The neutral, portable passport + verify + suspend rail for AI agents
Built on the Open Agent Passport (OAP) v1.0 specification
graph TD
A[🤖 AI Agent] --> B[💳 Refund 1000ドル]
A --> C[📊 Export 1M Rows]
A --> D[🔀 Merge to Main]
A --> E[🚀 Deploy to Prod]
B --> F[❌ No Identity Check]
C --> F
D --> F
E --> F
F --> G[💥 Security Incident]
G --> H[⏰ Hours to Detect]
H --> I[💰 10ドルK+ in Damages]
style A fill:#ff6b6b
style F fill:#ff6b6b
style G fill:#ff6b6b
style I fill:#ff6b6b
Organizations are letting AI agents perform sensitive actions without proper identity verification or policy enforcement.
graph TD
A[🤖 AI Agent<br/>with Passport] --> B[🛡️ APort Verify]
B --> C{Policy Check}
C -->|✅ Allowed| D[✅ Action Proceeds]
C -->|❌ Blocked| E[🚫 Action Blocked]
F[📋 Policy Pack] --> B
G[⚡ Global Suspend] --> B
style A fill:#06b6d4,color:#ffffff
style B fill:#10b981,color:#ffffff
style D fill:#10b981,color:#ffffff
style E fill:#ef4444,color:#ffffff
style F fill:#8b5cf6,color:#ffffff
style G fill:#f59e0b,color:#ffffff
APort provides a neutral, portable identity and policy enforcement layer for AI agents across all platforms.
# Create a passport via API curl -X POST "https://api.aport.io/api/issue" \ -H "Content-Type: application/json" \ -H "Authorization: Bearer YOUR_JWT_TOKEN" \ -d '{ "name": "HappyRefunds Bot", "role": "Support Refunds", "description": "Refund helper for customer support", "capabilities": [{"id": "finance.payment.refund", "params": {}}], "limits": { "refund_amount_max_per_tx": 50, "refund_amount_daily_cap": 200 }, "regions": ["US", "CA"], "contact": "team@aport.io", "controller_type": "person", "status": "active", "links": { "homepage": "https://aport.io", "repo": "https://github.com/aporthq/agent-passport" }, "categories": ["support", "payments"], "framework": ["OpenAI", "LangChain"] }'
# .github/workflows/aport-verify.yml name: APort Verify PR on: [pull_request] jobs: verify: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - uses: aporthq/policy-verify-action@v1 with: agent-id: ${{ secrets.APORT_AGENT_ID }} policy-pack: 'code.repository.merge.v1'
// Express.js with Policy Pack middleware const { requirePolicy } = require("@aporthq/middleware-express-express"); // Apply policy enforcement to refunds endpoint app.post("/api/refunds", requirePolicy("finance.payment.refund.v1", "agt_inst_xyz789"), async (req, res) => { // Your business logic - policy already verified! const refund = await processRefund(req.body); res.json({ success: true, refund }); } );
| 🏷️ Feature | 📝 Description | 🎯 Use Case |
|---|---|---|
| 🆔 Agent Identity | Portable passports with capabilities & limits | Know who your agents are |
| 📋 Policy Packs | Pre-built policies for common actions | Enforce business rules |
| ⚡ Real-time Verify | Sub-100ms policy checks | Block bad actions instantly |
| 🚨 Global Suspend | Kill switch across all platforms | Stop incidents in seconds |
| 🔐 Multi-level Assurance | Email, GitHub, Domain verification | Trust but verify |
| 📊 Verifiable Attestation | Complete action history | Compliance & debugging |
graph LR
A[🛡️ APort Core] --> B[💳 Payments]
A --> C[📊 Data Export]
A --> D[🔀 Git Operations]
A --> E[🚀 CI/CD]
A --> F[💬 Messaging]
B --> B1[Stripe<br/>PayPal<br/>Square]
C --> C1[Segment<br/>Fivetran<br/>Snowflake]
D --> D1[GitHub<br/>GitLab<br/>Bitbucket]
E --> E1[GitHub Actions<br/>Jenkins<br/>CircleCI]
F --> F1[Slack<br/>Teams<br/>Discord]
