MENU
OverviewPlatform overview Why AIBStrengths & positioning Use CasesReal-world agent scenariosUse CasesReal-world agent scenarios DashboardManage passports & policies PricingCommunity, Pro & Enterprise
QuickstartGet running in 2 minutes Documentation ↗API reference & guides AIB SpecificationAgent Identity Bridge standard GitHub ↗Source & 1,094 tests PyPI ↗pip install agent-identity-bridge
BlogArticles & updates Protocol ExplorerInteractive diagrams FrameworksLangChain, CrewAI, OpenAI RoadmapWhat's next Compliance KitsPre-built policy templates EU AI Act CalculatorEU Act risk assessment
> Dashboard

Protocol Explorer

Interactive diagrams to understand how AIB works under the hood.

CORE Passport Lifecycle

An Agent Passport goes through a defined lifecycle. Every state transition is recorded with an Ed25519 signed receipt.

CREATE POST passport-create + Ed25519 receipt ACTIVE Ready for use MCP + A2A + ANP + AG-UI translate TRANSLATE A2A ↔ MCP ↔ AG-UI revoke REVOKED + cascade children + Ed25519 receipt AUDIT TRAIL receipt_hash: a1b2... signature: ed25519 signed_by: 314eff... receipt_hash: c3d4... ⛓ hash chain linked
Active flow
Translation
Revocation
Audit receipt

CORE Credential Translation

AIB translates credentials between protocol formats in under 1ms. Click a path to see the field mapping.

// A2A Agent Card { "name": "Booking Agent", "url": "https://api.example.com", "skills": [ { "id": "booking", "name": "Booking" }, { "id": "cancel", "name": "Cancel" } ] }
<1ms
// MCP Server Card { "name": "Booking Agent", "server_url": "https://api.example.com", "tools": [ { "name": "booking", "inputSchema": { ... } }, { "name": "cancel", "inputSchema": { ... } } ], "_aib_source": "a2a" }
skills → tools
url → server_url
_aib_source added

SECURITY Policy Engine

12 rule types are evaluated before every action. A single "block" severity violation denies the request.

REQUEST passport-create POLICY ENGINE — 12 RULES deliverable_gate capability_required separation_of_duties protocol_restrict domain_block domain_allow tier_restrict time_restrict action_block rate_limit attestation_required capability_limit ✓ ALLOWED Proceed + signed receipt ✗ DENIED AIB-601 + denial receipt Severity levels: block warn log

SECURITY OIDC Federation

Bring your own identity provider. AIB accepts Google, Entra, Okta, Auth0 tokens with full JWKS verification and audience checking.

AGENT Bearer: eyJ... (Okta token) Bearer AIB AUTHENTICATE 1. Decode JWT payload 2. Lookup iss → federation_trust 3. Verify exp (not expired) 4. Verify aud (audience) ✦ 5. Fetch JWKS from issuer 6. Verify RS256 signature ✓ OKTA JWKS /.well-known/jwks.json PASSPORT auth_method: oidc_federation PROVIDERS ● Google ● Microsoft Entra ○ Okta ○ Auth0

INFRA System Architecture

AIB runs on Supabase Edge Functions with PostgreSQL, Ed25519 signing, and Netlify for the frontend. CI/CD via GitHub Actions.

CLIENT LAYER SDK Python Dashboard _ cURL / HTTP OIDC Token EDGE FUNCTIONS (Deno) passport-create passport-list passport-revoke translate policy-manage webhook-manage auth usage blog SUPABASE (PostgreSQL) passports · receipts · policy_rules · webhooks organizations · api_keys · usage · federation_trust signing_keys · blog_posts · pg_cron jobs CRYPTO Ed25519 persistent keys SHA-256 hash chain HMAC-SHA256 webhooks CI/CD GitHub Actions 1,044 unit + 10 integ tests Netlify auto-deploy

CORE Agent Request Pipeline

Every API call flows through 4 deterministic stages. Auth · Policy · Translate · Receipt — under 10ms. No stage can be skipped.

Chaque appel API traverse 4 étapes déterministes. Auth · Policy · Translate · Reçu — en moins de 10ms. Aucune étape ne peut être sautée.

AGENT did:web:... POST PASSPORT DID resolve Ed25519 verify API key check ✓ passed POLICY Guardrails eval Risk assessment EU AI Act stamp ✓ passed TRANSLATE MCP → A2A A2A → ANP 6 paths · <1ms ✓ 6 paths RECEIPT Ed25519 signed SHA-256 chain Tamper-evident ✓ signed 200 OK · <10ms
Passport Auth Policy Engine Protocol Translate Signed Receipt
POLICY ENGINE — 5 GUARDRAIL TYPES CAPABILITY Required capabilities before execution capability_required DELIVERABLE Output must match expected schema deliverable_gate SEPARATION No agent acts on its own output separation_of_duties RATE LIMIT Requests/minute per passport tier rate_limit HUMAN LOOP High-risk actions require approval human_in_loop POLICY EVALUATION RESULT ALLOW → execute + stamp receipt ESCALATE → queue human approval DENY → 403 + signed violation log
// Ed25519-signed receipt — every AIB operation { "receipt_id": "rcpt_01JQZB7...", // URN unique "passport_id": "urn:aib:passport:...", // Agent DID "operation": "passport.create", "intent": "Provision identity for CI pipeline agent", // Art. 12 "risk_level": "low", // low|medium|high|critical "human_oversight": true, // Art. 14 "decision_rationale": "Auto-approved: low risk, valid policy", "affected_persons": "none", "invocation_chain": ["did:web:user", "did:web:agent"], "data_accessed": ["passports", "signing_keys"], "timestamp_utc": "2026-04-05T14:30:00Z", "previous_hash": "sha256:a4f2...", // Hash chain "signature": "ed25519:7f3c9a..." // Tamper-evident }