{"id":"openagentidentityprotocol-agentidentityprotocol","name":"agentidentityprotocol","homepage":"https://github.com/openagentidentityprotocol/openagentidentityprotocol#readme","repo_url":"https://github.com/openagentidentityprotocol/agentidentityprotocol","category":"security","subcategories":[],"tags":["ai-ml","security","mcp","policy-enforcement","dlp","audit-logging","human-in-the-loop","zero-trust"],"what_it_does":"Agent Identity Protocol (AIP) is an open-source, zero-trust security layer intended to secure MCP/tool-calls for autonomous agents by issuing/verifying cryptographic agent identity tokens (AATs), enforcing per-tool/per-argument authorization via a policy engine (optionally with human-in-the-loop approval), performing DLP scanning on requests/responses, and writing JSONL audit logs tied to verified identity.","use_cases":["Securing MCP tool servers used by LLM desktop clients (Cursor/Claude/VSC) with policy-based allow/deny and argument validation","Enforcing human-in-the-loop approvals for sensitive agent actions (e.g., write or exec operations)","Adding DLP scanning and audit logging to agent tool-calls for compliance and forensic readiness","Providing an identity/authn layer for agents so audit trails distinguish agent actions from human actions"],"not_for":["A turnkey hosted SaaS IAM system (the README indicates local proxy and self-hosting-style usage)","General-purpose authorization for arbitrary non-tool traffic (its focus is tool-call mediation in the MCP/proxy path)","Situations requiring a fully specified, production-ready protocol/SDK and operational guarantees without verification from the spec/implementation"],"best_when":"You can place an AIP proxy/sidecar in front of an MCP tool server and you need fine-grained, runtime authorization plus DLP and audit logging for agent tool-calls.","avoid_when":"You cannot reliably route all sensitive agent actions through the AIP proxy (bypass paths would reduce value), or you need mature, clearly documented rate limiting, operational SLAs, and production hardening details that are not evident from the provided README excerpt.","alternatives":["mTLS/API gateway with an authz layer (OPA/rego or similar) in front of tool backends","General MCP proxy/wrappers with allowlists (without cryptographic agent identity)","Workflow tools that add approval gates (for specific actions) plus separate auditing/DLP solutions"],"af_score":46.8,"security_score":62.5,"reliability_score":21.2,"package_type":"mcp_server","discovery_source":["github"],"priority":"high","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-03-30T15:33:11.501036+00:00","interface":{"has_rest_api":false,"has_graphql":false,"has_grpc":false,"has_mcp_server":true,"mcp_server_url":null,"has_sdk":false,"sdk_languages":[],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":["Agent Authentication Token (AAT) verification via AIP registry public key","Policy-based enforcement at tool-call layer (claims + signature + revocation list)"],"oauth":false,"scopes":false,"notes":"The README describes an AAT issued by a token issuer and verified by an AIP registry, with claims checked against policy and revocation checked at runtime. It does not describe OAuth flows or explicit scope naming in the excerpt."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"Appears to be an open-source/self-hosted project; no pricing information in the provided content."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":["SOC 2 (targeted)","GDPR (targeted)","HIPAA (targeted)","SOX (targeted)"],"min_contract":null},"agent_readiness":{"af_score":46.8,"security_score":62.5,"reliability_score":21.2,"mcp_server_quality":45.0,"documentation_accuracy":55.0,"error_message_quality":null,"error_message_notes":"README includes a sample JSON-RPC error response; however, no comprehensive error code list, retryability semantics, or troubleshooting guidance is present in the provided excerpt.","auth_complexity":55.0,"rate_limit_clarity":10.0,"tls_enforcement":60.0,"auth_strength":70.0,"scope_granularity":85.0,"dependency_hygiene":40.0,"secret_handling":50.0,"security_notes":"Conceptually strong: cryptographic verification of an Agent Authentication Token (AAT), runtime policy evaluation per tool/call arguments, revocation list checks, and DLP scanning plus audit logs. However, from the provided README excerpt we cannot confirm operational controls such as strict TLS requirements for all channels, how secrets are managed in code, dependency vulnerability posture, or the exact threat-model coverage for bypass scenarios.","uptime_documented":0.0,"version_stability":35.0,"breaking_changes_history":30.0,"error_recovery":20.0,"idempotency_support":"false","idempotency_notes":"No explicit idempotency behavior described for tool-call retries.","pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["If agent actions can bypass the proxy/tool-call mediation path, AIP enforcement may not apply","Policy and DLP configuration quality directly affects safety; overly permissive allowlists reduce protection","Human-in-the-loop flows can block or delay automated execution if not handled by the agent/client UX"]}}