The Developer Passport: From Sandbox to Production

Most developer tools make you jump through hoops before you can write your first line of code. Sign up, verify email, add payment method, read documentation, configure environment—by the time you're actually coding, you've lost momentum.

HUMΛN is different. You can create a Passport and start building in 10 seconds. No credit card, no verification, no friction. Just code.

But when you're ready to publish—when your code goes from sandbox to production—that's when verification matters. That's the publish gate.

This is how developers use HUMΛN Passports: zero-friction development, natural upgrade path, reputation as an asset.

Getting Started: 10 Seconds

Here's what creating a developer Passport looks like:

import { PassportAuth } from '@human/passport';

// Create Passport in browser (10 seconds)
const passport = await PassportAuth.create({
  displayName: "Alice Developer"  // For dev UX; in production, display/branding come from profile and org (Resource Graph)
});

console.log(passport.did); 
// did:human:550e8400-e29b-41d4-a716-446655440000

// That's it. You're ready to code.

No signup form. No email verification. No credit card. No waiting.

The Passport is created on your device. The keys are generated in your browser's Secure Enclave (or equivalent). HUMΛN's servers never see your private key. You own your identity from the first line of code.

What You Get Immediately

With a fresh Passport, you can:

Access the API: All HUMΛN APIs work with your Passport
Build integrations: Connect your apps to HUMΛN services
Test workflows: Create and test agent workflows
Use the SDK: Full TypeScript/JavaScript SDK access
Access documentation: All docs and examples available
Join the community: Developer Discord, forums, support

Everything works in sandbox mode. You can build, test, iterate—no gates, no friction.

The Sandbox Environment

Sandbox mode is intentionally permissive:

No rate limits (within reason)
No verification required
No payment required
Full API access
Full SDK access

This is your playground. Experiment, break things, learn the system. When you're ready to go production, you upgrade.

SDK Integration: TypeScript Examples

The HUMΛN Passport SDK is designed for developers who want to get things done, not configure infrastructure.

Basic Authentication

import { PassportAuth } from '@human/passport';

// Initialize (handles device key generation automatically)
const auth = new PassportAuth();

// Check if Passport exists
if (!await auth.hasPassport()) {
  // Create new Passport (10 seconds)
  await auth.createPassport({
    displayName: "My App"
  });
}

// Authenticate (uses device biometric/passkey)
const session = await auth.authenticate();

// Use session token for API calls
const response = await fetch('https://api.human.ai/v1/agents', {
  headers: {
    'Authorization': `Bearer ${session.token}`
  }
});

React Integration

import { usePassportAuth } from '@human/passport/react';

function MyApp() {
  const { passport, isAuthenticated, authenticate, createPassport } = usePassportAuth();

  if (!isAuthenticated) {
    return (
      <button onClick={createPassport}>
        Create Passport (10 seconds)
      </button>
    );
  }

  return (
    <div>
      <p>Your DID: {passport.did}</p>
      <button onClick={authenticate}>
        Authenticate
      </button>
    </div>
  );
}

Web Components (Framework-Agnostic)

<!-- Works in any framework or vanilla HTML -->
<human-passport-auth>
  <button slot="trigger">Sign In</button>
</human-passport-auth>

<script type="module">
  import '@human/passport/components';
  
  // Component handles everything:
  // - Passport creation
  // - Authentication
  // - Session management
  // - API token injection
</script>

API Client with Automatic Auth

import { HumanAPIClient } from '@human/passport';

// Client automatically handles Passport auth
const client = new HumanAPIClient({
  // Passport auth happens automatically
  // Uses device keys, handles session refresh
});

// All API calls authenticated automatically
const agents = await client.agents.list();
const agent = await client.agents.create({
  name: "Invoice Parser",
  description: "Parses invoices and extracts data"
});

Delegation for Service Accounts

// Your Passport delegates authority to a service
const delegation = await passport.delegate({
  to: serviceAgentId,
  scopes: ['agents:read', 'agents:write'],
  expiresAt: new Date('2026-12-31')
});

// Service can now act on your behalf
const serviceClient = new HumanAPIClient({
  delegationToken: delegation.token
});

The SDK handles all the complexity—key management, session refresh, token rotation, delegation. You just write your app.

The Publish Gate: What It Is and Why

When you're ready to publish your agent, workflow, or integration, you hit the publish gate. This is where sandbox ends and production begins.

