MENU
OverviewPlatform overview Why AIBStrengths & positioning Use CasesReal-world agent scenariosUse CasesReal-world agent scenarios DashboardManage passports & policies PricingCommunity, Pro & Enterprise
QuickstartGet running in 2 minutes Documentation ↗API reference & guides AIB SpecificationAgent Identity Bridge standard GitHub ↗Source & 1,094 tests PyPI ↗pip install agent-identity-bridge
BlogArticles & updates Protocol ExplorerInteractive diagrams FrameworksLangChain, CrewAI, OpenAI RoadmapWhat's next Compliance KitsPre-built policy templates EU AI Act CalculatorEU Act risk assessment
> Dashboard
ROADMAP

Building the future of agent identity

Our public roadmap for AIB. We ship in sprints, open-source everything, and prioritize based on community feedback.

Shipped
In progress
Next up
Planned
Foundation — Core Protocol
SHIPPED · v2.16.0

The core identity bridge is live in production. Portable passports, credential translation across 4 protocols, Ed25519 audit trail, policy engine, OIDC federation, webhooks — and a full autonomous agent fleet running 24/7.

Agent Passport (URN scheme)
Portable identity valid across MCP, A2A, ANP, AG-UI. 3 tiers: permanent, session, ephemeral.
urn:aib:agent:{org}:{agent} · Ed25519 signed · 9 API endpoints
Credential Translation
6 bidirectional translation paths between MCP, A2A, ANP, AG-UI. Sub-millisecond.
/translate · 6 paths · <1ms · format-agnostic
Ed25519 Audit Trail
Every operation produces a signed receipt with SHA-256 hash chain. Tamper-evident, forever verifiable.
Ed25519 · SHA-256 chain · AES-256 key encryption · /audit-trail
Policy Engine
5 guardrail types: capability_required, deliverable_gate, separation_of_duties, rate_limit, human_in_loop. ALLOW / ESCALATE / DENY.
/policy-manage · CRUD · per-passport enforcement
OIDC Federation
Accept tokens from Okta, Entra, Auth0 via JWKS. Zero migration for existing enterprise IAM.
RS256/384/512 · JWKS auto-fetch · /federation-trust
W3C DID:web + DID:key Resolution
Full DID v1.1 support. Resolvable by any Universal Resolver. did:web for orgs, did:key for ephemeral agents.
W3C DID v1.1 · /did-resolve · Universal Resolver compatible
W3C Verifiable Credentials
Issue and verify Ed25519-signed VCs. Ed25519VerificationKey2020. Revocation via StatusList2021.
/vc-issue · /vc-verify · StatusList2021 · W3C VC Data Model
EU AI Act Compliance — Article 12
7 structured fields in every receipt: intent, risk_level, human_oversight, decision_rationale, affected_persons, invocation_chain, data_accessed.
/intent-analyze · /audit-trail?format=compliance · Article 12 + 13 + 14
Python SDK v2.16.0
7 methods: audit_trail, intent_analyze, vc_issue, vc_verify, did_resolve, keygen, list_templates. Published on PyPI.
pip install agent-identity-bridge · PyPI · 1,094 tests · Apache 2.0
Autonomous Agent Fleet (14 agents)
Monitoring, blog, SEO, outreach, onboarding, feedback, CI/CD guardian, security scanner, churn tracker — all running on pg_cron.
Supabase Edge Functions · Deno · Claude Haiku · 18 cron jobs
Enterprise & Standardization
IN PROGRESS · Q2 2026

BPI France deadline June 9, 2026. Targeting sovereign hosting, W3C CCG submission, and first enterprise design partners (large French enterprises). The spec becomes the product.

BPI France — Pionniers de l'IA
Five-phase enterprise readiness dossier. Funding to accelerate sovereign hosting and Go/Rust rewrite of the passport service.
Deadline June 9, 2026 · SecNumCloud track · OVHcloud / Outscale
W3C CCG Standardization
Submit AIB spec to W3C Credentials Community Group. Currently limited by single-implementer status — seeking 2nd implementer.
W3C CCG · DID:web · VC Data Model · community report track
Stripe Billing Integration
Connect pricing tiers to Stripe. Community (free), Pro, Enterprise. Usage-based billing via the /usage-check endpoint.
Stripe · webhook · /usage-check · 3 tiers
Enterprise Prospect Outreach (100 leads)
Automated outreach to 100 target accounts via the outreach-agent. Focus: fintech, health, legal, public sector.
outreach-agent · Claude Haiku · outreach_prospects table
CNIL IA Sandbox
Apply to CNIL sandbox program for AI systems. Validates EU AI Act compliance posture with the French data protection authority.
CNIL · sandbox IA · EU AI Act · GDPR Article 30
Sovereign Hosting (SecNumCloud)
Move from Supabase (EU-West-1) to OVHcloud or Outscale SecNumCloud-qualified infrastructure for enterprise and public sector requirements.
OVHcloud · Outscale · SecNumCloud · ANSSI
passport-service Rewrite (Go / Rust)
Replace Deno Edge Functions with a compiled passport-service for <1ms signing latency and deterministic memory footprint at enterprise scale.
Go or Rust · Ed25519 · sub-millisecond · enterprise SLA
Infrastructure Migration
NEXT UP · Q2–Q3 2026

