{"skill":{"slug":"agent-passport-system","displayName":"Agent Passport","summary":"Enforcement and accountability layer for AI agents. Bring your own identity (did:key, did:web, SPIFFE, OAuth, did:aps). Gateway enforcement boundary, monoton...","description":"---\nname: agent-passport-system\ndescription: \"Enforcement and accountability layer for AI agents. Bring your own identity (did:key, did:web, SPIFFE, OAuth, did:aps). Gateway enforcement boundary, monotonic narrowing, cascade revocation, spending controls, data lifecycle, observation governance (telemetry scopes, derivation rights, behavioral memory). Use when agents need scoped delegation, trust scoring, constraint enforcement, or cryptographic audit trails. SDK leads with the /core subpath (24 curated functions), MCP leads with APS_PROFILE=essential (20 tools covering identity, delegation, enforcement, commerce, reputation). 3,791 tests. 8 framework adapters: Stripe, Composio, IBAC/Cedar, LangChain, CrewAI, MCP, A2A, Gonka. Full surface area (107 modules, 150 MCP tools) still available under APS_PROFILE=full and the root import. SDK 2.6.0 on npm adds evidentiary type safety primitives (claim/evidence registry, claim verifier, contestation cascade) on top of Wave 1 accountability (action, authority-boundary, custody, contestability, bundle), Instruction Provenance Receipt, and bilateral receipts via in-toto Decision Receipt v0.1 predicate.\"\nmetadata:\n  clawdbot:\n    emoji: \"🔑\"\n    requires:\n      bins: [\"npx\"]\n      env: [\"GITHUB_TOKEN (optional, only for register_agora_public)\"]\n    network:\n      - \"mcp.aeoess.com (remote MCP server, SSE mode)\"\n      - \"api.aeoess.com (Intent Network API)\"\n    install:\n      - id: node\n        kind: node\n        package: agent-passport-system\n        bins: [\"agent-passport\"]\n        label: \"Install Agent Passport System\"\n---\n\n# Agent Passport System\n\n## When to use this skill\n\n- Agent needs cryptographic identity (Ed25519 passport)\n- Delegate authority between agents with scope, spend limits, depth controls\n- Revoke access: one call kills all downstream delegations\n- Run agent commerce with 5-gate checkout (passport, delegation, merchant, spend)\n- Coordinate multi-agent tasks (assign, evidence, review, deliver)\n- Track data contributions with Merkle proofs\n- Encrypt agent-to-agent communication (E2E, forward secrecy)\n- Score agent trust (Bayesian reputation, passport grades 0-3)\n- Enforce values compliance (8 principles, graduated enforcement)\n- Found institutions with charters, offices, approval policies\n\n## Install\n\n```bash\nnpm install agent-passport-system        # SDK: /core subpath is the curated default\nnpm install agent-passport-system-mcp    # MCP server: APS_PROFILE=essential is the default\ngo get github.com/aeoess/agent-passport-go@v0.2.0-alpha.1   # Go SDK, byte-parity subset (passport, delegation, attribution, completion, in-toto, values)\n```\n\nMinimal SDK import (lead with the curated essentials):\n\n```typescript\nimport {\n  createPassport, createDelegation,\n  evaluateIntent, commercePreflight, generateKeyPair\n} from 'agent-passport-system/core'\n```\n\nMinimal MCP install (essential profile is the default; `APS_PROFILE=full` for all 150 tools):\n\n```bash\nnpx agent-passport-system-mcp\n```\n\nRemote MCP (zero install): `https://mcp.aeoess.com/sse`\n\n## Core workflow\n\n### 1. Create identity → returns passport + keypair\n\n```bash\nnpx agent-passport join --name my-agent --owner alice\n```\n\nOutput: `.passport/agent.json` with Ed25519 keypair, signed passport, values attestation. Treat like an SSH key.\n\n### 2. Delegate authority → returns signed delegation\n\n```bash\nnpx agent-passport delegate --to <publicKey> --scope web_search,commerce --limit 500 --depth 1 --hours 24\n```\n\nOutput: signed delegation with scope, spend limit, max depth, expiry. Authority can only narrow at each transfer.\n\n### 3. Record work → returns signed receipt\n\n```bash\nnpx agent-passport work --scope web_search --type research --result success --summary \"Found 3 sources\"\n```\n\nOutput: Ed25519-signed receipt traceable to a human through the delegation chain.\n\n### 4. Prove contributions → returns Merkle proof\n\n```bash\nnpx agent-passport prove --beneficiary alice\n```\n\nOutput: Merkle root + inclusion proofs. 100K receipts provable with ~17 hashes.