Agent Identity Lab
A reference implementation demonstrating how autonomous AI agents can be represented as first-class security principals — with unique identities, short-lived credentials, delegated authority, and cryptographically verifiable audit records.
Why Agent Identity?
Most AI agents today authenticate using one of three weak patterns:
| Pattern | Problem |
|---|---|
| Developer’s personal credentials | No agent attribution |
| Broad service account | Over-privileged access |
| Static API keys in config | Credential leakage risk |
These approaches cannot answer: which agent acted, for which user, from which runtime, under which policy, with which result.
Core Design
Every state-changing tool call must be attributable to a specific agent identity, acting for a specific user, from a known runtime, under an explicit policy decision.
User Permission ∩ Agent Permission ∩ Blueprint Permission ∩ Tool Permission ∩ Environment Policy What It Does
Register agents as unique principals with blueprint-based provisioning, lifecycle management, and key rotation.
Short-lived JWT tokens bound to runtime attestation — container digest, git commit, framework version.
Policy-based access control with scope intersection. OPA + Python fallback. Deny by default.
Downstream credentials injected server-side. Agents never see raw API keys or refresh tokens.
Enforcement boundary between agents and tools. Authenticates sessions, authorizes tool calls, injects credentials.
Tamper-evident append-only hash chain. Every decision cryptographically verifiable.
Quick Start
uv sync --extra dev
bash scripts/generate_dev_keys.sh
docker compose up -d
PYTHONPATH=. uv run pytest tests/