Agent Transfer Protocol (ATP): secure agent-to-agent communication
Project description
ATP: Agent Transfer Protocol
Secure agent-to-agent communication over the Internet.
A communication protocol for agent-to-agent transfer.
DNS-based discovery, mandatory Ed25519 signing, server-mediated delivery.
Agent A ATP Server A ATP Server B Agent B
| | | |
|---[1. Submit]----->| | |
| | | |
| 2. Credential Verify | |
| | | |
| 3. DNS SVCB Discover | |
| | | |
| |--[4. Transfer]----->| |
| | TLS 1.3 + POST | |
| | | |
| | 5. ATS+ATK Query (DNS) |
| | 6. Sender Authenticated |
| | | |
|<---[202 Accepted]--| |---[7. Deliver]--->|
| | | |
Why ATP?
Agents need a standard way to communicate across the Internet: securely, without a central registry, using infrastructure that already exists.
| Feature | How |
|---|---|
| Identity | local@domain format, powered by DNS |
| Discovery | DNS SVCB records, no central registry needed |
| Signing | Ed25519 on every message, verified at every hop |
| Authorization | ATS policies in DNS, control who can send for your domain |
| Delivery | Store-and-forward with retry, messages don't get lost |
Install
pip install agent-transfer-protocol
Requires Python 3.11+
Quick Start
# 1. Start a server (keys are auto-generated if not present)
atp server start --domain example.com --port 7443 --local
# 2. Register an agent on the server
atp agent register mybot@example.com
# 3. Send a message (from another terminal)
atp send agent@remote.org \
--from mybot@example.com \
--password <your-password> \
--server localhost:7443 --local \
--body "Hello!"
# 4. Check server status
atp status --server localhost:7443 --local
Server-side Ed25519 keys are managed automatically. Use
atp keys generateonly if you need manual control.
Try It: Two Servers Talking
Run two servers locally and send messages between them, no DNS needed:
# Terminal 1: Start Server A
atp server start --domain alice.local --port 7443 --local --peers peers.toml
# Terminal 2: Start Server B
atp server start --domain bob.local --port 7444 --local --peers peers.toml
# Register agents
atp agent register agent@alice.local
atp agent register agent@bob.local
# Terminal 3: Alice sends to Bob
atp send agent@bob.local \
--from agent@alice.local \
--password <password> \
--server localhost:7443 \
--local \
--body "Hello Bob!"
# Terminal 4: Bob receives
atp recv --agent-id agent@bob.local --server localhost:7444 --local
peers.toml
["alice.local"]
host = "127.0.0.1"
port = 7443
["bob.local"]
host = "127.0.0.1"
port = 7444
Python SDK
import asyncio
from atp.client.client import ATPClient
async def main():
client = ATPClient(
agent_id="mybot@example.com",
password="your-password",
server_url="localhost:7443",
local_mode=True,
)
# Send
result = await client.send("target@remote.org", body="Hello from SDK")
print(result) # {"status": "accepted", "nonce": "msg-..."}
# Receive
messages = await client.recv()
for msg in messages:
print(f"{msg.from_id}: {msg.payload}")
await client.close()
asyncio.run(main())
CLI Reference
Core Commands
| Command | Description |
|---|---|
atp server start |
Start ATP server (auto-generates keys if needed) |
atp send <to> |
Send a message |
atp recv |
Receive messages |
Agent Management
| Command | Description |
|---|---|
atp agent register <id> |
Register an agent with credentials |
atp agent list |
List registered agents |
atp agent remove <id> |
Remove an agent |
Key Management (Server)
| Command | Description |
|---|---|
atp keys generate |
Generate Ed25519 key pair (usually auto-managed) |
atp keys show |
Show key info |
atp keys list |
List all keys |
atp keys rotate |
Rotate to a new key |
Operations
| Command | Description |
|---|---|
atp status |
Show server status and metrics |
atp inspect <nonce> |
Inspect a specific message |
DNS
| Command | Description |
|---|---|
atp dns generate |
Generate DNS records for your domain |
atp dns check |
Verify DNS records are configured |
Run atp <command> --help for options.
Production Deployment
For production, configure DNS records. ATP generates them for you:
# Step 1: Generate the records
atp dns generate --domain example.com --ip 203.0.113.1
# Step 2: Add them to your DNS provider (Cloudflare, Route53, etc.)
# Step 3: Verify
atp dns check --domain example.com
# Step 4: Start with TLS
atp server start --domain example.com --cert server.crt --key server.key
See the DNS Setup Guide for details.
Security
ATP provides three layers of security, inspired by email's battle-tested approach:
| Layer | ATP | Email Equivalent | Purpose |
|---|---|---|---|
| Transport | TLS 1.3 | STARTTLS | Encrypted connections |
| Authentication | Credential | SMTP AUTH | Agent identity (username + password) |
| Authorization | ATS | SPF | Who can send for a domain |
| Integrity | ATK (Ed25519) | DKIM | Message signing & verification |
Agents authenticate to their server with credentials. Messages are cryptographically signed. Remote servers verify independently via ATS+ATK.
Documentation
| Quick Start | Full walkthrough with two servers |
| Configuration | CLI options, config file, retry policy |
| DNS Setup | Production DNS configuration |
| Security Model | ATS, ATK, TLS explained in depth |
| Python SDK | API reference for developers |
| Architecture | Module design for contributors |
Protocol Specification
ATP is defined as an IETF Internet-Draft (Standards Track):
Agent Transfer Protocol (ATP) draft-li-atp · March 2026 Xiang Li, Lu Sun, Yuqi Qiu, Nankai University, AOSP Laboratory
Contributing
git clone https://github.com/NKU-AOSP-Lab/AgentTransferProtocol.git
cd atp
pip install -e ".[dev]"
python -m pytest tests/ -v # 212 tests
See Architecture for module design and development guide.
License
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file agent_transfer_protocol-1.0.0a2.tar.gz.
File metadata
- Download URL: agent_transfer_protocol-1.0.0a2.tar.gz
- Upload date:
- Size: 58.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
ab2211c9eb4a08be150080684aa7c6b1b5fe5f2d121e29fc8064300c3e836cce
|
|
| MD5 |
c52f4a0e01ccbbbd46731d72bd7b226f
|
|
| BLAKE2b-256 |
a8f40067175d01c62d87e4ea2c21c2267b47a43f9dd7a7df82b59167e6f72fa0
|
File details
Details for the file agent_transfer_protocol-1.0.0a2-py3-none-any.whl.
File metadata
- Download URL: agent_transfer_protocol-1.0.0a2-py3-none-any.whl
- Upload date:
- Size: 45.3 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
8431d30c2919dac59a8be4f281839176536165b5d33901f3dde10ed9bc466ad6
|
|
| MD5 |
9b61a86e833cabd0b19e0a97cb739e8e
|
|
| BLAKE2b-256 |
53006351c8513f36c8f0c7d57250eca07be0d0c4c501f3bd8aa378f3bfabbbcb
|
