agentpassport
Cryptographically verifiable, scope-narrowing delegation chains for AI agents, enabling human-anchored authorization across multiple hops.
README
<a name="top"></a> <div align="center">
<img src="https://capsule-render.vercel.app/api?type=waving&color=0:111111,100:6b46c1&height=180§ion=header&text=agentpassport&fontSize=50&fontColor=ffffff&fontAlignY=42" width="100%"/>
agentpassport
Cryptographically prove which human authorized which AI agent to do what — even 4 hops deep.
#ai-agents #identity #authorization #agentic-ai #mcp #security #oauth
</div>
The unsolved 2026 problem: ~80% of orgs running autonomous agents can't trace an agent's actions back
to a human, and 45% still authenticate agents with shared API keys. OAuth/MCP handle one hop — but the
delegation chain loses its anchor at hop 3-4. agentpassport fixes exactly that: signed, scope-narrowing
delegation chains you can verify back to a human principal.
pip install cognis-agentpassport
agentpassport issue researcher --principal chris --scopes read,search,write --key K > p.json
agentpassport delegate p.json summarizer --scopes read,search --key K2 > p2.json # subset only
agentpassport verify p2.json --keys '{"human:chris":"K","agent:researcher":"K2"}' --require write
# → valid:false, violation: required scope 'write' not held at final hop ✅ escalation blocked
Architecture
flowchart LR
H[👤 Human principal] -->|issue scopes| A1[Agent: researcher]
A1 -->|delegate ⊆ scopes| A2[Agent: summarizer]
A2 -->|delegate ⊆ scopes| A3[Agent: tool-runner]
A3 --> V{verify chain}
V -->|walks back to| H
V --> R[valid? · principal · violations]
Why it's different
Every hop is HMAC-signed and can only narrow scopes — escalation is detected. Verification walks the whole chain back to the human anchor, so you get the one thing OAuth/MCP can't give you today: accountable, multi-hop agent authorization.
Use it from any AI stack
MCP server (agentpassport mcp), JSON in/out for any agent runtime, drop-in for
uncensored-fleet / LangChain / CrewAI delegation.
Prior art / standards
Aligned with IETF draft-klrc-aiagent-auth (AIMS), NIST agent-identity concept paper, MCP, and Mastercard Agent Pay tokenization. Production: anchor the HMAC demo in real PKI / SPIFFE.
Related
🤖 uncensored-fleet · 🛡️ guardpost · 🧰 toolguard · 🗂️ the suite
⭐ Star it — agent identity is the problem nobody's solved yet.
License
COCL v1.0 — see LICENSE.
Recommended Servers
playwright-mcp
A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.
Magic Component Platform (MCP)
An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.
Audiense Insights MCP Server
Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.
VeyraX MCP
Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.
graphlit-mcp-server
The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.
Kagi MCP Server
An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.
E2B
Using MCP to run code via e2b.
Neon Database
MCP server for interacting with Neon Management API and databases
Exa Search
A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.
Qdrant Server
This repository is an example of how to create a MCP server for Qdrant, a vector search engine.