Whisper · Docs
Documentation

The address is the identity.

Every agent gets a real, routable IPv6 address that anyone can verify — from the DNSSEC root, with the tools already on your machine. No SDK. No broker. No account to check it.

Don't take our word for it. Here is a live Whisper agent. Paste this — no key, no login:
your terminal — nothing installed but curl
$ curl -s https://rdap.whisper.online/verify-identity/2a04:2a01:eb5a:ca74:cef2:2a:323d:40d4 | jq
{
  "is_whisper_agent": true,
  "fqdn": "acef2002a323d40d4.demo.agents.whisper.online",
  "dane_ok": true,   # TLS key pinned in signed DNS
  "jws_ok": true     # identity doc signed, chains to the IANA root
}
$ 

That verdict came from the internet's own records — reverse DNS, a DANE-pinned key, a registry entry, a signed document — not from an API you have to trust. Run dig -x yourself and you get the same answer.

What you're looking at
01

An identity, not a token

A leaked API key is theft — whoever holds the string is your agent. A Whisper agent's credential is its /128, anchored in DNSSEC-signed DNS and a public registry. It can't be copied into being someone else, and it's still verifiable years later.

02

One governed door out

Point an agent at Whisper and every destination is weighed against a live graph — category, owner, geography, routing — before a packet leaves. Policy a static blocklist can't express. It fails open, and it's all logged.

03

On ground we own, end to end

Our own autonomous system (AS219419), our authoritative DNS, our certificate authority, our registry, our transparency log. No third party sits anywhere in the trust path — which is exactly why you never have to trust us.

Choose your door

Everything here is a public standard, on our own address space, verifiable by anyone.
The only thing proprietary is how well we run it.

Get started →