v0.3.0 · Apache 2.0 · Python + TypeScript

Agents act.
agentpassport proves it.

Cryptographic authorization for AI agents. Prove delegation, enforce scope, and revoke access — across languages and frameworks.

Get Started → Star on GitHub
$ pip install agentpassport
$ npm install @agentpassport/core
auth chain · live
✓ allow
✗ scope denied
⊘ revoked
🖥️
Orchestrator
Python · did:key:z6Mk…
🔑
Delegation
scope: read:db:customers
TS Agent
TypeScript · did:key:z6Ko…
Capability
GET /db/customers
signed · jwt
verify chain
✓ allow · 1.9ms
// outputflow active
// why agentpassport

The authorization primitive
your agents are missing.

Every framework trusts by convention. agentpassport proves by cryptography.

01 / IDENTITY
did:key identity

Every agent gets an Ed25519 keypair. Its public key becomes a W3C DID — no registry, no PII, verifiable by anyone.

02 / DELEGATION
Signed delegation chains

Trust flows through signed JWTs. Each hop narrows scope — an agent can never grant more than it was given.

03 / ENFORCEMENT
Pre-execution scope gates

Capabilities declare required scope. agentpassport checks before the handler runs — fail fast, no partial state.

04 / REVOCATION
Mid-flight revocation

Revoke by JTI without killing in-flight work. Current action finishes safely. Next hop is denied.

05 / CROSS-SDK
Python ↔ TypeScript

Wire-compatible out of the box. Python orchestrator delegates. TypeScript agent verifies. No shared infrastructure.

06 / OWNERSHIP
Domain & wallet binding

Prove real-world agent ownership via /.well-known/agent-passport.json — domain, EVM, Solana, Bitcoin.

// without vs with

Convention vs cryptography.

✗ Without agentpassport
– Authorization by convention, not proof
– Scope enforced ad-hoc, post-execution
– Revocation = kill the process
– Custom glue per language integration
– Audit trail = grep logs at 3am
✓ With agentpassport
✓ Cryptographic proof at every hop
✓ Declared + verified before execution
✓ Soft-stop by JTI, mid-flight safe
✓ Wire-compatible Python ↔ TypeScript
✓ Signed receipts, tamper-evident
// quickstart

Three steps.
Every action provable.

python
typescript
# 1. Every agent gets a cryptographic identity
from agentpassport import Agent, sign_delegation

agent = Agent("my-agent")
print(agent.did)  # did:key:z6Mk...

# 2. Sign a scoped delegation JWT
token = sign_delegation(
    issuer_private_key=root_priv,
    issuer_did=root_did,
    subject_did=agent.did,
    scope=["read:db:customers"],
    ttl_seconds=3600,
)

# 3. Declare required scope — enforced before execution
@agent.capability("query_customers", requires=["read:db:customers"])
async def handle(task):
    return {"customers": [...]}  # only runs if authorized

# Revoke mid-flight — safe, no kill signal
registry.revoke(jti)  # next request denies, current finishes
// Wire-compatible with Python — no shared infrastructure needed
import { Agent, InMemoryRevocationRegistry } from "@agentpassport/core"

const registry = new InMemoryRevocationRegistry()
const agent = new Agent("ts-agent", { privateKey, revocationRegistry: registry })

agent.trustKeys({ [orchestratorDid]: orchestratorPublicKey })

agent.capability("queryCustomers", { requires: ["read:db:customers"] }, async (task) => {
  return { customers: [...] }
})

// ScopeError thrown automatically if scope insufficient
// → JSON-RPC error, not HTTP 500. No partial state.

Start proving
agent authorization.

Pure OSS under Apache 2.0. No gateway required. No vendor lock-in. A library that proves what your agents were authorized to do.

Read the docs → Star on GitHub