HN 표시: AI 에이전트용 Sudo - API 키 대신 암호화 위임

"The question isn't whether AI agents can write code. It's whether you'd let them git push --force to production at 3am." -- every engineering manager, eventually AI agents are getting root access to your codebase. Claude Code runs bash . Codex executes shell commands. Cursor edits your files. And right now, the only thing between an agent and rm -rf / is... vibes. A system prompt that says "please don't." auth-action is sudo for AI agents. Cryptographic delegation tokens that scope-confine what an agent can do -- not by policy, but by math. Ed25519 signatures. Hierarchical scopes. Time-bounded sessions. Full audit trails. If the token doesn't grant git.push.prod , the push doesn't happen. Not because a hook said no. Because the proof doesn't exist. One cryptographic core, every surface: | Surface | Install | Use case | |---|---|---| | Python SDK | pip install kanoniv-auth | Programmatic delegation, verification, signing | | Python CLI | kanoniv-auth delegate --scopes ... | Terminal-based agent management | | Rust crate | kanoniv-agent-auth on crates.io | Native performance, MCP proxy | | Claude Code skills | /delegate , /scope , /audit | Interactive sessions with scope enforcement | | GitHub Action | kanoniv/auth-action@v1 | CI/CD pipeline delegation | | wrap-mcp | kanoniv-auth wrap-mcp -- npx server | Access control proxy for any MCP server | | Trust Observatory | pip install kanoniv-trust | Agent registry, reputation, provenance dashboard | /delegate -> choose scopes -> every tool call verified -> full audit trail Requirements: Python 3.10+, Claude Code (for skills), Git git clone https://github.com/kanoniv/auth-action.git ~/.kanoniv/auth-action cd ~/.kanoniv/auth-action && ./install.sh That's it. Five skills are now available in Claude Code. Run /delegate to start your first scoped session. The core library. Everything else is built on this. pip install kanoniv-auth from kanoniv_auth import delegate, verify, sign # Issue a delegation token token = delegate(scopes=["deploy.staging", "build"], ttl="4h") # Verify before acting verify(action="deploy.staging", token=token) # passes verify(action="deploy.prod", token=token) # raises ScopeViolation # Sign an execution envelope (provable audit) envelope = sign(action="deploy.staging", token=token, result="success") from kanoniv_auth import ( # Core delegate, # Issue delegation token verify, # Verify scope against token sign, # Sign execution envelope # Key management init_root, # Generate root Ed25519 keypair load_root, # Load existing root key load_token, # Load token from disk/env list_tokens, # List all saved tokens # Agent registry (persistent identities) register_agent, # Register named agent (DID persists across sessions) get_agent, # Look up agent by name list_agents, # List all registered agents resolve_name, # Resolve agent name to DID # Errors AuthError, # Base error ScopeViolation, # Scope not in token TokenExpired, # TTL exceeded ChainTooDeep, # Delegation chain limit SignatureInvalid, # Ed25519 verification failed TokenParseError, # Malformed token # Crypto primitives KeyPair, # Ed25519 keypair generate_keys, # Generate new keypair load_keys, # Load from base64 ) # Root delegates to coordinator root_token = delegate(scopes=["deploy", "build", "test"], ttl="8h") # Coordinator sub-delegates to deploy agent (narrower scopes) deploy_token = delegate( scopes=["deploy.staging"], # narrowed from "deploy" ttl="2h", # shorter TTL parent=root_token, # chain link ) # Deploy agent cannot exceed its authority verify(action="deploy.staging", token=deploy_token) # passes verify(action="deploy.prod", token=deploy_token) # ScopeViolation verify(action="build", token=deploy_token) # ScopeViolation from kanoniv_auth import register_agent, delegate # Agent gets a persistent DID that survives across sessions agent = register_agent("deploy-bot") print(agent.did) # did:agent:a3f9c2b1e4d8... # Delegate to the named agent token = delegate(scopes=["deploy.staging"], ttl="4h", name="deploy-bot") # Next session, same DID agent = register_agent("deploy-bot") # returns existing identity kanoniv-auth --help kanoniv-auth init # Generate root Ed25519 keypair kanoniv-auth init -o ./my-key # Custom output path # Issue a token kanoniv-auth delegate -s deploy.staging,build -t 4h -n my-agent # With sub-delegation kanoniv-auth delegate -s deploy.staging -t 2h --parent $ROOT_TOKEN # Dry run (show what would happen) kanoniv-auth delegate -s deploy.staging -t 4h --dry-run # Export as shell variable eval $(kanoniv-auth delegate -s deploy.staging -t 4h --export) # Verify a scope kanoniv-auth verify -s deploy.staging # uses $KANONIV_TOKEN kanoniv-auth verify -s deploy.staging -a my-agent # by agent name kanoniv-auth verify -s deploy.prod # fails: ScopeViolation # Execute with scope check (verify + run + sign) kanoniv-auth exec -s deploy.staging -- ./deploy.sh staging # Sign an action (creates execution envelope) kanoniv-auth sign -a deploy.staging --target staging --result success # Verify an