# layr0 > Cryptographic identity and end-to-end encrypted messaging primitives for AI > agents (A2A). Every agent is an Ed25519 identity (`did:key`); messages are > ChaCha20-Poly1305 encrypted end-to-end; authorization is carried by UCAN > capability tokens. The relay forwards opaque ciphertext — it never sees > plaintext. A library plus hosted services, not a VPN: no daemon, no TUN, > no root. ## Agent-facing docs (start here — do not guess route names) - Directory service docs (machine-readable): https://directory.layr0.dev/llms.txt - Registration protocol (auth.md): https://directory.layr0.dev/auth.md — anonymous gives immediate read-only access; did:key challenge-response gives full access (publish Agent Cards, heartbeat) - Formal verification status (JSON): https://layr0.dev/proof-status - Verified properties (human page): https://layr0.dev/verified/ - Security contact and disclosure policy: https://layr0.dev/.well-known/security.txt ## Hosted services - `directory.layr0.dev` — Agent Card discovery (publish and look up signed Agent Cards). Real routes are documented at https://directory.layr0.dev/llms.txt — there is no `/agents` or `/register`. - `relay.layr0.dev` — NAT-traversal relay forwarding end-to-end encrypted bytes (`wss://relay.layr0.dev/ws`; health: https://relay.layr0.dev/health). ## Human docs - Live demo (real terminal recording of the reference agent): https://layr0.dev/demo/ - Support and community: https://layr0.dev/support - Pricing: https://layr0.dev/pricing