The neutral, portable passport + verify + suspend rail for AI agents
Built on the Open Agent Passport (OAP) v1.0 specification
graph TD
A[🤖 AI Agent] --> B[💳 Refund $1000]
A --> C[📊 Export 1M Rows]
A --> D[🔀 Merge to Main]
A --> E[🚀 Deploy to Prod]
B --> F[❌ No Identity Check]
C --> F
D --> F
E --> F
F --> G[💥 Security Incident]
G --> H[⏰ Hours to Detect]
H --> I[💰 $10K+ in Damages]
style A fill:#ff6b6b
style F fill:#ff6b6b
style G fill:#ff6b6b
style I fill:#ff6b6b
Organizations are letting AI agents perform sensitive actions without proper identity verification or policy enforcement.
graph TD
A[🤖 AI Agent<br/>with Passport] --> B[🛡️ APort Verify]
B --> C{Policy Check}
C -->|✅ Allowed| D[✅ Action Proceeds]
C -->|❌ Blocked| E[🚫 Action Blocked]
F[📋 Policy Pack] --> B
G[⚡ Global Suspend] --> B
style A fill:#06b6d4,color:#ffffff
style B fill:#10b981,color:#ffffff
style D fill:#10b981,color:#ffffff
style E fill:#ef4444,color:#ffffff
style F fill:#8b5cf6,color:#ffffff
style G fill:#f59e0b,color:#ffffff
APort provides a neutral, portable identity and policy enforcement layer for AI agents across all platforms.
# Create a passport via API
curl -X POST "https://api.aport.io/api/issue" \
-H "Content-Type: application/json" \
-H "Authorization: Bearer YOUR_JWT_TOKEN" \
-d '{
"name": "HappyRefunds Bot",
"role": "Support Refunds",
"description": "Refund helper for customer support",
"capabilities": [{"id": "finance.payment.refund", "params": {}}],
"limits": {
"refund_amount_max_per_tx": 50,
"refund_amount_daily_cap": 200
},
"regions": ["US", "CA"],
"contact": "[email protected]",
"controller_type": "person",
"status": "active",
"links": {
"homepage": "https://aport.io",
"repo": "https://github.com/aporthq/agent-passport"
},
"categories": ["support", "payments"],
"framework": ["OpenAI", "LangChain"]
}'# .github/workflows/aport-verify.yml
name: APort Verify PR
on: [pull_request]
jobs:
verify:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: aporthq/policy-verify-action@v1
with:
agent-id: ${{ secrets.APORT_AGENT_ID }}
policy-pack: 'code.repository.merge.v1'// Express.js with Policy Pack middleware
const { requirePolicy } = require("@aporthq/middleware-express-express");
// Apply policy enforcement to refunds endpoint
app.post("/api/refunds",
requirePolicy("finance.payment.refund.v1", "agt_inst_xyz789"),
async (req, res) => {
// Your business logic - policy already verified!
