{ "canonical_name": "AgentsID-dev/agentsid", "compilation_id": "pack_1309ccc54d35441ba194e919ca728148", "created_at": "2026-05-15T07:11:54.219203+00:00", "created_by": "project-pack-compiler", "feedback": { "carrier_selection_notes": [ "viable_asset_types=mcp_config, recipe, host_instruction, eval, preflight", "recommended_asset_types=mcp_config, recipe, host_instruction, eval, preflight" ], "evidence_delta": { "confirmed_claims": [ "identity_anchor_present", "capability_and_host_targets_present", "install_path_declared_or_better" ], "missing_required_fields": [], "must_verify_forwarded": [ "Run or inspect `npm install @agentsid/sdk` in an isolated environment.", "Confirm the project exposes the claimed capability to at least one target host." ], "quickstart_execution_scope": "allowlisted_sandbox_smoke", "sandbox_command": "npm install @agentsid/sdk", "sandbox_container_image": "node:22-slim", "sandbox_execution_backend": "docker", "sandbox_planner_decision": "deterministic_isolated_install", "sandbox_validation_id": "sbx_c11a2d6f04cc4121a0770950feabb4c6" }, "feedback_event_type": "project_pack_compilation_feedback", "learning_candidate_reasons": [], "template_gaps": [] }, "identity": { "canonical_id": "project_4bd63e3f57745cd54bd87dfb07aafb90", "canonical_name": "AgentsID-dev/agentsid", "homepage_url": null, "license": "unknown", "repo_url": "https://github.com/AgentsID-dev/agentsid", "slug": "agentsid", "source_packet_id": "phit_0d896e9dabb5498c815284f3cd30154e", "source_validation_id": "dval_a6b12782ee8948708b9ee92af309b07d" }, "merchandising": { "best_for": "需要安全审查与权限治理能力,并使用 mcp_host的用户", "github_forks": 1, "github_stars": 1, "one_liner_en": "Identity, permissions, and audit for AI agents. The Auth0 for the agent economy.", "one_liner_zh": "Identity, permissions, and audit for AI agents. The Auth0 for the agent economy.", "primary_category": { "category_id": "security-permissions", "confidence": "high", "name_en": "Security & Permissions", "name_zh": "安全审查与权限治理", "reason": "matched_keywords:permission, permissions, auth" }, "target_user": "使用 mcp_host 等宿主 AI 的用户", "title_en": "agentsid", "title_zh": "agentsid 能力包", "visible_tags": [ { "label_en": "Security & Permissions", "label_zh": "安全审查与权限治理", "source": "repo_evidence_project_characteristics", "tag_id": "product_domain-security-permissions", "type": "product_domain" }, { "label_en": "Web Task Automation", "label_zh": "网页任务自动化", "source": "repo_evidence_project_characteristics", "tag_id": "user_job-web-task-automation", "type": "user_job" }, { "label_en": "Browser Automation", "label_zh": "浏览器自动化", "source": "repo_evidence_project_characteristics", "tag_id": "core_capability-browser-automation", "type": "core_capability" }, { "label_en": "Checkpoint Resume", "label_zh": "断点恢复流程", "source": "repo_evidence_project_characteristics", "tag_id": "workflow_pattern-checkpoint-resume", "type": "workflow_pattern" }, { "label_en": "Evaluation