style A fill:#06b6d4,color:#ffffff
style B fill:#10b981,color:#ffffff
style C fill:#f59e0b,color:#ffffff
style D fill:#8b5cf6,color:#ffffff
style E fill:#ef4444,color:#ffffff
style F fill:#06b6d4,color:#ffffff
OAP v1.0 compliant policy definitions for instant AI agent governance
{
"policy": "finance.payment.charge.v1",
"capability": "payments.charge",
"assurance": "L2",
"limits": {
"currency_limits": { "USD": { "max_per_tx": 10000 } },
"allowed_merchant_ids": ["merchant_123"],
"blocked_categories": ["adult", "gambling"]
}
}{
"policy": "finance.payment.refund.v1",
"capability": "finance.payment.refund",
"assurance": "L2",
"limits": {
"max_refund_per_tx": 1000,
"cross_currency_denied": true,
"reason_codes_required": ["defective", "not_as_described"]
}
}{
"policy": "data.export.create.v1",
"capability": "data.export",
"assurance": "L1",
"limits": {
"max_rows_per_export": 100000,
"allow_pii": false,
"allowed_formats": ["csv", "json"]
}
}{
"policy": "code.repository.merge.v1",
"capabilities": ["repo.merge", "repo.pr.create"],
"assurance": "L2",
"limits": {
"max_prs_per_day": 5,
"allowed_repos": ["owner/repo1"],
"require_review": true
}
}{
"policy": "messaging.message.send.v1",
"capability": "messaging.send",
"assurance": "L1",
"limits": {
"messages_per_hour": 100,
"allowed_channels": ["support", "notifications"],
"mention_policies": "restricted"
}
}// Express.js with Policy Pack middleware const { requirePolicy } = require("@aporthq/middleware-express-express"); app.post("/api/refunds", requirePolicy("finance.payment.refund.v1", "agt_inst_xyz789"), async (req, res) => { // Policy already verified! Check specific limits const passport = req.policyResult.passport; if (req.body.amount > passport.limits.refund_amount_max_per_tx) { return res.status(403).json({ error: "Refund exceeds limit", requested: req.body.amount, limit: passport.limits.refund_amount_max_per_tx }); } // Process refund safely const refund = await stripe.refunds.create({ amount: req.body.amount, payment_intent: req.body.payment_intent }); res.json({ success: true, refund }); } );
# .github/workflows/aport-verify.yml name: APort Verify PR on: [pull_request] jobs: verify: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Verify via APort run: | BODY=$(jq -n \ --arg agent_id "$APORT_AGENT_ID" \ --arg repo "$GITHUB_REPOSITORY" \ --arg base "${{ github.event.pull_request.base.ref }}" \ --arg head "${{ github.event.pull_request.head.ref }}" \ --argjson files_changed "${{ steps.changed-files.outputs.files }}" \ '{ agent_id: $agent_id, context: { repo: $repo, base: $base, head: $head, files_changed: $files_changed, author: "${{ github.event.pull_request.user.login }}" } }') curl -s -X POST "https://api.aport.io/api/verify/policy/code.repository.merge.v1" \ -H "Content-Type: application/json" \ -d "$BODY" | tee result.json env: APORT_AGENT_ID: ${{ secrets.APORT_AGENT_ID }}
// FastAPI with Policy Pack middleware from fastapi import FastAPI, Request from aport.middleware import require_policy @app.post("/api/data/export") @require_policy("data.export.create.v1", "agt_inst_xyz789") async def export_data(request: Request, export_data: dict): passport = request.state.policy_result.passport # Check PII permission if export_data.get("include_pii") and not passport.limits.allow_pii: raise HTTPException(403, { "error": "PII export not allowed", "agent_id": passport.agent_id, "upgrade_instructions": "Request PII export capability from your administrator" }) # Check row limit if export_data["rows"] > passport.limits.max_rows_per_export: raise HTTPException(403, { "error": "Export exceeds row limit", "requested": export_data["rows"], "limit": passport.limits.max_rows_per_export }) # Process export safely return {"success": True, "export_id": f"exp_{int(time.time())}"}