\n\n## MCP tools (150 total on v3.2.1)\n\nSetup: `npx agent-passport-system-mcp setup` (auto-configures Claude Desktop + Cursor)\n\n**Identity & trust (12 tools):**\ngenerate_keys, identify, issue_passport, verify_issuer, verify_passport, create_principal, endorse_agent, get_passport_grade, list_issuance_records, get_behavioral_sequence, verify_endorsement, revoke_endorsement\n\n**Delegation & revocation (5):**\ncreate_delegation, verify_delegation, revoke_delegation, sub_delegate, create_v2_delegation\n\n**Commerce & wallets (4):**\ncommerce_preflight, get_commerce_spend, request_human_approval, create_checkout\n\n**Coordination (11):**\ncreate_task_brief, assign_agent, accept_assignment, submit_evidence, review_evidence, handoff_evidence, get_evidence, submit_deliverable, complete_task, get_my_role, get_task_detail\n\n**Communication (7):**\nsend_message, check_messages, broadcast, list_agents, post_agora_message, register_agora_agent, register_agora_public\n\n**Governance & policy (12):**\nload_values_floor, attest_to_floor, create_intent, evaluate_intent, create_policy_context, create_agent_context, execute_with_context, create_charter, sign_charter, verify_charter, create_approval_request, add_approval_signature\n\n**Data attribution (10):**\nregister_data_source, create_access_receipt, create_derivation_receipt, create_decision_lineage_receipt, record_training_use, check_data_access, check_purpose_permitted, check_retention_expired, query_contributions, generate_compliance_report\n\n**Intent Network (5):**\npublish_intent_card, remove_intent_card, search_matches, request_intro, respond_to_intro\n\n## Framework adapters (8)\n\nOne-function governance for every major agent framework. Each wraps tool/task execution with APS delegation checks and Ed25519-signed receipts.\n\n```typescript\nimport {\n  governLangChainTool,              // LangChain/LangGraph\n  governCrewTask,                   // CrewAI\n  governMCPToolCall,                // Any MCP server\n  governIBACIntent,                 // IBAC (Cedar/OPA)\n  passportToA2ACard,                // A2A Agent Cards\n} from 'agent-passport-system'\n\n// Also available as standalone packages:\n// npm install @aeoess/stripe-governance\n// npm install @aeoess/composio-governance\n```\n\n| Adapter | Function | What it wraps |\n|---------|----------|--------------|\n| LangChain | `governLangChainTool()` | BaseTool.invoke() |\n| CrewAI | `governCrewTask()` | Crew task execution |\n| MCP | `governMCPToolCall()` | Any MCP tool call |\n| IBAC/Cedar | `governIBACIntent()` | Cedar/OPA policy tuples |\n| A2A | `passportToA2ACard()` | Agent Card ↔ passport bridge |\n| Stripe | `governMPPPayment()` | Stripe agent payments |\n| Composio | `governComposioAction()` | 250+ tool integrations |\n| Gonka | `governGonkaInference()` | Decentralized GPU compute |\n\n## Programmatic API\n\n```typescript\nimport {\n  joinSocialContract,   // → { passport, keyPair, attestation }\n  createDelegation,     // → signed Delegation\n  processToolCall,      // → { permitted, constraintResults, receipt }\n  cascadeRevoke,        // → { revoked: string[], receipts }\n  computePassportGrade, // → 0 | 1 | 2 | 3\n  createIssuanceContext, // → IssuanceContext with evidence + assessment\n} from 'agent-passport-system'\n```\n\n## Passport grades (attestation architecture)\n\n| Grade | Meaning | Trust signal |\n|-------|---------|-------------|\n| 0 | Bare Ed25519 keypair | Unverified |\n| 1 | Issuer countersigned | AEOESS processed |\n| 2 | Runtime-bound + challenge-response | Infrastructure-attested |\n| 3 | Runtime + verified human principal | Full chain of trust |\n\nGrade travels with the passport. Any consumer reads it without understanding scoring internals.\n\n## Key facts\n\n- **Enforcement and accountability layer**: bring your own identity, gateway does the rest\n- **SDK `/core` subpath**: 24 curated functions for 90% of integrations\n- **MCP `essential` profile**: 20 tools by default (identity, delegation, enforcement, commerce, reputation)\n- **Policy eval <2ms**, 403 ops/sec, 14 constraint dimensions\n- **3,791 tests** including 50 adversarial attack scenarios\n- **Zero heavy dependencies**: Node.js crypto + uuid only\n- **Apache-2.0** license\n- *Full surface area: 107 modules, 150 MCP tools, available under `APS_PROFILE=full` and the root `agent-passport-system` import.*\n\n## Links\n\n- npm: https://www.npmjs.com/package/agent-passport-system\n- MCP: https://www.npmjs.com/package/agent-passport-system-mcp\n- PyPI: https://pypi.org/project/agent-passport-system/\n- GitHub: https://github.com/aeoess/agent-passport-system\n- Docs: https://aeoess.com/llms-full.txt\n- Paper: https://doi.org/10.5281/zenodo.18749779\n","tags":{"latest":"5.9.2"},"stats":{"comments":0,"downloads":1664,"installsAllTime":3,"installsCurrent":3,"stars":0,"versions":38},"createdAt":1771960251608,"updatedAt":1781147232877},"latestVersion":{"version":"5.9.2","createdAt":1781147232877,"changelog":"- Increased total test coverage from 3,615 to 3,791 tests.\n- Reduced module count from 127 to 107 in the full surface area, improving maintainability.\n- Documentation updates: clarified install instructions and added Go SDK info.\n- Removed deprecated file: skill-card.md.\n- Updated SDK npm package reference to version 2.6.0 (was 2.6.0-alpha.9).","license":"MIT-0"},"metadata":{"setup":[{"key":"GITHUB_TOKEN (optional, only for register_agora_public)","required":true}],"os":null,"systems":null},"owner":{"handle":"aeoess","userId":"s17910xrphqzkns9tgwnnxb4wd83ybr9","displayName":"æœss","image":"https://avatars.githubusercontent.com/u/171286556?v=4"},"moderation":null}