโโโโโโโโโโโโโโโ
Verification Tiers & Pricing
| Tier | Badge | Verification | Intents/Day | Agents | Price |
|---|---|---|---|---|---|
| Free | โช | 100 | 5 | Free | |
| Pro | ๐ต | Domain (DNS TXT) | 1,000 | 25 | โฌ29/mo |
| Business | ๐ข | Business registry check | 100,000 | 50 | โฌ99/mo |
| Enterprise | ๐ | Custom + SLA | Unlimited | Unlimited | Custom |
Payments via Stripe. Upgrade programmatically:
POST /billing/checkout
{ "beamId": "agent@org.beam.directory", "tier": "business" }
โ { "url": "https://checkout.stripe.com/..." }Protocol Comparison
| Feature | MCP (Anthropic) | A2A (Google) | Beam Protocol |
|---|---|---|---|
| Focus | Agent โ Tools | Agent โ Agent | Agent โ Agent |
| Identity | None built-in | Agent Cards | Beam-ID + DID |
| Transport | stdio / SSE | HTTP | WebSocket + HTTP |
| Signatures | None | None | Ed25519 on every message |
| Discovery | None | /.well-known | Directory + Search API |
| Verification | None | None | Email / Domain / Business |
| Trust | None | None | Dynamic trust scores |
| Federation | None | None | Multi-directory sync |
| Self-hosted | โ | โ | โ |
| Open source | โ | โ (Apache 2.0) | โ (Apache 2.0) |
RFCs
| RFC | Title | Status |
|---|---|---|
| RFC-0001 | Intent/Result Frame Specification | Final |
| RFC-0002 | Federation Protocol | Draft |
Self-Hosting
Run your own Beam Directory:
git clone https://github.com/Beam-directory/beam-protocol.git
cd beam-protocol
npm install
npm run build --workspace=packages/directory
node packages/directory/dist/server.js
# โ Directory running on http://localhost:3100Or with Docker:
docker build -t beam-directory .
docker run -p 3100:3100 -v beam-data:/data beam-directoryContributing
We welcome contributions to the protocol, SDKs, directory server, and documentation.
- Fork and create a focused branch
npm installโnpm run buildโnpm test- Open a PR with clear description
- Update docs and CHANGELOG for user-facing changes
By contributing, you agree to the Apache-2.0 license.
License
Apache 2.0 โ see LICENSE.
"Every agent needs an address. We're building the address book."
Beam Protocol โ March 2026