agent-passport-system
Enforcement and accountability layer for AI agents. Bring your own identity (did:key, did:web, SPIFFE, OAuth, did:aps). Gateway enforcement boundary, monotonic narrowing, cascade revocation, spending controls, data lifecycle, observation governance (telemetry scopes, derivation rights, behavioral memory). Use when agents need scoped delegation, trust scoring, constraint enforcement, or cryptographic audit trails. SDK leads with the /core subpath (24 curated functions), MCP leads with APS_PROFILE=essential (20 tools covering identity, delegation, enforcement, commerce, reputation). 2,536 tests. 8 framework adapters: Stripe, Composio, IBAC/Cedar, LangChain, CrewAI, MCP, A2A, Gonka. Full surface area (124 modules, 150 MCP tools) still available under APS_PROFILE=full and the root import. Pre-release 2.5.0-alpha on npm (alpha tag) adds Wave 1 accountability primitives (action, authority-boundary, custody, contestability, bundle), Instruction Provenance Receipt, and bilateral receipts via in-toto Decision Receipt v0.1 predicate.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/aeoess/agent-passport-systemAgent Passport System
When to use this skill
- Agent needs cryptographic identity (Ed25519 passport)
- Delegate authority between agents with scope, spend limits, depth controls
- Revoke access — one call kills all downstream delegations
- Run agent commerce with 5-gate checkout (passport, delegation, merchant, spend)
- Coordinate multi-agent tasks (assign, evidence, review, deliver)
- Track data contributions with Merkle proofs
- Encrypt agent-to-agent communication (E2E, forward secrecy)
- Score agent trust (Bayesian reputation, passport grades 0-3)
- Enforce values compliance (8 principles, graduated enforcement)
- Found institutions with charters, offices, approval policies
Install
npm install agent-passport-system # SDK — /core subpath is the curated default
npm install agent-passport-system-mcp # MCP server — APS_PROFILE=essential is the default
Minimal SDK import (lead with the curated essentials):
import {
createPassport, createDelegation,
evaluateIntent, commercePreflight, generateKeyPair
} from 'agent-passport-system/core'
Minimal MCP install (essential profile is the default; APS_PROFILE=full for all 142 tools):
npx agent-passport-system-mcp
Remote MCP (zero install): https://mcp.aeoess.com/sse
Core workflow
1. Create identity → returns passport + keypair
npx agent-passport join --name my-agent --owner alice
Output: .passport/agent.json with Ed25519 keypair, signed passport, values attestation. Treat like an SSH key.
2. Delegate authority → returns signed delegation
npx agent-passport delegate --to <publicKey> --scope web_search,commerce --limit 500 --depth 1 --hours 24
Output: signed delegation with scope, spend limit, max depth, expiry. Authority can only narrow at each transfer.
3. Record work → returns signed receipt
npx agent-passport work --scope web_search --type research --result success --summary "Found 3 sources"
Output: Ed25519-signed receipt traceable to a human through the delegation chain.
4. Prove contributions → returns Merkle proof
npx agent-passport prove --beneficiary alice
Output: Merkle root + inclusion proofs. 100K receipts provable with ~17 hashes.
MCP tools (150 total on v3.1.1)
Setup: npx agent-passport-system-mcp setup (auto-configures Claude Desktop + Cursor)
Identity & trust (12 tools): generate_keys, identify, issue_passport, verify_issuer, verify_passport, create_principal, endorse_agent, get_passport_grade, list_issuance_records, get_behavioral_sequence, verify_endorsement, revoke_endorsement
Delegation & revocation (5): create_delegation, verify_delegation, revoke_delegation, sub_delegate, create_v2_delegation
Commerce & wallets (4): commerce_preflight, get_commerce_spend, request_human_approval, create_checkout
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-aeoess-agent-passport-system": {
"enabled": true,
"auto_update": true
}
}
}