agentidentityprotocol

Agent Identity Protocol (AIP) is a Go-based MCP server that provides a policy-enforced proxy layer for AI agents interacting with real tools and services. It focuses on authenticating agents, issuing and validating attestation tokens, and enforcing dynamic access policies at tool-call time. Use this server to gate tool access (e.g., Docker containers, databases, GitHub actions) behind a cryptographically signed identity so that you can audit, revoke, and Granularly authorize agent actions. The included design emphasizes Layer 1 identity (who the agent is) and Layer 2 enforcement (what it’s allowed to do) via a token (AAT) and a policy engine. Configure your environment so agents present AATs, then allow or deny tool calls accordingly through the AIP Proxy to real tools such as Docker, Postgres, or GitHub APIs. In operation, your MCP clients (Cursor, Claude, autonomous agents) will connect through the proxy, present their AATs, and receive an allow/deny decision with an audit trail for every action.

Prerequisites:

• Docker installed on the host (recommended for quick start)
• Git
• Optional: Go toolchain if you plan to build from source

Installation steps (Docker-based):

1. Pull the image (if published): docker pull openagentidentityprotocol-agentidentityprotocol
2. Run the container in detached mode (example): docker run -d --name aip-proxy -p 8080:8080 openagentidentityprotocol-agentidentityprotocol
3. Configure environment variables as needed (e.g., AIP registry URL, revocation list, policy definitions). Example placeholders: docker run -d --name aip-proxy -p 8080:8080 -e AIP_REGISTRY_URL=https://example.com/aip-registry
   -e AIP_POLICY_PATH=/config/policy.yaml openagentidentityprotocol-agentidentityprotocol

Building from source (Go) (optional):

1. Clone the repository: git clone https://github.com/openagentidentityprotocol/agent-identity-protocol.git
2. Navigate to the project directory: cd agent-identity-protocol
3. Build the binary: go build ./...
4. Run the binary (adjust paths as needed): ./agent-identity-protocol

Prerequisites for building from source:

• Go 1.20+ (or compatible)
• Dependencies listed in go.mod
• Git

Note: Adjust commands and image names to match your actual registry and tagging strategy.

Tips and notes:

• Ensure your AIP Registry and Revocation List are reachable by the proxy at runtime to enforce correct policy and revocation checks.
• When testing, start with a permissive policy and gradually tighten controls to avoid accidental blockages.
• Common environment variables to consider: AIP_REGISTRY_URL (where tokens and revocation data are published), AIP_POLICY_PATH (path to YAML/JSON policy definitions), AIP_LOG_LEVEL (debug, info, warn, error).
• If you encounter authentication failures, verify that the agent’s AAT includes the correct issuer, audience, and expiry, and that the proxy trusts the issuer public key.
• For production, prefer the Docker deployment approach for easier scaling and isolation; ensure persistent storage for logs and policy configurations.