AIP — Agent Identity Protocol

JWT extension for agent delegation chains. Zero dependencies.

The Problem

JWT authenticates users. Agents need to authenticate themselves AND prove who delegated authority to them.

AIP is JWT + delegation chains. Same signing, same verification, same ecosystem — extended with permanent agent identities and cryptographic delegation tracking.

Install

npm install @rakesh90466/aip-sdk

Quick Start

import { AIP } from '@rakesh90466/aip-sdk';

const aip = new AIP();

// 1. Create an agent identity
const { agentId, privateKey } = await aip.createAgent({
  name: 'demo_agent',
  version: 'v1'
});

// 2. User delegates to agent
import { generateKeypair } from '@rakesh90466/aip-sdk';
const userKeys = generateKeypair();

const token = await aip.createRootToken({
  user: 'user_alice',
  agent: agentId,
  capabilities: { search: true, checkout: true },
  userPrivateKey: userKeys.privateKey,
});

// 3. Agent delegates to sub-agent (scope attenuation)
const sub = await aip.createAgent({ name: 'searcher', version: 'v1' });
const subToken = await aip.delegate({
  parentToken: token,
  subAgent: sub.agentId,
  capabilities: { search: true, checkout: false },
  agentPrivateKey: privateKey,
});

// 4. Verify the entire chain
const payload = await aip.verify(subToken, {
  publicKeys: { 'user_alice': userKeys.publicKey }
});

console.log(payload.sub);                    // "agent:searcher_v1"
console.log(payload.aip.delegated_by.id);    // "agent:demo_agent_v1"
console.log(payload.aip.chain.length);       // 2

Core API

| Method | Description | |--------|-------------| | aip.createAgent({ name, version }) | Create agent identity with Ed25519 keypair | | aip.createRootToken({ user, agent, capabilities, userPrivateKey }) | User delegates to root agent | | aip.delegate({ parentToken, subAgent, capabilities, agentPrivateKey }) | Agent delegates to sub-agent | | aip.verify(token, { publicKeys }) | Verify token + entire delegation chain | | aip.decode(token) | Inspect token without verification |

Delegation Rules (Enforced)

1. Scope Attenuation Only — Sub-agents can only receive a subset of parent capabilities
2. Signature Chain Integrity — Every delegation step is cryptographically signed
3. Maximum Chain Depth — Default 8 hops (configurable)
4. Expiry Inheritance — Child tokens cannot outlive parent tokens

Express Middleware

import { aipMiddleware, requireCapability } from '@rakesh90466/aip-sdk/express';

app.use(aipMiddleware({
  agentRegistry: {
    'agent:orchestrator_v1': orchestratorPublicKey,
    'agent:price_bot_v2': priceBotPublicKey,
  }
}));

app.post('/checkout', requireCapability('checkout'), checkoutHandler);

CLI

npx aip keygen                    # Generate Ed25519 keypair
npx aip agent price_bot v2        # Create agent identity
npx aip decode <token>            # Inspect a token
npx aip verify <token> --key <pk> # Verify with public key

Security

• Algorithm: EdDSA (Ed25519) only — alg: "none" is unconditionally rejected
• Default TTL: 15 minutes (configurable, 1 hour hard cap)
• Replay protection: JTI required by default
• Zero infrastructure: Verify with just a public key. No database, no auth server.

Configuration

const aip = new AIP({
  defaultTTL: 900,        // 15 min
  maxTTL: 3600,           // 1 hour cap
  maxChainDepth: 8,       // Max delegation hops
  requireJTI: true,       // Replay protection
});

Token Schema

AIP tokens are valid JWTs — standard JWT libraries can parse them:

{
  "sub": "agent:price_bot_v2",
  "aip": {
    "version": 1,
    "delegated_by": { "type": "user", "id": "user_123", "signature": "..." },
    "chain": [
      { "agent_id": "agent:orchestrator_v1", "scope": ["search", "checkout"], "signature": "..." },
      { "agent_id": "agent:price_bot_v2", "scope": ["search"], "signature": "..." }
    ],
    "capabilities": { "search": true, "checkout": false }
  }
}

License

MIT