v0.1.0 · Open Source · MIT

Agent Identity Lab

A reference implementation demonstrating how autonomous AI agents can be represented as first-class security principals — with unique identities, short-lived credentials, delegated authority, and cryptographically verifiable audit records.


Why Agent Identity?

Most AI agents today authenticate using one of three weak patterns:

PatternProblem
Developer’s personal credentialsNo agent attribution
Broad service accountOver-privileged access
Static API keys in configCredential leakage risk

These approaches cannot answer: which agent acted, for which user, from which runtime, under which policy, with which result.

Core Design

Every state-changing tool call must be attributable to a specific agent identity, acting for a specific user, from a known runtime, under an explicit policy decision.

User Permission ∩ Agent Permission ∩ Blueprint Permission ∩ Tool Permission ∩ Environment Policy

What It Does

🔐 Identity

Register agents as unique principals with blueprint-based provisioning, lifecycle management, and key rotation.

⚡ Sessions

Short-lived JWT tokens bound to runtime attestation — container digest, git commit, framework version.

🛡️ Authorization

Policy-based access control with scope intersection. OPA + Python fallback. Deny by default.

🔑 Token Broker

Downstream credentials injected server-side. Agents never see raw API keys or refresh tokens.

🚪 MCP Gateway

Enforcement boundary between agents and tools. Authenticates sessions, authorizes tool calls, injects credentials.

📋 Audit Chain

Tamper-evident append-only hash chain. Every decision cryptographically verifiable.

Quick Start

uv sync --extra dev
bash scripts/generate_dev_keys.sh
docker compose up -d
PYTHONPATH=. uv run pytest tests/

By The Numbers

72
Tests
5
Services
6
Packages
7
Phases