Dimension scores are derived from public data and fields; weighted into the composite. Reference only.
Token Holder is positioned as a data-sovereignty layer for AI Agents. It is not a large language model product, but rather an access-control and audit layer that sits between Agents and local data resources. It runs as a desktop wallet + HTTP API, responsible for determining “who is making the request, whether it is allowed, and whether it actually happened.” It covers resources that AI may touch, such as files, API Keys, vaults, and databases.
At its core is a three-layer identity model: Consumer, Agent, and Request. An application-level bearer token controls the outer scope; an Agent is identified by an Ed25519 key and can be revoked independently; each individual request is then signed in canonical form with a limited replay window. Compared with standard RBAC, its key differentiator is auditing: every access is written into a SHA-256 hash chain, where the previous row’s hash is included in the next row’s calculation. If tampering occurs, it can be located via /usage/verify. The documentation also mentions interfaces and components such as SDK, MCP server, mcp-filesystem, th-wrap, /my/usage/*, and /usage/export.
Pricing, free quotas, and commercial plans have not yet been disclosed. The product is currently in Private alpha and is distributed as a signed tarball; access requires applying by email at [email protected] or via a form. The documentation also clearly states that it is a v0 scaffold, with MCP configuration, framework integrations, compliance export schemas, th-wrap details, and other items still in the pipeline.
Its main strength is its highly specific positioning: it addresses authorization, attribution, revocation, and tamper-resistant auditing when AI Agents access local data, making it suitable for compliance discussions and security accountability. Its local-first design also fits users who are sensitive about data leaving their machines. The downside is that it is still very early: real-world installation experience, performance, compatibility, enterprise SLA, certifications, and pricing are all missing. For ordinary users, concepts such as signatures, grants, MCP, and audit chains also create a learning curve.
It is best suited to three groups: developers integrating AI capabilities such as Claude, GPT, or Llama into their products; power users of local Agents such as Claude Code, Codex, and Ollama; and security or compliance teams that need to answer the question, “What exactly did the AI access?” The source material does not specify Mainland China network accessibility, payment support, or Chinese-language support, so china_access can only be marked as unknown. If deployed in China, it may also need to be evaluated alongside alternatives such as local file-permission management, enterprise DLP, bastion-host auditing, or a self-hosted Agent gateway.
⚠ This review is compiled from public sources and does not constitute a purchase recommendation. Verify all facts on the vendor's official site. Verify on tokenholder.io official site.
tokenholder.io is an United States AI Apps provider. TG4G tracks its product information, an overall rating of 8.0/10, and a China-accessibility score of Workable. Click "Visit Official Site" to reach tokenholder.io directly.