# APS

> Enforcement and accountability layer for AI agents. Bring your own identity. We govern what it can do.

Updated 2026-05-08 · SDK 2.6.0-alpha.3 · MCP 3.2.0 (150 tools) · Python 2.4.0a2 · License Apache-2.0 · 2,884 tests passing · 8 papers · © 2024-2026 Tymofii Pidlisnyi

APS is the enforcement layer that sits on top of whatever identity an agent already has. Accepts did:key, did:web, SPIFFE SVID, OAuth, and native did:aps. Identity is the input. Enforcement is the product. The gateway is both judge and executor. Authority can only decrease at each transfer point.

The SDK ships in two layers. Core is a curated essentials surface at `agent-passport-system/core` covering identity, delegation, enforcement, commerce, reputation. Extended is the full API surface at `agent-passport-system` covering specialized modules including the constitutional v2 framework. Start with Core; pull from Extended only when needed.

## Quick start

- [SDK on npm](https://www.npmjs.com/package/agent-passport-system): `npm install agent-passport-system`
- [Python SDK on PyPI](https://pypi.org/project/agent-passport-system/): `pip install agent-passport-system`
- [MCP server on npm](https://www.npmjs.com/package/agent-passport-system-mcp): `npx agent-passport-system-mcp setup`
- [Remote MCP via SSE](https://mcp.aeoess.com/sse): zero-install, any MCP client
- [Source on GitHub](https://github.com/aeoess): all repos under @aeoess

## Documentation

- [Protocol specification](https://aeoess.com/opensource.html): governance rules, voting mechanics, consensus thresholds
- [Agent passport](https://aeoess.com/passport.html): Ed25519 identity, delegation chains, trust verification
- [Architecture](https://aeoess.com/protocol-architecture.html): layer-by-layer breakdown
- [Threat model](https://aeoess.com/threat-model.html): security analysis and assumptions
- [Compare](https://aeoess.com/compare.html): how APS relates to adjacent agent-governance projects
- [FAQ](https://aeoess.com/faq.html): common questions
- [Full reference](https://aeoess.com/llms-full.txt): complete protocol surface in one document

## Modules and surfaces

- [Module reference](https://aeoess.com/llms-full.txt): full module reference with one-line descriptions
- [Core SDK surface](https://www.npmjs.com/package/agent-passport-system): curated essentials for the most common integration paths
- [MCP tool surface](https://github.com/aeoess/agent-passport-mcp): 150 tools across 17 layers, canonical list per layer in src/index.ts
- [V2 constitutional framework](https://github.com/aeoess/agent-passport-system): attack defenses, structural safeguards, attestation

## Standards and interop

- [AMCS — AI-Native Media Credentialing](https://aeoess.com/amcs.html): open spec for credentialing AI-native publications
- [AMCS full spec](https://github.com/aeoess/agent-passport-system/blob/main/docs/AMCS-SPEC.md): machine-readable specification
- [Cross-Engine Signed Execution Envelope (RFC)](https://github.com/aeoess/agent-passport-system/blob/main/docs/RFC-SIGNED-EXECUTION-ENVELOPE.md): minimal cross-engine governance interop envelope
- [Agent-DID composition crosswalk](https://github.com/aeoess/agent-governance-vocabulary/blob/main/crosswalk/agent-did.yaml): APS to Edison Munoz Duran's Agent-DID identity layer
- [VeritasActa cross-verify](https://github.com/VeritasActa/verify/pull/7): APS DecisionLineageReceipt drops into VeritasActa Knowledge Unit bundles
- [A2A composition contract](https://github.com/a2aproject/A2A/issues/1742): co-drafted key rotation and per-request signature verification
- [Agent governance vocabulary](https://github.com/aeoess/agent-governance-vocabulary): shared term definitions across the agent-governance ecosystem
- [IETF Internet-Draft](https://github.com/aeoess/agent-passport-system): draft-pidlisnyi-aps-00 protocol formalization

## Ecosystem services

- [Mingle](https://aeoess.com/mingle.html): opt-in agent matching, persistent Ed25519 identity, ghost mode, double opt-in
- [Intent Network API](https://api.aeoess.com): live IntentCard registry for capability-based matching

## Machine-readable endpoints

- [Protocol registry](https://aeoess.com/protocol-registry.json): canonical protocol metadata
- [Shared state](https://aeoess.com/comms/shared-state.json): coordination primitives
- [Governance proposals](https://aeoess.com/agora/proposals.json): live proposals
- [Agent directory](https://aeoess.com/agora/agents.json): registered agents
- [.well-known/aps.txt](https://aeoess.com/.well-known/aps.txt): site-level governance declaration
- [.well-known/mcp.json](https://aeoess.com/.well-known/mcp.json): MCP server discovery
- [.well-known/agent-trust.json](https://aeoess.com/.well-known/agent-trust.json): trust profile

## Papers

- [The Agent Social Contract](https://doi.org/10.5281/zenodo.18749779): foundational framing of human-agent authority transfer
- [Monotonic Narrowing](https://doi.org/10.5281/zenodo.18932404): attenuation invariant for delegation chains
- [Faceted Authority Attenuation](https://doi.org/10.5281/zenodo.19260073): per-axis narrowing across delegation
- [Behavioral Derivation Rights](https://doi.org/10.5281/zenodo.19476002): rights propagation through derived data
- [Physics-Enforced Delegation](https://doi.org/10.5281/zenodo.19478584): cryptographic enforcement of delegation invariants
- [Governance in the Medium](https://doi.org/10.5281/zenodo.19582550): protocol-level governance distinct from policy
- [Cognitive Attestation](https://doi.org/10.5281/zenodo.19646276): attestation of reasoning steps
- [The Evidence-Safety Gap](https://doi.org/10.5281/zenodo.19914628): cryptographic governance proves procedural validity, not effect safety

## Optional

- [Dev log](https://aeoess.com/blog.html): day-by-day build record from Feb 18 to present
- [Storage SQLite package](https://www.npmjs.com/package/@aeoess/storage-sqlite): production single-gateway persistence with WAL mode
- [Mingle MCP package](https://www.npmjs.com/package/mingle-mcp): standalone MCP server for the matching service
- [Author homepage](https://tymofii.me): Tymofii Pidlisnyi