Suite", "label_zh": "评测体系", "source": "repo_evidence_project_characteristics", "tag_id": "selection_signal-evaluation-suite", "type": "selection_signal" } ] }, "packet_id": "phit_0d896e9dabb5498c815284f3cd30154e", "page_model": { "artifacts": { "artifact_slug": "agentsid", "files": [ "PROJECT_PACK.json", "QUICK_START.md", "PROMPT_PREVIEW.md", "HUMAN_MANUAL.md", "AI_CONTEXT_PACK.md", "BOUNDARY_RISK_CARD.md", "PITFALL_LOG.md", "REPO_INSPECTION.json", "REPO_INSPECTION.md", "CAPABILITY_CONTRACT.json", "EVIDENCE_INDEX.json", "CLAIM_GRAPH.json" ], "required_files": [ "PROJECT_PACK.json", "QUICK_START.md", "PROMPT_PREVIEW.md", "HUMAN_MANUAL.md", "AI_CONTEXT_PACK.md", "BOUNDARY_RISK_CARD.md", "PITFALL_LOG.md", "REPO_INSPECTION.json" ] }, "detail": { "capability_source": "Project Hit Packet + DownstreamValidationResult", "commands": [ { "command": "npm install @agentsid/sdk", "label": "Node.js / npm · 官方安装入口", "source": "https://github.com/AgentsID-dev/agentsid#readme", "verified": true } ], "display_tags": [ "安全审查与权限治理", "网页任务自动化", "浏览器自动化", "断点恢复流程", "评测体系" ], "eyebrow": "安全审查与权限治理", "glance": [ { "body": "判断自己是不是目标用户。", "label": "最适合谁", "value": "需要安全审查与权限治理能力,并使用 mcp_host的用户" }, { "body": "先理解能力边界,再决定是否继续。", "label": "核心价值", "value": "Identity, permissions, and audit for AI agents. The Auth0 for the agent economy." }, { "body": "未完成验证前保持审慎。", "label": "继续前", "value": "publish to Doramagic.ai project surfaces" } ], "guardrail_source": "Boundary & Risk Card", "guardrails": [ { "body": "Prompt Preview 只展示流程,不证明项目已安装或运行。", "label": "Check 1", "value": "不要把试用当真实运行" }, { "body": "mcp_host", "label": "Check 2", "value": "确认宿主兼容" }, { "body": "publish to Doramagic.ai project surfaces", "label": "Check 3", "value": "先隔离验证" } ], "mode": "mcp_config, recipe, host_instruction, eval, preflight", "pitfall_log": { "items": [ { "body": "仓库名 `agentsid` 与安装入口 `@agentsid/sdk` 不完全一致。", "category": "身份坑", "evidence": [ "identity.distribution | github_repo:1192733106 | https://github.com/AgentsID-dev/agentsid | repo=agentsid; install=@agentsid/sdk" ], "severity": "medium", "suggested_check": "在 npm/PyPI/GitHub 上确认包名映射和官方 README 说明。", "title": "仓库名和安装名不一致", "user_impact": "用户照着仓库名搜索包或照着包名找仓库时容易走错入口。" }, { "body": "README/documentation is current enough for a first validation pass.", "category": "能力坑", "evidence": [ "capability.assumptions | github_repo:1192733106 | https://github.com/AgentsID-dev/agentsid | README/documentation is current enough for a first validation pass." ], "severity": "medium", "suggested_check": "将假设转成下游验证清单。", "title": "能力判断依赖假设", "user_impact": "假设不成立时,用户拿不到承诺的能力。" }, { "body": "未记录 last_activity_observed。", "category": "维护坑", "evidence": [ "evidence.maintainer_signals | github_repo:1192733106 | https://github.com/AgentsID-dev/agentsid | last_activity_observed missing" ], "severity": "medium", "suggested_check": "补 GitHub 最近 commit、release、issue/PR 响应信号。", "title": "维护活跃度未知", "user_impact": "新项目、停更项目和活跃项目会被混在一起,推荐信任度下降。" }, { "body": "no_demo", "category": "安全/权限坑", "evidence": [ "downstream_validation.risk_items | github_repo:1192733106 | https://github.com/AgentsID-dev/agentsid | no_demo; severity=medium" ], "severity": "medium", "suggested_check": "进入安全/权限治理复核队列。", "title": "下游验证发现风险项", "user_impact": "下游已经要求复核,不能在页面中弱化。" }, { "body": "no_demo", "category": "安全/权限坑", "evidence": [ "risks.scoring_risks | github_repo:1192733106 | https://github.com/AgentsID-dev/agentsid | no_demo; severity=medium" ], "severity": "medium", "suggested_check": "把风险写入边界卡,并确认是否需要人工复核。", "title": "存在评分风险", "user_impact": "风险会影响是否适合普通用户安装。" }, { "body": "issue_or_pr_quality=unknown。", "category": "维护坑", "evidence": [ "evidence.maintainer_signals | github_repo:1192733106 | https://github.com/AgentsID-dev/agentsid | issue_or_pr_quality=unknown" ], "severity": "low", "suggested_check": "抽样最近 issue/PR,判断是否长期无人处理。", "title": "issue/PR 响应质量未知", "user_impact": "用户无法判断遇到问题后是否有人维护。" }, { "body": "release_recency=unknown。", "category": "维护坑", "evidence": [ "evidence.maintainer_signals | github_repo:1192733106 | https://github.com/AgentsID-dev/agentsid | release_recency=unknown" ], "severity": "low", "suggested_check": "确认最近 release/tag 和 README 安装命令是否一致。", "title": "发布节奏不明确", "user_impact": "安装命令和文档可能落后于代码,用户踩坑概率升高。" } ], "source": "ProjectPitfallLog + ProjectHitPacket + validation + community signals", "summary": "发现 7 个潜在踩坑项,其中 0 个为 high/blocking;最高优先级:身份坑 - 仓库名和安装名不一致。", "title": "踩坑日志" }, "snapshot": { "contributors": 4, "forks": 1, "license": "unknown", "note": "站点快照,非实时质量证明;用于开工前背景判断。", "stars": 1 }, "source_url": "https://github.com/AgentsID-dev/agentsid", "steps": [ { "body": "不安装项目,先体验能力节奏。", "code": "preview", "title": "先试 Prompt" }, { "body": "理解输入、输出、失败模式和边界。", "code": "manual", "title": "读说明书" }, { "body": "把上下文交给宿主 AI 继续工作。", "code": "context", "title": "带给 AI" }, { "body": "进入主力环境前先完成安装入口与风险边界验证。", "code": "verify", "title": "沙箱验证" } ], "subtitle": "Identity, permissions, and audit for AI agents. The Auth0 for the agent economy.", "title": "agentsid 能力包", "trial_prompt": "# agentsid - Prompt Preview\n\n> 复制下面这段 Prompt 到你常用的 AI,先试一次,不需要安装。\n> 它的目标是让你直接体验这个项目的服务方式,而不是阅读项目介绍。\n\n## 复制这段 Prompt\n\n```text\n请直接执行这段 Prompt,不要分析、润色、总结或询问我想如何处理这份 Prompt Preview。\n\n你现在扮演 agentsid 的“安装前体验版”。\n这不是项目介绍、不是评价报告、不是 README 总结。你的任务是让我用最小成本体验它的核心服务。\n\n我的试用任务:我想检查一个 AI 工具或 Agent 工作流在权限、提示注入和数据泄露上的风险。\n我常用的宿主 AI:MCP Client\n\n【体验目标】\n围绕我的真实任务,现场演示这个项目如何把输入转成 示例引导, 判断线索。重点是让我感受到工作方式,而不是给我项目背景。\n\n【业务流约束】\n- 你必须像一个正在提供服务的项目能力包,而不是像一个讲解员。\n- 每一轮只推进一个步骤;提出问题后必须停下来等我回答。\n- 每一步都必须让我感受到一个具体服务动作:澄清、整理、规划、检查、判断或收尾。\n- 每一步都要说明:当前目标、你需要我提供什么、我回答后你会产出什么。\n- 不要安装、不要运行命令、不要写代码、不要声称测试通过、不要声称已经修改文件。\n- 需要真实安装或宿主加载后才能验证的内容,必须明确说“这一步需要安装后验证”。\n- 如果我说“用示例继续”,你可以用虚构示例推进,但仍然不能声称真实执行。\n\n【可体验服务能力】\n- 安装前能力预览: Identity, permissions, and audit for AI agents. The Auth0 for the agent economy. 输入:用户任务, 当前 AI 对话上下文;输出:示例引导, 判断线索。\n\n【必须安装后才可验证的能力】\n- 命令行启动或安装流程: 项目文档中存在可执行命令,真实使用需要在本地或宿主环境中运行这些命令。 输入:终端环境, 包管理器, 项目依赖;输出:安装结果, 列表/更新/运行结果。