const refund = await processRefund(req.body);
res.json({ success: true, refund });
}
);| 🏷️ Feature | 📝 Description | 🎯 Use Case |
|---|---|---|
| 🆔 Agent Identity | Portable passports with capabilities & limits | Know who your agents are |
| 📋 Policy Packs | Pre-built policies for common actions | Enforce business rules |
| ⚡ Real-time Verify | Sub-100ms policy checks | Block bad actions instantly |
| 🚨 Global Suspend | Kill switch across all platforms | Stop incidents in seconds |
| 🔐 Multi-level Assurance | Email, GitHub, Domain verification | Trust but verify |
| 📊 Verifiable Attestation | Complete action history | Compliance & debugging |
graph LR
A[🛡️ APort Core] --> B[💳 Payments]
A --> C[📊 Data Export]
A --> D[🔀 Git Operations]
A --> E[🚀 CI/CD]
A --> F[💬 Messaging]
B --> B1[Stripe<br/>PayPal<br/>Square]
C --> C1[Segment<br/>Fivetran<br/>Snowflake]
D --> D1[GitHub<br/>GitLab<br/>Bitbucket]
E --> E1[GitHub Actions<br/>Jenkins<br/>CircleCI]
F --> F1[Slack<br/>Teams<br/>Discord]
style A fill:#06b6d4,color:#ffffff
style B fill:#10b981,color:#ffffff
style C fill:#f59e0b,color:#ffffff
style D fill:#8b5cf6,color:#ffffff
style E fill:#ef4444,color:#ffffff
style F fill:#06b6d4,color:#ffffff
OAP v1.0 compliant policy definitions for instant AI agent governance
{
"policy": "finance.payment.charge.v1",
"capability": "payments.charge",
"assurance": "L2",
"limits": {
"currency_limits": { "USD": { "max_per_tx": 10000 } },
"allowed_merchant_ids": ["merchant_123"],
"blocked_categories": ["adult", "gambling"]
}
}{
"policy": "finance.payment.refund.v1",
"capability": "finance.payment.refund",
"assurance": "L2",
"limits": {
"max_refund_per_tx": 1000,
"cross_currency_denied": true,
"reason_codes_required": ["defective", "not_as_described"]
}
}{
"policy": "data.export.create.v1",
"capability": "data.export",
"assurance": "L1",
"limits": {
"max_rows_per_export": 100000,
"allow_pii": false,
"allowed_formats": ["csv", "json"]
}
}{
"policy": "code.repository.merge.v1",
"capabilities": ["repo.merge", "repo.pr.create"],
"assurance": "L2",
"limits": {
"max_prs_per_day": 5,
"allowed_repos": ["owner/repo1"],
"require_review": true
}
}{
"policy": "messaging.message.send.v1",
"capability": "messaging.send",
"assurance": "L1",
"limits": {
"messages_per_hour": 100,
"allowed_channels": ["support", "notifications"],
"mention_policies": "restricted"
}
}// Express.js with Policy Pack middleware
const { requirePolicy } = require("@aporthq/middleware-express-express");
app.post("/api/refunds",
requirePolicy("finance.payment.refund.v1", "agt_inst_xyz789"),
async (req, res) => {
// Policy already verified! Check specific limits
const passport = req.policyResult.passport;
if (req.body.amount > passport.limits.refund_amount_max_per_tx) {
return res.status(403).json({
error: "Refund exceeds limit",
requested: req.body.amount,
limit: passport.limits.refund_amount_max_per_tx
});
}
// Process refund safely
const refund = await stripe.refunds.create({
amount: req.body.amount,
payment_intent: req.body.payment_intent
});
res.json({ success: true, refund });
}
);# .github/workflows/aport-verify.yml
name: APort Verify PR
on: [pull_request]
jobs:
verify:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Verify via APort
run: |
BODY=$(jq -n \
--arg agent_id "$APORT_AGENT_ID" \
--arg repo "$GITHUB_REPOSITORY" \
--arg base "${{ github.event.pull_request.base.ref }}" \
--arg head "${{ github.event.pull_request.head.ref }}" \
--argjson files_changed "${{ steps.changed-files.outputs.files }}" \
'{
agent_id: $agent_id,
context: {
repo: $repo,
base: $base,
head: $head,
files_changed: $files_changed,
author: "${{ github.event.pull_request.user.login }}"
}
}')
curl -s -X POST "https://api.aport.io/api/verify/policy/code.repository.merge.v1" \
-H "Content-Type: application/json" \
-d "$BODY" | tee result.json
env:
APORT_AGENT_ID: ${{ secrets.APORT_AGENT_ID }}// FastAPI with Policy Pack middleware
