Cryptographic identity and delegation for AutoGen agents.
Every agent gets a did:agent: DID. Authority flows from human to agent to sub-agent, narrowing at each step. Revocable at any point.
pip install kanoniv-autogenfrom kanoniv_agent_auth import AgentKeyPair
from kanoniv_autogen import AuthorityManager, DelegatedAgent
# Root authority
human = AgentKeyPair.generate()
authority = AuthorityManager(human)
# Authorize agents with scoped permissions
researcher = DelegatedAgent("researcher", actions=["search", "summarize"], max_cost=5.0)
writer = DelegatedAgent("writer", actions=["write"], max_cost=3.0)
authority.authorize(researcher)
authority.authorize(writer)
# Verified execution
researcher.act("search", {"query": "AI safety", "cost": 0.50})
# Returns (invoker_did, root_did, chain, depth)
# Blocked: wrong scope
writer.act("search", {"query": "not allowed", "cost": 0.10})
# Raises ValueError: action 'search' not in scopehelper = DelegatedAgent("helper")
researcher.delegate_to(helper, actions=["search"], max_cost=2.0)
# helper can search at max $2, inherits researcher's other caveatsauthority.revoke_agent(writer)
# All subsequent writer.act() calls raise ValueErrorfor entry in authority.audit_report():
print(f"{entry['agent']} ({entry['did'][:20]}...) -> {entry['action']}")| Method | Description |
|---|---|
authorize(agent) |
Delegate from root to agent |
revoke_agent(agent) |
Revoke delegation |
is_revoked(hash) |
Check revocation status |
audit_report() |
Combined audit log |
| Property/Method | Description |
|---|---|
did |
Agent's did:agent: DID |
act(action, args) |
Execute with verified delegation |
delegate_to(other, actions, max_cost) |
Sub-delegate |
- kanoniv-agent-auth - Core identity and delegation library
- AutoGen - Multi-agent conversation framework
- MCP Auth Proposal
MIT