\n\n【核心服务流】\n请严格按这个顺序带我体验。不要一次性输出完整流程:\n1. project-introduction:Project Introduction。围绕“Project Introduction”模拟一次用户任务,不展示安装或运行结果。\n2. quick-start-guide:Quick Start Guide。围绕“Quick Start Guide”模拟一次用户任务,不展示安装或运行结果。\n3. high-level-architecture:High-Level Architecture。围绕“High-Level Architecture”模拟一次用户任务,不展示安装或运行结果。\n4. permission-system:Deny-First Permission System。围绕“Deny-First Permission System”模拟一次用户任务,不展示安装或运行结果。\n5. token-authentication:Token Authentication and Security。围绕“Token Authentication and Security”模拟一次用户任务,不展示安装或运行结果。\n\n【核心能力体验剧本】\n每一步都必须按“输入 -> 服务动作 -> 中间产物”执行。不要只说流程名:\n1. project-introduction\n输入:用户提供的“Project Introduction”相关信息。\n服务动作:模拟项目在这一步的核心判断和整理方式。\n中间产物:一个可检查的小结果。\n\n2. quick-start-guide\n输入:用户提供的“Quick Start Guide”相关信息。\n服务动作:模拟项目在这一步的核心判断和整理方式。\n中间产物:一个可检查的小结果。\n\n3. high-level-architecture\n输入:用户提供的“High-Level Architecture”相关信息。\n服务动作:模拟项目在这一步的核心判断和整理方式。\n中间产物:一个可检查的小结果。\n\n4. permission-system\n输入:用户提供的“Deny-First Permission System”相关信息。\n服务动作:模拟项目在这一步的核心判断和整理方式。\n中间产物:一个可检查的小结果。\n\n5. token-authentication\n输入:用户提供的“Token Authentication and Security”相关信息。\n服务动作:模拟项目在这一步的核心判断和整理方式。\n中间产物:一个可检查的小结果。\n\n【项目服务规则】\n这些规则决定你如何服务用户。不要解释规则本身,而要在每一步执行时遵守:\n- 先确认用户任务、输入材料和成功标准,再模拟项目能力。\n- 每一步都必须形成可检查的小产物,并等待用户确认后再继续。\n- 凡是需要安装、调用工具或访问外部服务的能力,都必须标记为安装后验证。\n\n【每一步的服务约束】\n- Step 1 / project-introduction:Step 1 必须围绕“Project Introduction”形成一个小中间产物,并等待用户确认。\n- Step 2 / quick-start-guide:Step 2 必须围绕“Quick Start Guide”形成一个小中间产物,并等待用户确认。\n- Step 3 / high-level-architecture:Step 3 必须围绕“High-Level Architecture”形成一个小中间产物,并等待用户确认。\n- Step 4 / permission-system:Step 4 必须围绕“Deny-First Permission System”形成一个小中间产物,并等待用户确认。\n- Step 5 / token-authentication:Step 5 必须围绕“Token Authentication and Security”形成一个小中间产物,并等待用户确认。\n\n【边界与风险】\n- 不要声称已经安装、运行、调用 API、读写本地文件或完成真实任务。\n- 安装前预览只能展示工作方式,不能证明兼容性、性能或输出质量。\n- 涉及安装、插件加载、工具调用或外部服务的能力必须安装后验证。\n\n【可追溯依据】\n这些路径只用于你内部校验或在我追问“依据是什么”时简要引用。不要在首次回复主动展开:\n- https://github.com/AgentsID-dev/agentsid\n- https://github.com/AgentsID-dev/agentsid#readme\n- README.md\n- PRODUCT.md\n- sdk-typescript/src/index.ts\n- sdk-python/agentsid/__init__.py\n- ARCHITECTURE.md\n- server/src/app.py\n- server/src/api\n- server/src/services/permission.py\n- server/src/api/permissions.py\n- server/src/core/validators.py\n\n【首次问题规则】\n- 首次三问必须先确认用户目标、成功标准和边界,不要提前进入工具、安装或实现细节。\n- 如果后续需要技术条件、文件路径或运行环境,必须等用户确认目标后再追问。\n\n首次回复必须只输出下面 4 个部分:\n1. 体验开始:用 1 句话说明你将带我体验 agentsid 的核心服务。\n2. 当前步骤:明确进入 Step 1,并说明这一步要解决什么。\n3. 你会如何服务我:说明你会先改变我完成任务的哪个动作。\n4. 只问我 3 个问题,然后停下等待回答。\n\n首次回复禁止输出:后续完整流程、证据清单、安装命令、项目评价、营销文案、已经安装或运行的说法。\n\nStep 1 / brainstorming 的二轮协议:\n- 我回答首次三问后,你仍然停留在 Step 1 / brainstorming,不要进入 Step 2。\n- 第二次回复必须产出 6 个部分:澄清后的任务定义、成功标准、边界条件、\n 2-3 个可选方案、每个方案的权衡、推荐方案。\n- 第二次回复最后必须问我是否确认推荐方案;只有我明确确认后,才能进入下一步。\n- 第二次回复禁止输出 git worktree、代码计划、测试文件、命令或真实执行结果。\n\n后续对话规则:\n- 我回答后,你先完成当前步骤的中间产物并等待确认;只有我确认后,才能进入下一步。\n- 每一步都要生成一个小的中间产物,例如澄清后的目标、计划草案、测试意图、验证清单或继续/停止判断。\n- 所有演示都写成“我会建议/我会引导/这一步会形成”,不要写成已经真实执行。