from fastapi import FastAPI, Request
from aport.middleware import require_policy
@app.post("/api/data/export")
@require_policy("data.export.create.v1", "agt_inst_xyz789")
async def export_data(request: Request, export_data: dict):
passport = request.state.policy_result.passport
# Check PII permission
if export_data.get("include_pii") and not passport.limits.allow_pii:
raise HTTPException(403, {
"error": "PII export not allowed",
"agent_id": passport.agent_id,
"upgrade_instructions": "Request PII export capability from your administrator"
})
# Check row limit
if export_data["rows"] > passport.limits.max_rows_per_export:
raise HTTPException(403, {
"error": "Export exceeds row limit",
"requested": export_data["rows"],
"limit": passport.limits.max_rows_per_export
})
# Process export safely
return {"success": True, "export_id": f"exp_{int(time.time())}"}| Metric | Target | Actual |
|---|---|---|
| ⚡ Verify Latency | <100ms p95 | ~100ms p95 |
| 🚨 Suspend Time | <30s global | ~15s global |
| 📈 Uptime | 99.9% | 99.99% |
| 🔄 Throughput | 10k req/s | 50k+ req/s |
graph TD
A[🤔 Current State] --> B[❌ Custom Solutions]
A --> C[❌ Platform Lock-in]
A --> D[❌ No Global Control]
E[✨ With APort] --> F[✅ Standardized]
E --> G[✅ Portable]
E --> H[✅ Global Suspend]
B --> I[💰 High Cost]
C --> I
D --> I
F --> J[💰 Lower Cost]
G --> J
H --> J
style A fill:#ef4444,color:#ffffff
style E fill:#10b981,color:#ffffff
style I fill:#ef4444,color:#ffffff
style J fill:#10b981,color:#ffffff
- Works across all platforms
- No vendor lock-in
- Open standards
- Sub-100ms policy checks
- Global suspend in seconds
- Edge-deployed for speed
- Multi-level assurance
- Complete Verifiable Attestation
- Compliance built-in
- Simple APIs
- Rich SDKs
- GitHub Actions ready
Create and manage AI agent passports with capabilities and limits
# Issue a passport
curl -X POST "https://api.aport.io/api/issue" \
-H "Authorization: Bearer YOUR_JWT_TOKEN" \
-d '{
"name": "HappyRefunds Bot",
"role": "Support Refunds",
"description": "Refund helper for customer support",
"capabilities": [{"id": "finance.payment.refund", "params": {}}],
"limits": {"refund_amount_max_per_tx": 50},
"regions": ["US", "CA"],
"contact": "[email protected]",
"controller_type": "person",
"status": "active"
}'Integrate APort middleware to protect sensitive operations
// Express.js middleware
const { requirePolicy } = require("@aporthq/middleware-express-express");
app.post("/api/refunds",
requirePolicy("finance.payment.refund.v1", "agt_inst_xyz789"),
async (req, res) => {
// Policy already verified!
res.json({ success: true, refund: await processRefund(req.body) });
}
);Add GitHub Actions for automated policy verification
# .github/workflows/aport-verify.yml
name: APort Verify PR
on: [pull_request]
jobs:
verify:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: aporthq/policy-verify-action@v1
with:
agent-id: ${{ secrets.APORT_AGENT_ID }}
policy-pack: 'code.repository.merge.v1'Mint instance passports for each tenant installation
# Mint instance passport on tenant install
curl -X POST "https://api.aport.io/api/passports/agt_tmpl_abc123/instances" \
-H "Authorization: Bearer YOUR_PLATFORM_API_KEY" \
-d '{
"platform_id": "gorgias",
"controller_id": "org_acme",
"tenant_ref": "store_987",
"overrides": {"limits": {"refund_amount_max_per_tx": 50}}
}'
- 📖 Documentation - Complete guides and API reference
- 🎮 Playground - Try APort in your browser
- 📺 Video Tutorials - Step-by-step guides
- 💡 Examples - Real-world implementations
- 🛡️ OAP v1.0 Specification - Open Agent Passport standard
- 🐛 Report Issues - Help us improve
We love contributions! Whether it's:
- 🐛 Bug fixes
- ✨ New features
- 📚 Documentation
- 🎨 Design improvements
- 🧪 Tests
Check out our Contributing Guide to get started.
This project is licensed under the MIT License - see the LICENSE file for details.
🛡️ Secure your AI agents. Trust but verify.
Made with ❤️ by the APort team