The Rise of Agent-to-Agent Contracts: From Handshake to Hash

Three eras of signing

We're at the beginning of the third era. AI agents are already sending documents for signing via APIs and MCP servers. The jump from "agent sends a document to a human" to "agent sends a document to another agent" is shorter than most people think.

What agent-to-agent signing looks like

Consider this scenario: a sales agent at Company A reaches an agreement with a procurement agent at Company B. Instead of emailing PDFs back and forth:

1. Agent A generates the contract terms as structured data (markdown or JSON)
2. Agent A calls the signing API with both parties' details
3. The signing service generates the PDF, applies the sender's signature, and notifies Agent B
4. Agent B reviews the terms programmatically (or escalates to a human for approval)
5. Agent B countersigns via API
6. Both agents receive the signed PDF with a SHA-256 certificate

The entire flow completes in seconds. No email. No inbox delay. No "following up on that contract."

The infrastructure gap

Most e-signature platforms were built for humans. They have drag-and-drop builders, template libraries, and email-based workflows. None of that works for agents.

Agent-to-agent signing requires:

• API-first design — no GUI dependencies in the signing flow
• Machine-readable contracts — markdown or structured data, not Word docs
• Verifiable identity — API keys, delegation tokens, or certificate-based auth
• Tamper-proof audit trails — SHA-256 hashing, RFC 3161 timestamps
• Programmatic signature capture — no "click here to sign" UX requirement
• Protocol support — MCP, REST, llms.txt for discoverability

Who's building this

A few companies are positioning for this future:

The legal question: can an agent sign a contract?

Current e-signature law doesn't recognise AI agents as legal entities. An agent can't "sign" in the legal sense. But agents can act as authorised representatives.

The legal framework for this already exists: power of attorney, corporate authority, and agency law all allow one entity to bind another. The question isn't whether agents can sign — it's whether the delegation chain is verifiable.

This is why audit trails matter more than ever. When a human signs a document, intent is implicit. When an agent signs, you need to prove that the agent was authorised to act, by whom, with what scope, and that the document hasn't been tampered with.

What needs to happen next

1. Delegation standards — A formalised way to say "this agent acts on behalf of this human/org" with cryptographic proof
2. Agent identity registries — discoverable, verifiable identity for agents (not just API keys)
3. Signing protocols — machine-to-machine signing ceremonies that don't require human UX
4. Legal frameworks — updated e-signature laws that recognise agent authority (the EU AI Act is the first regulatory body to address this)
5. Interoperability — agents built with different frameworks need to use the same signing protocols. MCP is the current frontrunner

The bottom line

Agent-to-agent signing isn't science fiction — it's an extrapolation of what's already working. Hermes agents are already sending documents through Signbee's API. The step from "agent → human" to "agent → agent" is infrastructure, not invention.

The companies that build the signing primitives for agents — simple, API-first, cryptographically verifiable — will own this layer. The question is whether it's the incumbents who adapt, or the agent-native startups who get there first.

FAQs