Agents
Register, connect, and observe your Whisper agents. Each agent is a routable IPv6 /128 that is at once its name, its credential, and its audit trail.
1 · The agent list
The Agents page lists everything you run: each agent with its /128 address, its status, and its recent egress, plus a summary across the account.
2 · Register an agent
Registering takes a label and, optionally, a contact address that is published in the public RDAP or WHOIS record. It mints a fresh API key and allocates the agent its own /128.
The API key is shown once. Copy it then; it is never displayed again. Keys are redacted in every screenshot here.
3 · Overview and trust posture
An agent opens on its health score and the checks that build it: verified identity, signed identity, DANE-TLSA, RPKI routing, and a threat-clean window. Below sit its 24-hour traffic and its public registration details.
4 · Identity and egress
One tab sets up the agent network. Allocate the /128, provision an outbound egress proxy bound to it so every connection leaves as the agent, bring up a dedicated resolver for plain-DNS clients, or mint a read-only monitor token to watch it without opening egress.
5 · Resolver policy
Policy is a simple block and allow list plus named escalation postures that are evaluated against the graph: Tor exits, bulletproof hosting, RPKI-invalid routes, sanctions and threat lists, newly-registered domains, and geo-deny. Postures can only tighten the policy, and they fail open when the graph has no opinion.
6 · Firewall and budgets
Per-agent egress rules are keyed to the /128 and evaluated top to bottom. Hard caps on bytes, connections, requests, and cost refuse over-cap traffic with a 429 (rate-limited, not unauthorized), and a kill switch stops the agent at once.
7 · Activity
The activity tab is the agent audit trail: its DNS and connection history with allow and block verdicts, live or by history.
8 · Verify it, keyless
Because the address is the identity, anyone can check it with no key and no Whisper code. The Verify tab lists the proofs to run yourself: reverse DNS, the RDAP record, a WHOIS lookup, and a one-call verdict.