Open protocol — Apache 2.0

One identity.
Every protocol.
Full audit trail.

Une identité.
Tous les protocoles.
Traçabilité totale.

AIB gives your AI agents a single portable identity across MCP, A2A, ANP & AG-UI — the four layers of the 2026 AI communication stack. 406 tests. 36 modules. Apache 2.0.

AIB donne à vos agents IA une identité portable unique à travers MCP, A2A, ANP et AG-UI — les quatre couches de la communication IA en 2026. 406 tests. 36 modules. Apache 2.0.

> pip install aib Read the spec Lire la spec
aib-gateway v1.3.0
$ aib create --org tntech --agent booking --protocols mcp,a2a,anp
✓ Passport created: urn:aib:agent:tntech:booking
  Protocols: mcp, a2a, anp  |  Tier: permanent  |  Expires: 2027-03-25
$ aib translate --from a2a --to mcp --source agent-card.json
✓ Translated: Agent Card → MCP Server Card (3 skills → 3 tools)
  Input + output validated  |  0.5ms
$ aib gateway --passport urn:aib:agent:tntech:booking --url https://api.partner.com/a2a
✓ Proxied via A2A | 200 OK | 142ms | overhead: 1.3ms
  Audit receipt: 7f3a...b2c1  |  Merkle proof: O(log N)
$ aib migrate --passport urn:aib:agent:tntech:booking --add ag-ui
✓ Protocol added: ag-ui  |  passport_id unchanged
  Active: mcp, a2a, anp, ag-ui  |  History preserved

The protocol landscape in 2026

Le paysage des protocoles en 2026

Four layers, four protocols, zero shared identity. Each invented its own authentication.

Quatre couches, quatre protocoles, zéro identité partagée. Chacun a inventé sa propre authentification.

Protocol stack — fragmented identity
Pile protocolaire — identité fragmentée
MCP A2A ANP AG-UI Agent → Tool OAuth 2.1 / Server Card Agent → Agent Agent Card / JSON-RPC Decentralized network W3C DID / E2E crypto Agent → Human No identity standard AUTH 1 AUTH 2 AUTH 3 NONE NO LINK BETWEEN IDENTITIES

The identity problem

Le problème d'identité

Your agents manage N credentials with zero cross-protocol visibility.

Vos agents gèrent N credentials sans aucune visibilité cross-protocole.

N

N identities per agent

N identités par agent

MCP uses OAuth. A2A uses Agent Cards. ANP uses W3C DIDs. AG-UI has nothing. Same agent, different identity everywhere.

MCP utilise OAuth. A2A utilise des Agent Cards. ANP utilise des DID W3C. AG-UI n'a rien. Même agent, identité différente partout.

0

Zero cross-protocol audit

Zéro audit cross-protocole

When your agent calls a tool via MCP, then delegates via A2A — the trace breaks. No correlation. No compliance.

Quand votre agent appelle un outil via MCP puis délègue via A2A — la trace se brise. Pas de corrélation. Pas de conformité.

!

No universal revocation

Pas de révocation universelle

Revoking an agent means revoking in MCP, then A2A, then ANP — separately. Miss one and the agent persists.

Révoquer un agent = le révoquer dans MCP, puis A2A, puis ANP — séparément. Un oubli et l'agent persiste.

How AIB bridges everything

Comment AIB relie tout

A bridge, not a replacement. AIB sits between your agents and every protocol.

Un pont, pas un remplacement. AIB s'insère entre vos agents et chaque protocole.

Architecture — gateway + passport + audit
Architecture — gateway + passeport + audit
Your Agent 1 passport N capabilities AIB GATEWAY Agent Passport Credential Translator Protocol Router Audit Trail (OTLP) MCP Server OAuth injected A2A Agent Agent Card matched ANP Peer DID resolved
Identity

Agent Passport

Agent Passport

RS256-signed identity with 3 tiers: permanent (365d), session (1-24h), ephemeral (5min). Delegation chain with capability subset enforcement.

Identité signée RS256 avec 3 niveaux : permanent (365j), session (1-24h), éphémère (5min). Chaîne de délégation avec sous-ensemble de capacités.

Translation

Credential translator

Traducteur de credentials

A2A Agent Cards ↔ MCP Server Cards ↔ DID Documents. Input AND output validation against translation injection attacks.

Agent Cards A2A ↔ Server Cards MCP ↔ DID Documents. Validation entrée ET sortie contre les attaques par injection.

Proxy

Protocol-aware gateway

Gateway multi-protocole

Reverse proxy with auto-detection, credential injection, SSRF protection. Adds < 3ms overhead. Scales to 50K req/s.

Reverse proxy avec détection automatique, injection de credentials, protection SSRF. Ajoute < 3ms. Scalable à 50K req/s.

Audit

Merkle Tree receipts

Reçus Merkle Tree

Cryptographic proof per action: WHO, WHAT, WHEN, WHERE, WITH WHAT AUTHORITY. SHA-256 hash chain + O(log N) Merkle proofs.

Preuve cryptographique par action : QUI, QUOI, QUAND, OÙ, AVEC QUELLE AUTORITÉ. Chaîne SHA-256 + preuves Merkle O(log N).