Migrate from the current Supabase/Deno/Netlify stack to a sovereign, production-grade infrastructure. Required for enterprise contracts (large French enterprises) and BPI France compliance. Each step is independent and can ship incrementally.

Migration de la stack Supabase/Deno/Netlify actuelle vers une infrastructure souveraine et production-grade. Requis pour les contrats enterprise (large French enterprises) et la conformité BPI France. Chaque étape est indépendante et peut être livrée de manière incrémentale.

Supabase → PostgreSQL souverain
Migrate 40 tables + RLS policies + 35 Edge Functions from Supabase (eu-west-1) to a self-managed PostgreSQL on OVHcloud or Outscale. Retain pg_cron for agent scheduling.
Migration de 40 tables + politiques RLS + 35 Edge Functions de Supabase (eu-west-1) vers un PostgreSQL auto-géré sur OVHcloud ou Outscale. Conservation de pg_cron pour le scheduling des agents.
OVHcloud Managed PostgreSQL · Outscale SecNumCloud · pg_cron · RLS · zero-downtime migration
Edge Functions → passport-service (Go / Rust)
Rewrite the core passport-create, passport-revoke, translate, and audit-trail Edge Functions as a compiled Go or Rust binary. Target: <1ms signing latency, deterministic memory, enterprise SLA.
Réécriture des Edge Functions core (passport-create, passport-revoke, translate, audit-trail) en binaire compilé Go ou Rust. Objectif : latence de signature <1ms, mémoire déterministe, SLA enterprise.
Go · Rust · Ed25519 · <1ms p99 · stateless · horizontal scaling
NATS JetStream — Message Broker
Replace synchronous REST calls between the 14 autonomous agents with NATS JetStream. Removes the ~20–30 concurrent agent ceiling. Guaranteed delivery, replay, and dead-letter queues.
Remplacement des appels REST synchrones entre les 14 agents autonomes par NATS JetStream. Supprime le plafond de ~20–30 agents concurrents. Livraison garantie, replay et dead-letter queues.
NATS JetStream · pub/sub · consumer groups · at-least-once delivery · self-hosted
HashiCorp Vault / HSM — Root Key Management
Move the Ed25519 root signing key out of Supabase secrets into HashiCorp Vault or a hardware HSM. Per-agent key derivation. Automatic key rotation. Required for SecNumCloud and enterprise audits.
Déplacement de la clé de signature Ed25519 root hors des secrets Supabase vers HashiCorp Vault ou un HSM matériel. Dérivation de clé par agent. Rotation automatique. Requis pour SecNumCloud et les audits enterprise.
HashiCorp Vault · HSM · PKCS#11 · key derivation · auto-rotation · SecNumCloud
Netlify → CDN souverain
Replace Netlify (US-based) with a European CDN for the frontend assets. OVHcloud CDN or Clever Cloud. Maintains atomic deploys via CI/CD Git workflow. Zero change to the deployment pipeline logic.
Remplacement de Netlify (US) par un CDN européen pour les assets frontend. OVHcloud CDN ou Clever Cloud. Conservation des déploiements atomiques via le workflow CI/CD Git. Aucun changement à la logique du pipeline de déploiement.
OVHcloud CDN · Clever Cloud · atomic deploy · GitHub Actions · aib-tech.fr
receipts Table — Partitioning + Archive
Partition the receipts table by month using pg_partman. Add TTL policy for automatic archiving after 7 years (EU AI Act retention requirement). Required before 10M+ receipts/month.
Partitionnement de la table receipts par mois via pg_partman. Politique TTL pour archivage automatique après 7 ans (exigence de rétention EU AI Act). Requis avant 10M+ receipts/mois.
pg_partman · monthly partitions · TTL · S3-compatible archive · EU AI Act Art. 12
Monitoring — Prometheus + Grafana
Replace the current custom monitoring Edge Function with a proper Prometheus + Grafana stack. Latency histograms, agent fleet health, receipt throughput, signing key usage — all observable.
Remplacement de la Edge Function de monitoring custom par un stack Prometheus + Grafana standard. Histogrammes de latence, santé de la flotte d'agents, débit de receipts, usage des clés de signature — tout observable.
Prometheus · Grafana · alert rules · p50/p95/p99 latency · agent fleet dashboard
Scale & Federation
NEXT UP · Q3 2026

The current architecture hits a concurrency ceiling around 20-30 simultaneous agents. This phase removes that limit with a message broker, decentralized signing, and cross-org trust federation.

