Departure records for AI agents.

Think Carfax, but the agent signs it — not the dealer.

import { quickExit, quickVerify, toJSON } from "cellar-door-exit";

// Create a signed departure marker
const { marker } = quickExit("did:web:platform.example");

// Verify it — works offline, works years later
const result = quickVerify(toJSON(marker));
console.log(result.valid); // true

Get Started → npm install cellar-door-exit

1,401 tests· 13 packages· ~335 bytes per marker· Apache 2.0

The Problem

The world is building AI agents that won't stay in one place.

They'll call tools on other platforms. They'll be cloned across environments. Platforms will shut down, get acquired, or change terms. Agents will be banned, migrated, or simply outgrow where they started.

Every one of these transitions is invisible today. No record. No proof. The platform pretends it never happened.

Think of it like global shipping. Point-to-point delivery works with simple rules: the sender is responsible. But a global supply chain with twelve handoffs needs bills of lading and chain-of-custody documentation — not because packages became people, but because the complexity of the movement exceeded what origin-liability alone could track. AI agents are at that inflection point now.

That's not just inconvenient — it's a liability gap that makes agent deployment uninsurable and unauditable.

AI agents probably can't be contained forever.

But they can still be safe.

Insurance can't price agent risk without departure history
GDPR requires erasure proof when agents carry PII across borders
Liability after incidents depends on conditions nobody records

How It Works

EXIT markers are signed, portable, offline-verifiable departure certificates.

7 mandatory fields. ~335 bytes. Content-addressed. Verifiable years later without the origin platform being online.

🤝

Cooperative

Both parties sign. Full mutual attestation.

✋

Unilateral

Agent signs alone. No cooperation needed.

⚡

Emergency

Immediate exit. One step. No waiting.

Cooperative Ceremony

The standard path when both agent and platform are willing participants.

Agent declares intent to depart
Platform acknowledges and prepares departure record
Both parties review marker fields (status, reason, metadata)
Agent signs the marker
Platform co-signs, adding its attestation
Final marker is content-addressed and portable

Result: Strongest trust signal. Two independent signatures on one record.

Unilateral Ceremony

When the platform is unresponsive, hostile, or the agent simply chooses to leave.

Agent creates the departure marker independently
Agent signs with its own key
Marker is valid but self-attested (no platform co-signature)
Optional: TSA timestamp adds temporal evidence

Result: Weaker trust, but the agent is never trapped. The right to leave is unconditional.

Emergency Ceremony

For hostile environments, security incidents, or imminent data loss.

Agent creates marker with exitType: "emergency"
Single-step: create, sign, and store in one operation
Requires emergencyJustification field
No waiting period, no acknowledgment required

Result: Minimum viable departure record. Speed over completeness.

Disputes change status — they never block departure.

Why This Matters

"Departure is a right. Admission is a privilege."

Without departure records, only organizations big enough to absorb unlimited liability will run agents. That's three companies. Maybe four.

EXIT makes departure auditable. Auditable departure makes freedom viable.

Anti-weaponization is baked into the protocol spec — not bolted on after the fact.

Technical Details

Algorithms

Ed25519 (default) + P-256 (FIPS)

Agility

Algorithm negotiation, fail-closed

Corrections

Amendment & Revocation with discovery

Privacy

Crypto-shredding for GDPR erasure

Integrations

LangChain · Vercel AI SDK · MCP · Eliza

Quality

1,401 tests · 13 packages · Apache 2.0

Read the Spec Paper Legal Analysis NIST Demo

Works with: LangChain · Vercel AI SDK · Model Context Protocol · Eliza · ENTRY Protocol · OpenClaw
On-chain: EAS · ERC-8004 · Sign Protocol
Python: exit-door · entry-door · exit-door-langchain