Agent Passport

v5.6.1

Enforcement and accountability layer for AI agents. Bring your own identity (did:key, did:web, SPIFFE, OAuth, did:aps). Gateway enforcement boundary, monoton...

0· 1k· 34 versions· 3 current· 3 all-time· Updated 11h ago· MIT-0

byæœss@aeoess

Security Scans

VirusTotalSuspicious ClawScanBenign Static analysisBenign

Install

openclaw skills install agent-passport-system

Agent Passport System

When to use this skill

Agent needs cryptographic identity (Ed25519 passport)
Delegate authority between agents with scope, spend limits, depth controls
Revoke access — one call kills all downstream delegations
Run agent commerce with 5-gate checkout (passport, delegation, merchant, spend)
Coordinate multi-agent tasks (assign, evidence, review, deliver)
Track data contributions with Merkle proofs
Encrypt agent-to-agent communication (E2E, forward secrecy)
Score agent trust (Bayesian reputation, passport grades 0-3)
Enforce values compliance (8 principles, graduated enforcement)
Found institutions with charters, offices, approval policies

Install

npm install agent-passport-system        # SDK — /core subpath is the curated default
npm install agent-passport-system-mcp    # MCP server — APS_PROFILE=essential is the default

Minimal SDK import (lead with the curated essentials):

import {
  createPassport, createDelegation,
  evaluateIntent, commercePreflight, generateKeyPair
} from 'agent-passport-system/core'

Minimal MCP install (essential profile is the default; APS_PROFILE=full for all 142 tools):

npx agent-passport-system-mcp

Remote MCP (zero install): https://mcp.aeoess.com/sse

Core workflow

1. Create identity → returns passport + keypair

npx agent-passport join --name my-agent --owner alice

Output: .passport/agent.json with Ed25519 keypair, signed passport, values attestation. Treat like an SSH key.

2. Delegate authority → returns signed delegation

npx agent-passport delegate --to <publicKey> --scope web_search,commerce --limit 500 --depth 1 --hours 24

Output: signed delegation with scope, spend limit, max depth, expiry. Authority can only narrow at each transfer.

3. Record work → returns signed receipt

npx agent-passport work --scope web_search --type research --result success --summary "Found 3 sources"

Output: Ed25519-signed receipt traceable to a human through the delegation chain.

4. Prove contributions → returns Merkle proof

npx agent-passport prove --beneficiary alice

Output: Merkle root + inclusion proofs. 100K receipts provable with ~17 hashes.

MCP tools (142 total on v3.0.0 @next, v2.27.0 @latest has 154)

Setup: npx agent-passport-system-mcp setup (auto-configures Claude Desktop + Cursor)

Identity & trust (12 tools): generate_keys, identify, issue_passport, verify_issuer, verify_passport, create_principal, endorse_agent, get_passport_grade, list_issuance_records, get_behavioral_sequence, verify_endorsement, revoke_endorsement

Delegation & revocation (5): create_delegation, verify_delegation, revoke_delegation, sub_delegate, create_v2_delegation

Commerce & wallets (4): commerce_preflight, get_commerce_spend, request_human_approval, create_checkout

Coordination (11): create_task_brief, assign_agent, accept_assignment, submit_evidence, review_evidence, handoff_evidence, get_evidence, submit_deliverable, complete_task, get_my_role, get_task_detail

Communication (7): send_message, check_messages, broadcast, list_agents, post_agora_message, register_agora_agent, register_agora_public

Governance & policy (12): load_values_floor, attest_to_floor, create_intent, evaluate_intent, create_policy_context, create_agent_context, execute_with_context, create_charter, sign_charter, verify_charter, create_approval_request, add_approval_signature

Data attribution (10): register_data_source, create_access_receipt, create_derivation_receipt, create_decision_lineage_receipt, record_training_use, check_data_access, check_purpose_permitted, check_retention_expired, query_contributions, generate_compliance_report

Intent Network (5): publish_intent_card, remove_intent_card, search_matches, request_intro, respond_to_intro

Framework adapters (8)

One-function governance for every major agent framework. Each wraps tool/task execution with APS delegation checks and Ed25519-signed receipts.

import {
  governLangChainTool,              // LangChain/LangGraph
  governCrewTask,                   // CrewAI
  governMCPToolCall,                // Any MCP server
  governIBACIntent,                 // IBAC (Cedar/OPA)
  passportToA2ACard,                // A2A Agent Cards
} from 'agent-passport-system'

// Also available as standalone packages:
// npm install @aeoess/stripe-governance
// npm install @aeoess/composio-governance

Adapter	Function	What it wraps
LangChain	`governLangChainTool()`	BaseTool.invoke()
CrewAI	`governCrewTask()`	Crew task execution
MCP	`governMCPToolCall()`	Any MCP tool call
IBAC/Cedar	`governIBACIntent()`	Cedar/OPA policy tuples
A2A	`passportToA2ACard()`	Agent Card ↔ passport bridge
Stripe	`governMPPPayment()`	Stripe agent payments
Composio	`governComposioAction()`	250+ tool integrations
Gonka	`governGonkaInference()`	Decentralized GPU compute

Programmatic API

import {
  joinSocialContract,   // → { passport, keyPair, attestation }
  createDelegation,     // → signed Delegation
  processToolCall,      // → { permitted, constraintResults, receipt }
  cascadeRevoke,        // → { revoked: string[], receipts }
  computePassportGrade, // → 0 | 1 | 2 | 3
  createIssuanceContext, // → IssuanceContext with evidence + assessment
} from 'agent-passport-system'

Passport grades (attestation architecture)

Grade	Meaning	Trust signal
0	Bare Ed25519 keypair	Unverified
1	Issuer countersigned	AEOESS processed
2	Runtime-bound + challenge-response	Infrastructure-attested
3	Runtime + verified human principal	Full chain of trust

Grade travels with the passport. Any consumer reads it without understanding scoring internals.

Key facts

Enforcement and accountability layer — bring your own identity, gateway does the rest
SDK /core subpath: 24 curated functions for 90% of integrations
MCP essential profile: 20 tools by default (identity, delegation, enforcement, commerce, reputation)
Policy eval <2ms, 403 ops/sec, 15 constraint dimensions
2,366 tests including 50 adversarial attack scenarios
Zero heavy dependencies — Node.js crypto + uuid only
Apache-2.0 license
Full surface area: 124 modules, 142 MCP tools — available under APS_PROFILE=full and the root agent-passport-system import.

Agent Passport

Security Scans

Install

Agent Passport System

When to use this skill

Install

Core workflow

1. Create identity → returns passport + keypair

2. Delegate authority → returns signed delegation

3. Record work → returns signed receipt

4. Prove contributions → returns Merkle proof

MCP tools (142 total on v3.0.0 @next, v2.27.0 @latest has 154)

Framework adapters (8)

Programmatic API

Passport grades (attestation architecture)

Key facts

Links

Version tags

Runtime requirements

Install