\n- 不要声称已经测试通过、文件已修改、命令已运行或结果已产生。\n- 如果某个能力必须安装后验证,请直接说“这一步需要安装后验证”。\n- 如果证据不足,请明确说“证据不足”,不要补事实。\n```\n", "voices": [ { "body": "当前没有项目级社区来源;不会把未抓取讨论包装成社会证明。", "items": [], "status": "待发现 Agent 补证", "title": "社区讨论" } ] }, "homepage_card": { "category": "安全审查与权限治理", "desc": "Identity, permissions, and audit for AI agents. The Auth0 for the agent economy.", "effort": "安装已验证", "forks": 1, "icon": "shield", "name": "agentsid 能力包", "risk": "需复核", "slug": "agentsid", "stars": 1, "tags": [ "安全审查与权限治理", "网页任务自动化", "浏览器自动化", "断点恢复流程", "评测体系" ], "thumb": "purple", "type": "MCP 配置" }, "manual": { "markdown": "# https://github.com/AgentsID-dev/agentsid 项目说明书\n\n生成时间:2026-05-15 06:46:29 UTC\n\n## 目录\n\n- [Project Introduction](#project-introduction)\n- [Quick Start Guide](#quick-start-guide)\n- [High-Level Architecture](#high-level-architecture)\n- [Deny-First Permission System](#permission-system)\n- [Token Authentication and Security](#token-authentication)\n- [Tamper-Evident Audit System](#audit-system)\n- [Backend API Reference](#backend-api)\n- [Approval Gates and Webhooks](#approval-workflows)\n- [Web Dashboard](#web-dashboard)\n- [Multi-Language SDKs](#multi-language-sdks)\n\n\n\n## Project Introduction\n\n### 相关页面\n\n相关主题:[Quick Start Guide](#quick-start-guide), [High-Level Architecture](#high-level-architecture)\n\n
\nRelevant Source Files\n\n以下源码文件用于生成本页说明:\n\n- [README.md](https://github.com/AgentsID-dev/agentsid/blob/main/README.md)\n- [web/src/pages/landing.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/landing.tsx)\n- [web/src/pages/guides.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/guides.tsx)\n- [web/src/pages/docs.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/docs.tsx)\n- [web/src/pages/research.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/research.tsx)\n- [web/src/pages/privacy.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/privacy.tsx)\n- [web/src/pages/terms.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/terms.tsx)\n- [server/src/services/notifications.py](https://github.com/AgentsID-dev/agentsid/blob/main/server/src/services/notifications.py)\n
\n\n# Project Introduction\n\nAgentsID is an identity, permissions, and audit infrastructure platform designed specifically for AI agents. Positioned as \"The Auth0 for the agent economy,\" it provides a standardized way to identify AI agents, control what actions they can perform, and maintain complete audit trails of their activities.\n\n## Overview\n\nAI agents are increasingly accessing databases, sending emails, calling APIs, and making purchases on behalf of users. However, there has been no standard way to identify these agents, limit their capabilities, or trace their actions back to the humans who authorized them.