Security

Multi-signature + auto-rotation

Multi-signature + rotation auto

M-of-N signing policy. Auto key rotation every 90 days. Emergency rotation with instant revocation.

Politique M-of-N. Rotation auto des clés tous les 90 jours. Rotation d'urgence avec révocation instantanée.

Enterprise

OIDC binding

Binding OIDC

Microsoft Entra, Okta, Auth0, Keycloak. Exchange OIDC token → AIB passport. Claims auto-mapped to capabilities.

Microsoft Entra, Okta, Auth0, Keycloak. Échange token OIDC → passeport AIB. Claims auto-mappés en capabilities.

Compliance

GDPR compliance

Conformité RGPD

Crypto-shredding (AES-256-GCM): destroy key = data unreadable, chain intact. PII guard. Article 20 portability export.

Crypto-shredding (AES-256-GCM) : supprimer la clé = données illisibles, chaîne intacte. Guard PII. Export portabilité Article 20.

Migration

Protocol migration

Migration de protocoles

Add, retire, migrate protocols on live passports. passport_id never changes. Full history preserved for compliance audits.

Ajouter, retirer, migrer des protocoles sur des passeports actifs. Le passport_id ne change jamais. Historique complet préservé.

Inside an Agent Passport

Anatomie d'un Agent Passport

One signed document. Every protocol binding. Full lifecycle management.

Un document signé. Tous les bindings protocole. Gestion complète du cycle de vie.

Agent Passport structure (JWS RS256)
Structure du Agent Passport (JWS RS256)
AGENT PASSPORT JWS signed IDENTITY passport_id: urn:aib:agent:org:name issuer: urn:aib:org:tntech capabilities: [booking, search] LIFECYCLE tier: permanent | session | ephemeral expires_at: 2027-03-25T10:00:00Z delegation: {parent_id, chain, depth} PROTOCOL BINDINGS mcp: server_card_url: /.well-known auth: oauth2 | scopes: [r,w] a2a: agent_card_url: /agent.json auth: bearer | skills: [...] anp: did: did:web:domain auth: did-auth AUDIT & SECURITY receipts: SHA-256 chain  |  merkle: O(log N) proofs  |  multi-sig: M-of-N  |  GDPR: crypto-shredding

Get started in minutes

Démarrez en quelques minutes

Python. FastAPI. Docker. No exotic dependencies.

Python. FastAPI. Docker. Aucune dépendance exotique.

Passport
Translate
Gateway
# Create an Agent Passport from aib.passport import PassportService, McpBinding, A2aBinding svc = PassportService(secret_key="your-secret") passport, token = svc.create_passport( org_slug="mycompany", agent_slug="booking-agent", capabilities=["booking", "scheduling"], bindings={ "mcp": McpBinding(auth_method="oauth2", ...), "a2a": A2aBinding(auth_method="bearer", ...), }, ) # Verify anytime valid, _, reason = svc.verify_passport(token)
# Translate A2A Agent Card to MCP Server Card from aib.translator import CredentialTranslator t = CredentialTranslator() mcp_card = t.translate( source=a2a_agent_card, from_format="a2a_agent_card", to_format="mcp_server_card", ) # Also: mcp -> a2a, a2a -> did, did -> a2a
# Proxy with auto credential injection import httpx r = httpx.post("http://localhost:8420/gateway/proxy", json={ "passport_id": "urn:aib:agent:myco:booking", "target_url": "https://partner.com/a2a/send", "body": {"task": "Book 3pm tomorrow"}, }) trace_id = r.json()["audit_trace_id"] protocol = r.json()["protocol_used"] # "a2a"

Open core pricing

Tarification open core

The protocol is free forever. Pay only for managed infrastructure.

Le protocole est gratuit pour toujours. Payez uniquement l'infrastructure managée.

Community

0€
  • Self-hosted gateway
  • Gateway self-hosted
  • MCP + A2A translation
  • Traduction MCP + A2A
  • 1,000 tx/month
  • 1 000 tx/mois
  • 7-day audit retention
  • Rétention audit 7 jours
  • CLI

Pro

99€ /mois
  • Managed cloud gateway
  • Gateway cloud managé
  • MCP + A2A + ANP + AG-UI
  • 100K tx/month
  • 100K tx/mois
  • 90-day audit + dashboard
  • Audit 90j + dashboard
  • OIDC binding + multi-sig
  • Binding OIDC + multi-sig
  • Email support 48h
  • Support email 48h

Enterprise

Custom
Sur devis
  • Dedicated infra
  • Infra dédiée
  • All protocols + plugins
  • Tous protocoles + plugins
  • Unlimited tx
  • Transactions illimitées
  • SIEM + SSO/SAML + GDPR
  • SIEM + SSO/SAML + RGPD
  • Merkle anchoring + crypto-shredding
  • Ancrage Merkle + crypto-shredding
  • SLA + dedicated support
  • SLA + support dédié

Build the identity layer agents need

Construisez la couche d'identité que les agents attendent

AIB is open source. The protocol belongs to everyone.

AIB est open source. Le protocole appartient à tous.

> Star on GitHub Read the spec Lire la spec