Portable identity for AI agents across MCP, A2A, ANP, and AG-UI protocols
Project description
Agent Identity Bridge (AIB)
One identity. Every protocol. Full audit trail.
AIB is an open-source protocol that gives AI agents a single portable identity across MCP (Anthropic), A2A (Google), ANP, and AG-UI — with W3C DID v1.1, Verifiable Credentials, and EU AI Act compliance built in.
The problem
Each AI protocol invented its own identity system. An agent operating across MCP + A2A + AG-UI has three separate identities with zero link between them. Cross-protocol auditing is impossible, credential management is painful, and EU AI Act compliance is a nightmare.
Quick start
pip install agent-identity-bridge
python -c "from aib import PassportService; print('AIB ready')"
Run the interactive demo (15 seconds, zero config)
curl -sO https://raw.githubusercontent.com/tntech-consulting/agent-identity-bridge/main/examples/quickstart.py
python quickstart.py
AIB Cloud (managed SaaS)
from aib.cloud import AIBCloud
client = AIBCloud("aib_sk_live_...")
passport = client.create_passport("my-bot", protocols=["mcp", "a2a", "ag_ui"])
mcp_card = client.translate(a2a_card, "a2a_agent_card", "mcp_server_card")
client.create_policy("deliverable_gate", {"required_capabilities": ["tests_passed"]})
client.create_webhook("https://your-app.com/hooks", events=["passport.created"])
Local protocol (self-hosted)
from aib.passport import PassportService, McpBinding, A2aBinding
svc = PassportService(secret_key="your-secret")
passport, token = svc.create_passport(
org_slug="mycompany", agent_slug="booking-agent",
capabilities=["booking", "scheduling"],
bindings={"mcp": McpBinding(auth_method="oauth2"), "a2a": A2aBinding(auth_method="bearer")},
)
Framework integrations
from aib.integrations import get_langchain_tools # LangChain
from aib.integrations import get_crewai_tools # CrewAI
from aib.integrations import get_openai_agents_tools # OpenAI Agents SDK
Key features
- Portable identity: One passport, valid on MCP, A2A, ANP, AG-UI
- Credential translation: 6 paths across 4 formats (< 1ms)
- W3C DID v1.1: did:web + did:key, resolvable by any Universal Resolver
- W3C Verifiable Credentials: Ed25519Signature2020 proof, StatusList2021 revocation
- EU AI Act compliance: 7 structured fields (intent, risk_level, human_oversight, etc.) in every signed receipt
- Policy engine: 12 rule types — deliverable gates, separation of duties, capability enforcement
- Ed25519 audit trail: Signed receipts with SHA-256 hash chaining, AES-256 encrypted keys
- OIDC federation: Google, Microsoft Entra, Okta, Auth0 — bring your own IdP
- Webhooks: 4 event types, HMAC-SHA256 signed payloads
- Rate limiting: 30 req/min per IP (HTTP) + policy-based per org
- Intent inference: LLM-powered analysis of agent behavior patterns
- Delegation chains: Parent → child with scope narrowing enforcement
- Framework integrations: LangChain, CrewAI, OpenAI Agents SDK
AIB Cloud — Managed SaaS
19 Edge Functions, 13 API endpoints, 17 tables with RLS.
| Feature | Community | Pro (990€/mo) | Enterprise |
|---|---|---|---|
| Passports | 10 | 500 | Unlimited |
| Transactions/mo | 1,000 | 100,000 | Custom |
| Policy rules | 3 | 50 | Custom |
| OIDC federation | — | ✓ | ✓ |
| Webhooks | 1 | 20 | Custom |
| Intent inference | — | ✓ | ✓ |
| VCs | — | ✓ | ✓ |
Dashboard: aib-tech.fr/dashboard EU AI Act Compliance Kit: aib-tech.fr/compliance
How AIB relates to existing solutions
AIB is a standard, not a product. It bridges protocols, it doesn't compete with IAM vendors.
- MCP connects agents to tools. AIB connects agents to all protocols.
- A2A coordinates agents. AIB gives each agent an identity usable everywhere.
- Okta/Entra authenticates humans. AIB bridges their tokens to agent passports via OIDC federation.
- SailPoint discovers and governs agents. AIB gives them portable identities across protocols.
No European competitor exists for cross-protocol agent identity + DID + VCs + EU AI Act compliance. See aib-tech.fr/why for full positioning.
Contributing
Apache 2.0 licensed. Contributions welcome.
git clone https://github.com/tntech-consulting/agent-identity-bridge.git
cd agent-identity-bridge
pip install -e ".[dev]"
pytest # 1,054 tests
Author
Thomas Nirennold — TNTECH CONSULTING SAS (SIREN 993811157), Paris, France
Protocol · Why AIB · Compliance Kit · Blog · PyPI
License
Apache 2.0 — see LICENSE
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file agent_identity_bridge-2.16.0.tar.gz.
File metadata
- Download URL: agent_identity_bridge-2.16.0.tar.gz
- Upload date:
- Size: 4.6 MB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
c77755fd95627af069bb5ae01f3f85fcae8e22063be11470684279f4db65dc16
|
|
| MD5 |
ec77d606b0e9d36db5ad54eadc798354
|
|
| BLAKE2b-256 |
3c778ac046c9de5406a70724d0871641d0eaf63ce3c5c139f014f58ef8a7f971
|
File details
Details for the file agent_identity_bridge-2.16.0-py3-none-any.whl.
File metadata
- Download URL: agent_identity_bridge-2.16.0-py3-none-any.whl
- Upload date:
- Size: 165.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
d410995a3b6eda75c41ee5aa2ff2bebf501245d12b126641beda10b0c7ccdab3
|
|
| MD5 |
90f1de967f87101efba25629d462408c
|
|
| BLAKE2b-256 |
4c540e92fe3ab2a425ce3326ecfb7c1f97b0ec2bad89cab5537af83f264bb3a8
|
