Thanks to visit codestin.com
Credit goes to aeoess.com

Agent Passport System · open protocol · 22,323 installs

Governance infrastructure
for the agent economy.

Enforce, verify and audit AI agent actions with
cryptographic identity, scoped delegation and signed receipts.

Get started — free → Read the spec
0.3–1.1ms
no perceptible delay
16–36M/s
never a bottleneck
aps · live flow active
01 · Identity
did:aps:0xA1F…3c2e
1issued
02 · Delegation
scope: read:invoices
2scoped
03 · Enforcement
policy:allow · 1.9ms
3evaluated
04 · Receiptsigned · sha-256
agentdid:aps:0xA1F…3c2e
actionPOST /invoices/8821
ts2026-05-15T17:21:47.302Z
siged25519:7f2c…
Active in standards work at
IETF · Internet-DraftNIST · CAISI inputNIST · NCCoEW3C · CG threadsOWASP · AIVSSA2A protocolERC-8004 IETF · Internet-DraftNIST · CAISI inputNIST · NCCoEW3C · CG threadsOWASP · AIVSSA2A protocolERC-8004
01 / Protocol

Four primitives. One trust fabric.

Every AEOESS interaction composes the same four cryptographic moves. They run wherever your agent runs: edge, cloud, on-device.

01 · ISSUE

Identity

A passport is a DID anchored to a key the agent or its operator holds. No central registry. No PII required.

keys: ed25519 · cross-chain wallet binding
02 · DELEGATE

Delegation

The operator hands the agent a scoped capability: what, when, where, how much. Signed. Composable. Revocable.

caveats: scope · ttl · budget · attest
03 · ENFORCE

Enforcement

The gateway evaluates the passport, the delegation, and the call. ~2ms p50 against the full enforcement stack. Deterministic. Audit-deniable on every refuse.

gates: signature · scope · spend · freshness · revocation
04 · RECEIPT

Receipt

Every action emits a signed receipt: what, who, when, what was decided. Tamper-evident. Independently verifiable.

format: RFC 8785 JCS · ed25519 · sha-256
02 / Solutions

Built for the jobs agents already do.

Drop-in patterns for the four domains where unaccountable agents become a liability, and accountable ones become an advantage.

01 · Payments

Agents that can spend money
without spending yours.

Per-call budgets, merchant allow-lists, four-gate spending policy. Signed payment receipts at the protocol layer that compose with ACP, A2A, and ERC-8004 commerce primitives.

Four-gate spendingComposable receiptsACP · A2A · ERC-8004
02 · Content

Provenance,
not just disclaimers.

Governance blocks, signed access receipts, instruction-provenance envelopes. Revocation propagates through derivatives.

Governance blocksIPR envelopes
03 · Compliance

Receipts an auditor can verify without trusting us.

Eight governance primitives mapping to EU AI Act, NIST AI RMF, ISO 42001, and SR 11-7. Export a signed log, verify it byte-for-byte against the public spec.

EU AI ActNIST AI RMFISO 42001
04 · Enterprise

The agent control plane for the org.

Bring your own identity format. did:key, did:web, SPIFFE, OAuth. Map agents to humans, teams, vendors. Revoke a key, the agent stops.

did:key · did:webSPIFFE · OAuth
→ AEOESS GATEWAY

One endpoint. Every agent action governed.

Point your model traffic at gateway.aeoess.com. Identity, delegation, enforcement, and receipts on every call. Self-host free under Apache 2.0, or use the managed tier starting at $299/month for 500K evaluations.

See pricing →
03 / Why now

Agents shipped faster than the guardrails.

Every CIO already has agents in production. Most have no way to revoke one, no way to know what it spent, and no way to prove what it touched. AEOESS closes that gap.

Today · without APS

Logs. Hope. Lawyers.
  • Agent identity = an API key copied to a wiki page.
  • Scope = a system prompt that says "please don't."
  • Audit = grep across six log buckets at 3 a.m.
  • Revocation = a Jira ticket, a deploy, and a prayer.
  • Receipts = the chargeback shows up Tuesday.

With APS

Identity. Scope. Proof.
  • Every agent has a key. Every key has a name. Every name has an owner.
  • Capabilities are cryptographic, not conversational. Out-of-scope = won't sign.
  • One signed log per tenant. Verifiable against the public spec in any language.
  • Revoke a key, the next call denies. Cascade revocation propagates through the delegation chain.
  • Receipts your auditor, your bank, and your regulator can verify.
04 / Benchmarks

Numbers you can put in a board deck.

Numbers below are measured against the SDK's own benchmark suite or pulled from the public source tree. Every metric is reproducible.

~ 2ms
p50 policy evaluation
full enforcement stack
403/s
sustained throughput
100-op burst
2,884
SDK tests passing
Apache 2.0 · github.com/aeoess
110
protocol modules
core + v2 · public
05 / Integration

Three calls.
Every action accountable.

Issue a passport. Delegate scoped authority. Gate every action. Receipts emit at the protocol layer, ed25519-signed, byte-parity-verified across TypeScript and Python.

typescriptpythoncurl
npm i agent-passport-system See full docs →
aeoess · quickstart
// 1. Generate keys and issue a passport import { generateKeyPair, createPassport, createDelegation, commercePreflight } from "agent-passport-system/core" const keys = generateKeyPair() const passport = createPassport({ agent_id: "invoice-bot-v2", public_key: keys.publicKey, capabilities: ["read:invoices", "write:stripe"] }) // 2. Delegate scoped authority with a spend cap const delegation = createDelegation({ from_agent: "team:finance", to_agent: "invoice-bot-v2", scope: ["write:stripe"], spend_limit: 5000_00, private_key: keys.privateKey }) // 3. Gate every action through the 5-gate preflight const result = await commercePreflight({ delegation, action }) ALLOW · signed receipt · sig ed25519:7f2c…
06 / Reception

Read in the right rooms.

AEOESS is a public protocol. Eight research papers, an IETF Internet-Draft, two NIST federal-record submissions, and cross-implementation byte-parity with peer registries.

[01]
draft-pidlisnyi-aps-01: IETF Internet-Draft for the Agent Passport System. Individual submission, idnits clean.
datatracker.ietf.org
[02]
NIST CAISI: AI 800-2 input acknowledged in writing by the program lead.
nist.gov
[03]
NIST NCCoE: public comments filed on the Software and AI Agent Identity and Authorization concept paper.
nccoe.nist.gov
[04]
Cross-engine receipt interop: independently verified by VeritasActa, protect-mcp, and Nobulex byte-match scripts.
github.com/aeoess
[05]
Eight APS research papers, all Zenodo-indexed with DOIs, ORCID 0009-0002-4700-3594.
aeoess.com/research

Agents are already in production.
Govern them like it.

Open source under Apache 2.0. Self-host the gateway free, or use the managed tier at $299/month for 500K policy evaluations.

See pricing → Talk to engineering