Standard delegation format for AI agent authorization
AAIP is a standard format for users to grant specific, time-bounded, and constrained permissions to AI agents. It provides cryptographically signed delegations that enable secure agent authorization without requiring central infrastructure.
- Standard Delegation Format: JSON-based signed delegations with Ed25519 cryptography
- Self-Contained Verification: Delegations include all data needed for verification
- Hierarchical Scopes: Fine-grained permissions with wildcard support
- Standard Constraints: Built-in spending limits, time windows, and content filtering
- Stateless Design: No central authority or registry required
- Protocol-First: Simple foundation for building agent authorization systems
AAIP delegations are JSON objects with cryptographic signatures:
AAIP v1.0 defines standard constraint types that all implementations must support:
- Ed25519 Signatures: Industry-standard cryptographic security
- Self-Contained: No external key lookups required
- Time-Bounded: Automatic expiration prevents replay attacks
- Minimal Privilege: Scoped permissions with explicit constraints
- Canonical Serialization: Prevents signature malleability
Create REST APIs with AAIP authorization:
Add AAIP authorization to LangChain agents:
- Calendar Management: Schedule meetings with time constraints
- Email Communication: Send emails with domain restrictions
- Shopping: Purchase items with spending limits
- Travel Booking: Book flights/hotels within budget constraints
- Workflow Automation: Agents accessing APIs with role-based permissions
- Customer Service: Agents handling requests with compliance boundaries
- Data Processing: Agents analyzing data with privacy controls
- DevOps: Infrastructure management with safety limits
Services verify delegations in these steps:
- Format Validation: Check all required fields exist
- Version Check: Ensure aaip_version is supported
- Time Validation: Check expiration and validity times
- Signature Verification: Verify Ed25519 signature using embedded public key
- Scope Check: Validate requested action against delegation scope
- Constraint Enforcement: Apply all standard constraints
AAIP defines standard error codes:
- INVALID_DELEGATION: Malformed delegation format
- SIGNATURE_INVALID: Cryptographic signature verification failed
- DELEGATION_EXPIRED: Delegation past expiration time
- SCOPE_INSUFFICIENT: Required permission not granted
- CONSTRAINT_VIOLATED: Request violates delegation constraints
- AAIP v1.0 specification complete
- Python reference implementation
- Ed25519 cryptographic security
- Standard constraint validation
- Comprehensive test suite
- FastAPI integration example
- LangChain integration example
- Complete documentation
- Python SDK
- JavaScript SDK
- Go SDK
- Rust SDK
- AAIP v1.0 Specification - Complete protocol specification
- Python API Reference - Implementation documentation
- Examples - Integration examples and tutorials
We welcome contributions to AAIP:
- Bug Reports: File issues for bugs or improvements
- Feature Requests: Suggest enhancements to the protocol
- Implementation: Contribute SDKs in other languages
- Examples: Add integration examples for new frameworks
- Testing: Help improve test coverage and edge cases
This project is licensed under the Apache 2.0 License - see the LICENSE file for details.
The AAIP specification is released under CC0 (public domain) to ensure maximum adoptability.
- GitHub Issues: Report bugs and request features
- Documentation: Complete guides in the spec/ directory
- Examples: Working code samples in the examples/ directory
AAIP v1.0: Standard delegation format for AI agent authorization