HN 표시: AIP – 자율 AI 에이전트를 위한 암호화 ID 프로토콜

The HTTPS for AI Agents. Cryptographic identity, intent verification, and boundary enforcement for autonomous agents. Documentation · Live Dashboard · PyPI Every AI framework lets agents do things. None of them verify what agents are allowed to do. A LangChain agent can drain a bank account. An AutoGPT agent can email your customers. A CrewAI agent can delete production data. There is no standard way to verify an agent's identity, enforce its boundaries, or revoke it in real-time. AIP fixes this. AIP-1 is a trustless, cross-platform protocol for verifying the identity, intent, and authorization boundaries of autonomous AI agents before they act. Think of it as OAuth + TLS, purpose-built for the agentic web. Agent wants to act → Creates signed Intent Envelope → Verifier checks 8-step pipeline → Allow or Deny | Capability | What it does | |---|---| | Cryptographic Identity | Ed25519 keypair per agent, DID-based addressing (did:web: ) | | Boundary Enforcement | Action allowlists, deny lists, monetary limits, geo restrictions | | Tiered Verification | Sub-millisecond for low-risk, full crypto for high-value intents | | Kill Switch | Revoke or suspend any agent globally with zero propagation delay | | Trust Scores | Bayesian reputation model — trust is earned over successful verifications | | Intent Drift Detection | Semantic classifier flags actions outside an agent's declared scope | | Structured Error Codes | 22 machine-readable AIP-Exxx codes across 5 categories for audit trails | pip install aip-protocol from aip_protocol import AgentPassport, create_envelope, sign_envelope, verify_intent from aip_protocol.revocation import RevocationStore # 1 — Create an agent passport (identity + keys + boundaries) passport = AgentPassport.create( domain="yourco.com", agent_name="procurement-bot", allowed_actions=["read_invoice", "transfer_funds"], monetary_limit_per_txn=50.0, ) print(passport.agent_id) # → "did:web:yourco.com:agents:procurement-bot" # 2 — Agent wants to act: create and sign an intent envelope envelope = create_envelope( passport, action="transfer_funds", target="did:web:vendor.com", parameters={"amount": 45.00, "currency": "USD"}, ) signed = sign_envelope(envelope, passport.private_key) # 3 — Verifier checks the intent through the 8-step pipeline store = RevocationStore() result = verify_intent(signed, passport.public_key, revocation_store=store) if result.passed: print(f"✓ Verified — tier: {result.tier_used.value}, trust: {result.trust_score}") else: for error in result.errors: print(f"✗ {error.value}: {error.name}") # e.g. "✗ AIP-E202: MONETARY_LIMIT" Every intent passes through an 8-step verification pipeline. The protocol auto-selects the verification tier based on risk: ┌────────────────────────────────────────────────────────┐ │ Intent Envelope │ │ ┌───────────┐ ┌───────────┐ ┌────────────────────┐ │ │ │ Agent ID │ │ Intent │ │ Boundaries │ │ │ │ (DID) │ │ (Action) │ │ (The Cage) │ │ │ └─────┬──────┘ └─────┬─────┘ └──────────┬─────────┘ │ │ └───────────────┼────────────────────┘ │ │ ┌─────▼─────┐ │ │ │ Proof │ ← Ed25519 signature │ │ └───────────┘ │ └────────────────────────────────────────────────────────┘ │ ▼ ┌────────────────────────────────────────────────────────┐ │ Verification Pipeline │ │ │ │ ① Version Check ⑤ Attestation Verify │ │ ② Schema Validation ⑥ Revocation Check │ │ ③ Expiry Check ⑦ Trust Score Evaluation │ │ ④ Boundary Check ⑧ Final Verdict │ │ └─ Actions │ │ └─ Monetary limits │ │ └─ Geo restrictions │ │ └─ Intent drift │ └────────────────────────────────────────────────────────┘ Not every intent needs full cryptographic verification. AIP auto-selects the tier: | Tier | Use Case | Latency | What Runs | |---|---|---|---| | Tier 0 | Low-risk, cached, in-session repeats | <1ms | HMAC + boundary proof | | Tier 1 | Normal operations | ~5ms | Ed25519 + boundary + revocation | | Tier 2 | High-value, cross-org, first contact | ~50–100ms | Full 8-step pipeline | Every failure returns a machine-readable AIP-Exxx code — not a generic 400. Your logs, dashboards, and audit trails show exactly what went wrong. | Range | Category | Examples | |---|---|---| AIP-E1xx | Envelope Errors | E100 Invalid Signature · E101 Expired · E102 Replay Detected | AIP-E2xx | Boundary Violations | E200 Action Not Allowed · E202 Monetary Limit · E204 Geo Restricted | AIP-E3xx | Attestation Failures | E300 Model Hash Mismatch · E303 Intent Drift | AIP-E4xx | Trust Failures | E400 Agent Revoked · E403 Delegation Invalid · E404 Trust Too Low | AIP-E5xx | Protocol Errors | E500 Mesh Unavailable · E502 Handshake Timeout | Full reference → aip.synthexai.tech/docs#errors # Create a passport aip create-passport --domain yourco.com --name my-agent \ -a read_data -a transfer_funds -m 100 # Sign an intent aip sign-intent --passport ./agent_passport \ --action transfer_funds --amount 45 -o intent.json # Verify an intent aip verify --envelope intent.json \ --public-key ./agent_passport/public.pem # Revoke an agent instantly ai