I've spent 20 years building identity and security systems (EA, Nexon IPO, two patents in cryptographic auth). Started building multi-agent pipelines last year and hit a problem: when something breaks, there's no way to know which agent produced what.
MOSS gives agents cryptographic identities and signs their outputs. Each signature includes ML-DSA-44 (post-quantum, FIPS 204), a sequence number for replay detection, and a SHA-256 payload hash.
pip install moss-sdk
from moss import Subject
agent = Subject.create("moss:myapp:agent-1")
envelope = agent.sign({"action": "approve", "amount": 500})
Framework integrations: moss-crewai, moss-autogen, moss-langgraph, moss-langchain
Why post-quantum: audit logs need to stay verifiable for years. Chose ML-DSA-44 over Ed25519 for that reason.
Spec: https://github.com/mosscomputing/moss/blob/main/SPEC.md Site: https://mosscomputing.com
Happy to answer questions on the design.