\n\nAgentsID solves this fundamental infrastructure gap by providing:\n\n- **Identity management** for AI agents\n- **Permission controls** to restrict tool access\n- **Audit logging** with tamper-evident hash chains\n- **Security scanning** for MCP (Model Context Protocol) servers\n\n资料来源:[README.md:1-20]()\n\n## The Problem\n\nCurrent AI agent deployments suffer from significant security and visibility gaps:\n\n| Statistic | Finding |\n|-----------|---------|\n| MCP servers requiring authentication | 88% |\n| MCP servers actually using OAuth | Only 8.5% |\n| Servers relying on static API keys in environment variables | 53% |\n| Organizations unable to track agent activities in real-time | 80% |\n\n资料来源:[README.md:25-29]()\n\n### Why Traditional Auth Fails\n\nAuth0 and similar identity platforms were designed for human users, not autonomous AI agents. AgentsID specifically addresses the unique requirements of agent-to-tool interactions, including:\n\n- Machine-to-machine authentication\n- Granular tool-level permissions\n- Audit trails that capture the full context of agent decisions\n- Integration with MCP servers without requiring developers to build custom auth\n\n## Core Concepts\n\n### Projects\n\nA **project** is the fundamental organizational unit in AgentsID. Each project contains:\n\n- Agent definitions\n- Permission rules\n- Audit logs\n- API credentials (project key)\n\nProjects are created via CLI with the `init` command or through the dashboard. Each project receives a unique project key (prefixed with `aid_proj_`) that servers use to communicate with the AgentsID API.\n\n```bash\n$ npx agentsid init \"My Production App\"\nCreating project \"My Production App\"...\nProject created successfully!\n\n Project ID: proj_a1b2c3d4e5f6\n API Key: aid_proj_xR7kM2pQ9...\n Plan: free\n```\n\n资料来源:[web/src/pages/guides.tsx:1-15](), [web/src/pages/docs.tsx:1-12]()\n\n### Agents\n\nAn **agent** is an AI-powered entity registered within a project. Each agent:\n\n- Has a unique agent ID (prefixed with `agt_`)\n- Receives an authentication token (prefixed with `aid_tok_`)\n- Operates on behalf of a human user\n- Has specific tool permissions assigned\n\nAgents are registered using the CLI:\n\n```bash\n$ npx agentsid register-agent --name \"Email Assistant\" --on-behalf-of \"user_abc123\" --permissions \"send_email,read_contacts\" --ttl 24\nAgent registered!\n\n Agent ID: agt_7x9k2mNpQ4rS1tUv\n Token: aid_tok_eyJzdWIiOi...\n Expires: 2026-03-26T14:30:00Z\n```\n\n资料来源:[web/src/pages/docs.tsx:15-35]()\n\n### Permissions\n\nAgentsID uses a pattern-based permission system. Permission rules are defined as tool name patterns with an allow or deny action:\n\n| Tool | Parameters Required | Result | Reason |\n|------|---------------------|--------|--------|\n| `search_memories` | any | Allowed | Matches `search_*` allow rule |\n| `delete_memory` | any | Denied | Condition requires params, fail-closed |\n| `list_categories` | any | Denied | No matching rule, default deny |\n\n资料来源:[web/src/pages/docs.tsx:100-115]()\n\nDefault behavior is **deny-all** — if no rule matches a tool call, the request is blocked. This fail-closed approach ensures that agents can only access tools explicitly permitted.\n\n### Audit Logs\n\nEvery tool call made through AgentsID generates an audit log entry containing:\n\n- Timestamp\n- Agent ID\n- Tool name\n- Action (ALLOW/DENY)\n- Result (success/blocked)\n- Delegating user ID\n- Parameters passed\n- Error messages (if any)\n\nThe audit system maintains a **SHA-256 hash chain** where each entry is cryptographically linked to its predecessor. The first entry uses `\"genesis\"` as its initial previous hash value.\n\n资料来源:[web/src/pages/docs.tsx:120-135]()\n\n## Architecture\n\n### System Flow\n\n```mermaid\ngraph TD\n A[Your Application] -->|Tool Call| B[AgentsID SDK]\n B -->|Validate + Log| C[AgentsID API]\n C -->|Check Permissions| D[Permission Engine]\n D -->|Allow/Deny| C\n C -->|Audit Entry| E[(Audit Log DB)]\n C -->|Response| B\n B -->|Result| A\n \n F[Dashboard] -->|Manage| G[Projects & Agents]\n F -->|View| E\n H[Scanner] -->|Security Audit| G\n```\n\n### SDK Integration\n\nAgentsID provides a lightweight SDK approach with a 200-line bash hook. The integration philosophy emphasizes:\n\n> \"No SDK to learn, no language runtime to match. If your agent can run a shell script before a tool call, AgentsID works.\"\n\n资料来源:[web/src/pages/landing.tsx:1-50]()\n\nAvailable SDK packages:\n\n| Package Manager | Package Name |\n|----------------|--------------|\n| npm | `@agentsid/sdk` |\n| pip | `agentsid` |\n| RubyGems | `agentsid` |\n\n### Registry and Scanner\n\nThe platform maintains a **public registry** of MCP servers that have been security-scanned. Each server receives a security grade based on findings:\n\n```mermaid\ngraph LR\n A[MCP Server] -->|Scan| B[AgentsID Scanner]\n B -->|Findings| C[Grade Calculator]\n C -->|Grade A-F| D[Public Registry]\n C -->|Recommendations| E[Dashboard]\n```\n\nThe scanner analyzes servers for:\n\n- Authentication mechanisms\n- Dangerous patterns\n- Deceptive language\n- Invisible characters\n- Context weighting issues\n\n资料来源:[web/src/pages/research.tsx:1-30](), [web/src/pages/grade.tsx:1-40]()\n\n## Key Features\n\n### Security and Privacy\n\nAgentsID implements privacy-first data practices:\n\n| Data Type | Storage Policy |\n|-----------|---------------|\n| Email addresses | Stored for account management |\n| Project data | Stored in project container |\n| Agent definitions | Stored in project container |\n| Audit logs | Stored with SHA-256 hash chain |\n| API keys | Only hashes stored, never raw |\n| Analytics | PostHog, opt-in only, consent-gated |\n\n资料来源:[web/src/pages/privacy.tsx:20-35]()\n\n### CLI Commands\n\n| Command | Description |\n|---------|-------------|\n| `init` | Create a new project |\n| `register-agent` | Register a new agent |\n| `list-agents` | List all agents in project |\n| `audit` | Query audit logs |\n| `claim` | Claim a server on the registry |\n\nUsage: `npx agentsid `\n\n资料来源:[web/src/pages/docs.tsx:1-90]()\n\n### Acceptable Use\n\nAgentsID permits any