What Is the Publish Gate?

The publish gate is a verification requirement that kicks in when you try to:

Publish an agent to the marketplace
Deploy a workflow to production
List an integration in the directory
Access production APIs with higher rate limits
Receive payments for work completed

It's not a barrier to development. It's a barrier to production.

Why Does It Exist?

The publish gate protects the ecosystem:

1. Prevents Spam

Without verification, malicious actors could flood the marketplace
Low-quality agents would drown out good ones
Users would lose trust in the system

2. Ensures Quality

Verified developers are more likely to maintain their code
Reputation matters when your identity is on the line
Natural filter for serious developers

3. Protects Users

Users can trust published agents come from real developers
Accountability when things go wrong
Clear path for support and bug reports

4. Builds Reputation

Your Passport becomes your developer reputation
Good work compounds over time
Bad actors can't easily create new identities

What Verification Is Required?

To pass the publish gate, you need Layer 3 verification (Social Attestation):

// Request vouches from trusted developers
const vouches = await passport.requestVouches({
  vouchers: [
    'did:human:trusted-dev-1',
    'did:human:trusted-dev-2',
    'did:human:trusted-dev-3'
  ],
  statement: 'I know this developer and vouch for their work'
});

// Once you have enough vouches, you can publish
if (await passport.hasLayer3Verification()) {
  await marketplace.publishAgent(agentId);
}

This isn't onerous. If you're a serious developer, you know other developers. They vouch for you. You vouch for them. It's a web of trust, not a bureaucratic process.

The Upgrade Path

The publish gate doesn't block you from developing. Here's the natural progression:

Week 1: Development

Create Passport (10 seconds)
Build your agent/workflow
Test in sandbox
No verification needed

Week 2: Testing

Share with beta users
Get feedback
Iterate
Still no verification needed

Week 3: Ready to Publish

Request vouches from colleagues
Upgrade to Layer 3 verification
Publish to marketplace
Verification happens when you need it, not before

The gate is there when you need it, not blocking you when you don't.

flowchart LR Create["Create Passport 10 seconds · No friction Layer 0"] Sand["Sandbox Full API access No gates, no limits"] Build["Build and iterate Test freely"] Gate{"Publish Gate Layer 3 required"} Vouch["Social attestation Colleagues vouch for you"] Pub["Marketplace Published"] Rep["Reputation compounds over time"] Create --> Sand --> Build --> Gate Gate -->|request vouches| Vouch Vouch --> Pub --> Rep

Reputation as an Asset

Here's what most developer platforms get wrong: your reputation doesn't belong to you.

On GitHub, your reputation is tied to your username. Change platforms, lose your reputation. On npm, your reputation is tied to your account. Lose access, lose reputation.

With HUMΛN Passport, your reputation is cryptographically yours.

What Builds Reputation?

Every action you take with your Passport builds reputation:

Agent Quality

Users rate your agents
Usage metrics (adoption, retention)
Bug reports and fixes
Performance metrics

Work Completion

Tasks completed in Workforce Cloud
Quality of work (client ratings)
On-time delivery
Capability demonstrations

Community Contribution

Open source contributions
Documentation improvements
Helping other developers
Vouching for others

All of this attaches to your Passport's DID. It's portable, verifiable, and yours.

Reputation Portability

Your reputation travels with you:

// Your Passport DID carries your reputation
const passport = {
  did: 'did:human:alice',
  reputation: {
    agentsPublished: 12,
    averageRating: 4.8,
    tasksCompleted: 450,
    vouchesReceived: 23
  }
};

// This reputation is verifiable
const isVerified = await verifyReputation(passport.did);
// Returns cryptographic proof of reputation claims

You can prove your reputation without revealing private data. You can show you've published 12 agents without revealing which ones. You can show your average rating without revealing individual reviews.

Your reputation is an asset you own, not data a platform controls.

The Compound Effect

Reputation compounds over time:

Month 1: You publish your first agent. Few users, low reputation.
Month 6: You've published 5 agents. Users trust you more. Higher reputation.
Year 1: You've published 20 agents, completed 1000 tasks. Strong reputation.
Year 2: Your reputation opens doors. Better opportunities, higher trust.

Each action strengthens your Passport. Each attestation adds to your reputation. Each verification increases trust.

