agentauth

module
v0.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 27, 2026 License: MIT

README

AgentAuth

Go CI Go Lint Go SAST Go Report Card Docs Docs Visualization License

Layered identity composition for AI agents, combining AAuth, ID-JAG, and SPIFFE.

Overview

AgentAuth provides a composition layer for AI agent authentication that properly combines three complementary identity protocols:

Protocol Identity Layer Purpose
AAuth Agent "Which autonomous agent is this? What mission is it executing?"
ID-JAG Human "Which user is this agent acting for?"
SPIFFE Workload "Which workload/service is hosting this?"

These protocols operate at different layers and should be composed, not chosen between.

Architecture

┌─────────────────────────────────────────────────────────────────┐
│                        Human Identity                           │
│  OIDC / SAML / Enterprise IdP                                   │
│  ID-JAG (delegated user identity for cross-app access)          │
└──────────────────────────┬──────────────────────────────────────┘
                           │
                           ▼
┌─────────────────────────────────────────────────────────────────┐
│                        Agent Identity                           │
│  AAuth Protocol                                                 │
│  agent_id, mission_id, delegation, subagents                    │
│  HTTP Message Signatures, Proof-of-Possession                   │
└──────────────────────────┬──────────────────────────────────────┘
                           │
                           ▼
┌─────────────────────────────────────────────────────────────────┐
│                      Workload Identity                          │
│  SPIFFE/SPIRE, mTLS                                             │
│  spiffe://domain/path                                           │
└──────────────────────────┬──────────────────────────────────────┘
                           │
                           ▼
                    Protected Resources

Installation

go get github.com/plexusone/agentauth

Usage

Composed Identity

The core abstraction is ComposedIdentity, which links all three identity layers:

import "github.com/plexusone/agentauth/identity"

// Create a composer with verifiers
composer := identity.NewComposer(
    identity.WithAAuthVerifier(aauthVerifier),
    identity.WithIDJAGVerifier(idjagVerifier),
    identity.WithWorkloadVerifier(spiffeVerifier),
)

// Compose identities from credentials
composed, err := composer.Compose(ctx, identity.ComposeOptions{
    AAuthToken:     aauthToken,
    IDJAGAssertion: idjagAssertion,
    IncludeWorkload: true,
})

// Use composed identity for authorization decisions
fmt.Println(composed.AuditString())
// Output: agent:research-agent for-human:alice@example.com on-workload:spiffe://prod/research binding:bind-xyz
Context Integration
// Store identity in context
ctx = identity.WithContext(ctx, composed)

// Later, retrieve it
if id, ok := identity.FromContext(ctx); ok {
    log.Info("processing request",
        "agent", id.Agent.AgentID,
        "user", id.Human.Subject,
        "workload", id.Workload.SPIFFEID,
    )
}
Storage
import "github.com/plexusone/agentauth/store"

// Create SQLite store
db, err := store.NewSQLite("auth.db")

// Create mission (AAuth)
mission := &store.Mission{
    AgentID:         "research-agent",
    UserID:          "user-123",
    Name:            "Research Task",
    Scopes:          "read:docs write:notes",
    InteractionType: "supervised",
}
err = db.CreateMission(ctx, mission)

Package Structure

plexusone/agentauth/
├── identity/          # Layered identity composition
│   ├── types.go       # ComposedIdentity, HumanIdentity, AgentIdentity, WorkloadIdentity
│   └── composer.go    # Identity composer
├── store/             # Storage abstractions
│   ├── interface.go   # Storer interface
│   ├── types.go       # User, Agent, Mission, Token, etc.
│   └── sqlite.go      # SQLite implementation
├── personserver/      # AAuth Person Server (TODO)
├── authzserver/       # ID-JAG Authorization Server (TODO)
└── docs/
    └── specs/
        └── ROADMAP.md # Implementation roadmap

Key Concepts

ComposedIdentity

Links all three identity layers with a unique binding:

  • BindingID: Unique identifier for this composed identity
  • BoundAt: When the identities were linked
  • ExpiresAt: Earliest expiration of component identities
  • TraceID: For distributed tracing
Identity Layers
  1. Human Identity (ID-JAG): User the agent acts for
  2. Agent Identity (AAuth): The autonomous agent with its mission
  3. Workload Identity (SPIFFE): Infrastructure hosting the agent
Request Flow
  1. Agent sends request with:

    • AAuth token (agent identity)
    • ID-JAG assertion (human identity)
    • mTLS with SVID (workload identity)
  2. Server composes identities:

    • Verify AAuth token → AgentIdentity
    • Verify ID-JAG assertion → HumanIdentity
    • Extract SPIFFE ID from TLS → WorkloadIdentity
    • Create ComposedIdentity with binding
  3. Authorization decision uses all three:

    • "Agent X acting for Human Y on Workload Z"
    • Full audit trail with all identities linked

License

MIT License

Directories

Path Synopsis
cmd
agentauth-server command
Command agentauth-server runs a unified authorization server that combines the AAuth Person Server (human consent) and the ID-JAG Authorization Server (automated token exchange) into a single deployable binary.
Command agentauth-server runs a unified authorization server that combines the AAuth Person Server (human consent) and the ID-JAG Authorization Server (automated token exchange) into a single deployable binary.
examples
agentauth-demo command
Command agentauth-demo demonstrates the agentauth server with both ID-JAG (automated) and AAuth (human consent) authorization flows.
Command agentauth-demo demonstrates the agentauth server with both ID-JAG (automated) and AAuth (human consent) authorization flows.
omniagent-aauth/peopleserver command
Command peopleserver runs the AIStandardsIO PeopleServer for the OmniAgent demo.
Command peopleserver runs the AIStandardsIO PeopleServer for the OmniAgent demo.
Package identity provides layered identity composition for AI agents.
Package identity provides layered identity composition for AI agents.
lambda
peopleserver command
Package main provides an AWS Lambda handler for the AIStandardsIO PeopleServer.
Package main provides an AWS Lambda handler for the AIStandardsIO PeopleServer.
Package store provides storage abstractions for agent authorization.
Package store provides storage abstractions for agent authorization.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL