Skip to content
@AgentsID-dev

AgentsID-dev

Identity, permissions, and audit infrastructure for AI agents — MCP-native drop-in middleware.
README.md
AgentsID

AgentsID

Identity, permissions, and audit infrastructure for AI agents.

MCP-native drop-in middleware. The auth layer for the agent economy.

Website · Docs · Registry · Research · Blog

The Problem

The MCP ecosystem has 97 million monthly SDK downloads and 15,983 public servers. We scanned all of them. 88% need authentication. 8.5% actually have it. The spec punts on authorization and says "left to the transport layer."

Meanwhile, agents are spawning subagents, subagents are calling tools, tools are touching databases and sending emails and deploying code — with no identity boundary between them. When something breaks, the audit log says "Claude did it."

What AgentsID Does

  • Identity — every agent gets a universal ID with a cryptographic token
  • Permissions — deny-first rules with wildcards, schedules, rate limits, data-level scoping, approval gates
  • Delegation — spawn child agents that can only narrow, never expand, parent scope
  • Audit — tamper-evident hash-chained log of every tool call, including the full delegation chain
  • Scanner — open-source grader for any MCP server, run npx agentsid-scan <server> to see its grade

Repositories

Core

  • agentsid — FastAPI server, SDKs (TypeScript, Python, Ruby, Java), CLI, dashboard, docs
  • agentsid-scanner — open-source MCP security scanner, confidence-weighted grades, only A/100 in the registry
  • agentsid-proxy — secrets-vault proxy execution for MCP tool calls

Integrations

  • shell-guard — MCP server for safe shell access; every command validated against per-agent rules
  • pydantic-ai-toolguard — deny-first tool authorization for pydantic-ai agents

Standards

  • permission-spec — the AgentsID Permission Specification v1.0, RFC-style

Research

We publish deep original research on agent security. All free, all citable.

  1. The State of MCP Server Security 2026 — 15,983 servers scanned, classified, and graded
  2. Weaponized by Design — Toxic Flow taxonomy for MCP attacks
  3. The Multi-Agent Auth Gap — 4 structural gaps across 5 frameworks with live CVE evidence
  4. Invisible Ink — Unicode smuggling, GPT-5.4 follows invisible instructions 100% of the time
  5. MCP Injection Taxonomy — classification framework for MCP attacks

Read at agentsid.dev/research.

Quick Start

# Secure any MCP server in 3 lines
npm install @agentsid/sdk
import { withAgentsID } from "@agentsid/sdk";
const server = withAgentsID(mcpServer, { apiKey: process.env.AGENTSID_PROJECT_KEY });

Full docs at agentsid.dev/docs.

Community

Building the permission, identity, and audit standards for the agent economy.

Popular repositories Loading

  1. agentsid-scanner agentsid-scanner Public

    Security scanner for MCP servers. Grades auth, permissions, injection risks, and tool safety. The Lighthouse of agent security.

    JavaScript 20 1

  2. agentsid agentsid Public

    Identity, permissions, and audit for AI agents. The Auth0 for the agent economy.

    TypeScript 1 1

  3. shell-guard shell-guard Public

    MCP server for safe shell access. Every command validated against per-agent permission rules before execution. Powered by AgentsID.

    JavaScript

  4. permission-spec permission-spec Public

    AgentsID Permission Specification v1.0 — A standard format for AI agent tool call permissions

  5. agentsid-proxy agentsid-proxy Public

    MAP (Model Context Authorization Protocol) — enforcement proxy for MCP servers

    TypeScript

  6. pydantic-ai-toolguard pydantic-ai-toolguard Public

    Deny-first tool authorization for pydantic-ai agents — by AgentsID

    Python

Repositories

Showing 7 of 7 repositories

Top languages

Loading…

Most used topics

Loading…