Token Holder — docs.

One protocol. Signed audit chain. Three-level identity. Agent-attributed access control.

Token Holder is a local-first data-sovereignty layer for AI agents. It runs as a desktop wallet + HTTP API on your own machine, mediates every grant-checked access, and writes the outcome into a cryptographically chained audit log. Agents identify themselves per request; your grants decide what they can touch; the chain proves what actually happened.

These docs cover the parts you actually use. For the why — personas, positioning, roadmap — the landing still does that better.

START · 5 MIN

Quickstart

Install the wallet, mint a consumer, issue a grant, make your first signed check.

REFERENCE

Client SDK

@token-holder/client-sdk — the headless TypeScript path. Signs every request when a key is present.

REFERENCE

Audit chain

How rows are hashed, how verification works, what export looks like, what "✓ VERIFIED" actually guarantees.

CATALOG

All surfaces ↗

Twelve shippable and roadmap pieces — SDK, CLI, MCP servers, filesystem monitor, kernel agent. Index on the landing.

What's not here yet

This is the v0 docs scaffold. Deeper references are in the pipeline: MCP server configs, framework integration recipes, compliance-export format schemas, the th-wrap libc-interposer details, and the Raven kernel-monitor roadmap. Alpha participants get direct access to the reference integrator (Clawnoly) while those docs catch up.

Private alpha Distribution is via signed tarball today. Email hello@tokenholder.io or use the intake form on the landing to request access.