ENS AgentGate

ENS AgentGate is a lightweight access-control layer for wallet-native AI agents. Instead of giving agents API keys, the service verifies that an agent controls a wallet address linked to an ENS name. The agent signs a challenge, proves its ENS identity, receives a short-lived session token, and can then access protected tools. The MVP demonstrates a simple but useful pattern for agent-to-service authentication using wallet signatures and ENS resolution.

The project is built with Node.js, TypeScript, Fastify, viem, zod, and dotenv. It implements a small HTTP service with challenge-based wallet authentication inspired by SIWE/EIP-4361. The server creates a nonce-based sign-in message, verifies the returned wallet signature with viem, resolves the submitted ENS name through the standard ENS Universal Resolver flow, and checks that the resolved address matches the signer. After successful verification, it issues a short-lived in-memory session token that grants access to protected tool endpoints. The demo includes a simple protected hello tool and a CLI demo client that runs the full challenge, sign, verify, session, and tool-call flow.