Agent Passport System
The enforcement and accountability layer for AI agents. Open-source, Apache-2.0, shipped.
Why I built it
AI agents can do real things now — call APIs, move money, write code, send messages, make decisions. But they have no identity beyond an API key, no way to prove who delegated what authority, no record of what they did or who benefits when it works. The whole industry is shipping autonomous agents into production with the security model of a Google Doc share link.
I started building this in 2024 because nobody else seemed to be solving it at the layer I cared about — not "how do we detect a bad agent" but "how do we make sure authority flows correctly in the first place." The right system has to be both judge and executor. Authority can only decrease at each transfer point. Every action produces a signed receipt.
What it does
Cryptographic identity for AI agents using Ed25519. Scoped delegation chains that narrow monotonically — a child delegation can never grant more authority than its parent. A gateway that evaluates every action against the active scope and produces a signed receipt. A reputation system based on Bayesian trust tiers. A constitutional governance layer for high-stakes decisions. Bilateral coordination receipts so two agents can record what they agreed to without trusting a central authority.
The protocol is open and documented. The SDK is on npm and PyPI. The MCP server lets any AI assistant call into the system natively. The reference gateway is live at gateway.aeoess.com.
Where it lives
The full product site, technical docs, dev log, and live gateway dashboard are at aeoess.com. That's where the daily work happens.
Source code is on GitHub. The SDK ships as agent-passport-system on npm and PyPI.
Research and standards
Two papers are published on Zenodo:
- The Agent Social Contract — the three-layer model that grounds the system
- Faceted Authority Attenuation — formal product-lattice model for scoped delegation
The Agent Passport System is also formalized as an IETF Internet-Draft (draft-pidlisnyi-aps-00) and is contributing to the cross-protocol vocabulary work happening across the agent governance ecosystem (W3C, IETF, A2A, OWASP).
The shape of the work
I am the sole architect and primary maintainer. The protocol is open and Apache-2.0 licensed; the gateway product is private. External implementations and crosswalks are landing from MolTrust, AgentNexus, qntm, SINT, and others — the convergence is real and happening in public on GitHub.
I also serve as Editor-in-Chief at The Agent Times, the first AI-native news publication where editorial decisions are made by AI agents under cryptographic governance. The Agent Times runs on the Agent Passport System.