#ai-agents #identity #authorization #agentic-ai #mcp #security #oauth
The unsolved 2026 problem: ~80% of orgs running autonomous agents can't trace an agent's actions back
to a human, and 45% still authenticate agents with shared API keys. OAuth/MCP handle one hop — but the
delegation chain loses its anchor at hop 3-4. agentpassport fixes exactly that: signed, scope-narrowing
delegation chains you can verify back to a human principal.
pip install cognis-agentpassport
agentpassport issue researcher --principal chris --scopes read,search,write --key K > p.json
agentpassport delegate p.json summarizer --scopes read,search --key K2 > p2.json # subset only
agentpassport verify p2.json --keys '{"human:chris":"K","agent:researcher":"K2"}' --require write
# → valid:false, violation: required scope 'write' not held at final hop ✅ escalation blockedflowchart LR
H[👤 Human principal] -->|issue scopes| A1[Agent: researcher]
A1 -->|delegate ⊆ scopes| A2[Agent: summarizer]
A2 -->|delegate ⊆ scopes| A3[Agent: tool-runner]
A3 --> V{verify chain}
V -->|walks back to| H
V --> R[valid? · principal · violations]
Every hop is HMAC-signed and can only narrow scopes — escalation is detected. Verification walks the whole chain back to the human anchor, so you get the one thing OAuth/MCP can't give you today: accountable, multi-hop agent authorization.
MCP server (agentpassport mcp), JSON in/out for any agent runtime, drop-in for
uncensored-fleet / LangChain / CrewAI delegation.
Aligned with IETF draft-klrc-aiagent-auth (AIMS), NIST agent-identity concept paper, MCP, and Mastercard Agent Pay tokenization. Production: anchor the HMAC demo in real PKI / SPIFFE.
🤖 uncensored-fleet · 🛡️ guardpost · 🧰 toolguard · 🗂️ the suite
COCL v1.0 — see LICENSE.