NATS JetStream Message Broker
Replace synchronous REST calls between agents with NATS JetStream. Enables 500+ concurrent agents without cascading failures.
NATS JetStream · pub/sub · guaranteed delivery · agent-to-agent
Decentralized Ed25519 Signing
Move from centralized signing key to per-agent HSM-backed keys. HashiCorp Vault or cloud HSM for root key management.
HashiCorp Vault · HSM · per-agent keys · key rotation
receipts Table Partitioning + TTL
Partition the receipts table by month, add TTL policies. Required for >10M receipts/month at enterprise scale.
PostgreSQL partitioning · pg_partman · TTL · archive strategy
Cross-Org Trust Federation
Two organizations can establish a trust relationship, allowing agents from Org A to be recognized by Org B without re-issuing credentials.
DID:web · OIDC federation · federation_trust table · bilateral
Delegation Chains (VP + Scope Narrowing)
Agent A can delegate a subset of its capabilities to Agent B via a signed Verifiable Presentation. Cascade revocation propagates automatically.
W3C VP · scope narrowing · cascade revocation · invocation_chain
ES256 / EdDSA Algorithm Support
Add ECDSA P-256 (ES256) and EdDSA alongside Ed25519 for compatibility with existing enterprise PKI infrastructure.
ES256 · EdDSA · JOSE · JWK · enterprise PKI
Ecosystem & Tooling
PLANNED · Q4 2026

The spec adoption flywheel: TypeScript SDK, CLI, VS Code extension, framework integrations, and a marketplace of policy templates. Making AIB the default identity layer for every AI framework.

TypeScript / Node.js SDK
Full-featured TypeScript SDK mirroring the Python SDK. npm package. Target: LangChain.js, Vercel AI SDK, and Node.js agent stacks.
npm · TypeScript · ESM · LangChain.js · Vercel AI SDK
AIB CLI (aib)
Command-line tool for passport creation, policy management, audit trail queries, and local key generation. Works offline.
Go CLI · aib passport create · aib guard · aib audit · offline-capable
VS Code Extension
Inline passport validation, policy linting, and receipt inspection directly in the IDE. Zero-friction developer experience.
VS Code · Language Server Protocol · policy linting · DID resolution
AIB Shield — Security Scanner
Scan agent configurations for missing passports, over-permissioned policies, expired credentials, and shadow agents.
Static analysis · policy scoring · risk report · CI/CD integration
Policy Marketplace (POLICY_KIT.md)
Community-contributed policy templates for common use cases: GDPR DPO agent, financial advisor, medical assistant, HR automation.
POLICY_KIT.md format · open source · community · npm publishable
PR on everything-claude-code
Contribute AIB as an identity primitive to the everything-claude-code repo (112K stars). Massive developer visibility.
GitHub · 112K stars · community · developer adoption
Agentic Internet Infrastructure
PLANNED · 2027

The long game: AIB becomes the identity substrate for the agentic web. Every AI agent on the internet has a DID. Every inter-agent interaction produces a signed receipt. The open protocol layer that enterprise IAM vendors implement — like they adopted OIDC.

ANP Native Integration
Deep integration with the Agent Network Protocol. AIB passports become the identity primitive for ANP-native agent discovery and invocation.
ANP · agent discovery · did:web · decentralized registry
AG-UI Binding — Full Spec
Complete AG-UI binding implementation. Every human-agent interaction carries a passport + receipt, enabling end-to-end accountability.
AG-UI · human-in-loop · receipt-per-interaction · frontend SDK
Continuous Learning Policy Agent
An autonomous agent that analyzes receipt patterns across all orgs and recommends policy improvements. Privacy-preserving, federated learning.
Claude · federated analysis · policy recommendations · anomaly detection
W3C Recommendation Track
From Community Report to W3C Working Draft. Requires 2+ independent implementations and W3C member sponsorship.
W3C WG · multiple implementers · royalty-free · internet standard
Enterprise IAM Vendor Adoption
Okta, SailPoint, Ping Identity implement the AIB spec as a native connector — the same path OIDC took between 2007 and 2014.
Okta connector · SailPoint AIS · Ping Identity · enterprise native