| Metric | Target | Actual |
|---|---|---|
| ⚡ Verify Latency | <100ms p95 | ~100ms p95 |
| 🚨 Suspend Time | <30s global | ~15s global |
| 📈 Uptime | 99.9% | 99.99% |
| 🔄 Throughput | 10k req/s | 50k+ req/s |
graph TD
A[🤔 Current State] --> B[❌ Custom Solutions]
A --> C[❌ Platform Lock-in]
A --> D[❌ No Global Control]
E[✨ With APort] --> F[✅ Standardized]
E --> G[✅ Portable]
E --> H[✅ Global Suspend]
B --> I[💰 High Cost]
C --> I
D --> I
F --> J[💰 Lower Cost]
G --> J
H --> J
style A fill:#ef4444,color:#ffffff
style E fill:#10b981,color:#ffffff
style I fill:#ef4444,color:#ffffff
style J fill:#10b981,color:#ffffff
- Works across all platforms
- No vendor lock-in
- Open standards
- Sub-100ms policy checks
- Global suspend in seconds
- Edge-deployed for speed
- Multi-level assurance
- Complete Verifiable Attestation
- Compliance built-in
- Simple APIs
- Rich SDKs
- GitHub Actions ready
Create and manage AI agent passports with capabilities and limits
# Issue a passport curl -X POST "https://api.aport.io/api/issue" \ -H "Authorization: Bearer YOUR_JWT_TOKEN" \ -d '{ "name": "HappyRefunds Bot", "role": "Support Refunds", "description": "Refund helper for customer support", "capabilities": [{"id": "finance.payment.refund", "params": {}}], "limits": {"refund_amount_max_per_tx": 50}, "regions": ["US", "CA"], "contact": "team@aport.io", "controller_type": "person", "status": "active" }'
Integrate APort middleware to protect sensitive operations
// Express.js middleware const { requirePolicy } = require("@aporthq/middleware-express-express"); app.post("/api/refunds", requirePolicy("finance.payment.refund.v1", "agt_inst_xyz789"), async (req, res) => { // Policy already verified! res.json({ success: true, refund: await processRefund(req.body) }); } );
Add GitHub Actions for automated policy verification
# .github/workflows/aport-verify.yml name: APort Verify PR on: [pull_request] jobs: verify: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - uses: aporthq/policy-verify-action@v1 with: agent-id: ${{ secrets.APORT_AGENT_ID }} policy-pack: 'code.repository.merge.v1'
Mint instance passports for each tenant installation
# Mint instance passport on tenant install curl -X POST "https://api.aport.io/api/passports/agt_tmpl_abc123/instances" \ -H "Authorization: Bearer YOUR_PLATFORM_API_KEY" \ -d '{ "platform_id": "gorgias", "controller_id": "org_acme", "tenant_ref": "store_987", "overrides": {"limits": {"refund_amount_max_per_tx": 50}} }'
- 📖 Documentation - Complete guides and API reference
- 🎮 Playground - Try APort in your browser
- 📺 Video Tutorials - Step-by-step guides
- 💡 Examples - Real-world implementations
- 🛡️ OAP v1.0 Specification - Open Agent Passport standard
- 🐛 Report Issues - Help us improve
We love contributions! Whether it's:
- 🐛 Bug fixes
- ✨ New features
- 📚 Documentation
- 🎨 Design improvements
- 🧪 Tests
Check out our Contributing Guide to get started.
This project is licensed under the MIT License - see the LICENSE file for details.