This is the compound interest of identity applied to developer reputation.

Comparison with npm/PyPI Publishing

Let's compare HUMΛN's publish gate with traditional package registries:

npm Publishing

Current Process:

Create npm account (email verification)
Configure 2FA
Publish package (no verification)
Anyone can publish anything
Spam and malicious packages are common
Reputation tied to username (not portable)

Problems:

Low barrier allows spam
No reputation portability
No verification of developers
Reputation doesn't compound meaningfully

PyPI Publishing

Current Process:

Create PyPI account (email verification)
Configure 2FA (recently required)
Publish package (no verification)
Similar spam problems
Reputation tied to username

Problems:

Same issues as npm
No developer verification
No reputation portability

HUMΛN Publishing

Process:

Create Passport (10 seconds, no verification)
Develop in sandbox (no gates)
When ready to publish, upgrade to Layer 3 verification
Publish agent/workflow
Reputation builds on your Passport
Reputation is portable and verifiable

Advantages:

Low barrier to development (sandbox freedom)
High barrier to publishing (protects ecosystem)
Reputation belongs to you (portable)
Reputation compounds (gets stronger over time)
Verification when needed, not upfront

Comparison Table

Aspect	npm/PyPI	HUMΛN
Development Barrier	Email verification	10 seconds, no verification
Publishing Barrier	None (spam problem)	Layer 3 verification (protects ecosystem)
Reputation Ownership	Platform-owned	You own it (cryptographic)
Reputation Portability	No (tied to username)	Yes (tied to DID)
Reputation Verification	No (trust platform)	Yes (cryptographic proofs)
Spam Prevention	Weak (no verification)	Strong (verification gate)
Developer Identity	Username (changeable)	DID (permanent, portable)

Real-World Developer Journey

Let's walk through a real developer's journey:

Day 1: Discovery

Alice discovers HUMΛN. She wants to build an agent that parses invoices.

// 10 seconds to get started
const passport = await PassportAuth.create({
  displayName: "Alice"
});

// Immediately start coding
const agent = await client.agents.create({
  name: "Invoice Parser",
  // ... agent definition
});

No friction. No waiting. Just code.

Week 1: Development

Alice builds her agent in sandbox:

// Test locally
await agent.test({
  input: sampleInvoice,
  expected: parsedData
});

// Iterate, improve, test
// No verification needed
// No gates blocking her

Week 2: Beta Testing

Alice shares her agent with a few users:

// Share sandbox agent
const shareLink = await agent.share({
  mode: 'beta',
  maxUsers: 10
});

// Get feedback
// Improve based on usage
// Still no verification needed

Week 3: Ready to Publish

Alice's agent is ready. She wants to publish to the marketplace:

// Hit the publish gate
try {
  await marketplace.publishAgent(agentId);
} catch (error) {
  if (error.code === 'VERIFICATION_REQUIRED') {
    // Natural upgrade path
    await passport.upgradeToLayer3({
      requestVouches: true
    });
  }
}

// Request vouches from colleagues
const vouches = await passport.requestVouches({
  vouchers: ['did:human:bob', 'did:human:carol']
});

// Once verified, publish
await marketplace.publishAgent(agentId);

Verification happens when she needs it, not before.

Month 1: Building Reputation

Alice's agent gets adopted. Users rate it highly. She publishes more agents. Her reputation grows:

const reputation = await passport.getReputation();

console.log(reputation);
// {
//   agentsPublished: 3,
//   averageRating: 4.9,
//   totalUsers: 1250,
//   vouchesReceived: 5
// }

Year 1: Reputation as Asset

Alice's reputation opens doors:

Better opportunities in Workforce Cloud
Higher trust from users
Easier to get vouches for new developers
Reputation compounds over time

Her Passport DID carries her reputation everywhere.

Conclusion

HUMΛN's developer experience is built on a simple principle: remove friction from development, add verification when it matters.

Sandbox: Zero friction, full access, no gates
Production: Verification required, protects ecosystem, builds reputation
Reputation: Yours to own, portable, verifiable, compounds over time

You can start coding in 10 seconds. You can test freely. You can iterate without gates. When you're ready to publish, you upgrade. Your reputation builds on your Passport, travels with you, and compounds over time.

From sandbox to production. From developer to reputation. From code to identity.

That's the developer Passport.