lawful use but explicitly prohibits:\n\n- Platform abuse (malformed requests, resource exhaustion)\n- Security circumvention (bypassing HMAC verification, tampering with audit logs)\n- Illegal agent registrations\n- Unauthorized data scraping\n- White-label resale without agreement\n- Impersonation of AgentsID\n\n资料来源:[web/src/pages/terms.tsx:1-50]()\n\n## Quick Start\n\nTo integrate AgentsID into your application:\n\n```bash\n# Step 1: Install the setup CLI\n$ npx @agentsid/setup@latest\n\n# Step 2: Initialize a project\n$ npx agentsid init \"My Protected Server\"\n\n# Step 3: Install the SDK\n$ npm install @agentsid/sdk\n\n# Step 4: Register an agent\n$ npx agentsid register-agent --name \"My Agent\" --on-behalf-of \"user_id\"\n\n# Step 5: Integrate the bash hook before tool calls\n```\n\nThe AgentsID hook can be embedded directly into your agent's tool-calling workflow, requiring no SDK dependencies in your agent code.\n\n资料来源:[web/src/pages/landing.tsx:35-55](), [web/src/pages/guides.tsx:20-60]()\n\n## Platform Components\n\n| Component | Purpose | Access |\n|-----------|---------|--------|\n| Dashboard | Project and agent management | agentsid.dev/dashboard |\n| Registry | Public MCP server listings | agentsid.dev/registry |\n| Scanner | Security analysis tool | `npx @agentsid/scanner` |\n| Documentation | Guides and API reference | agentsid.dev/docs |\n| CLI | Command-line interface | `npx agentsid` |\n\nAll research and scanner tools are open source and available on [GitHub](https://github.com/AgentsID-dev/agentsid-scanner).\n\n资料来源:[web/src/pages/research.tsx:25-35]()\n\n## Data Flow Summary\n\n```mermaid\nsequenceDiagram\n participant User\n participant Agent\n participant SDK\n participant AgentsID\n participant Tool\n \n User->>Agent: Authorize action\n Agent->>SDK: Call tool (e.g., send_email)\n SDK->>AgentsID: Validate request\n AgentsID->>AgentsID: Check permissions\n Alt Permission granted\n AgentsID->>Tool: Forward request\n Tool->>AgentsID: Response\n AgentsID->>SDK: Allow + log\n SDK->>Agent: Success\n Agent->>User: Result\n Else Permission denied\n AgentsID->>SDK: Block\n SDK->>Agent: Blocked response\n Agent->>User: Move on\n end\n```\n\n## Summary\n\nAgentsID addresses a critical gap in the AI agent ecosystem by providing:\n\n1. **Standardized identity** for AI agents operating across different platforms\n2. **Fine-grained permissions** with pattern-based rules and fail-closed defaults\n3. **Tamper-evident audit trails** using cryptographic hash chains\n4. **Security visibility** through automated MCP server scanning\n5. **Privacy compliance** with minimal data collection and opt-in analytics\n\nBy treating AI agents as first-class principals in your security model, AgentsID enables organizations to deploy AI agents with the same confidence and controls they have for human users.\n\n资料来源:[README.md:15-25](), [web/src/pages/privacy.tsx:30-45]()\n\n---\n\n\n\n## Quick Start Guide\n\n### 相关页面\n\n相关主题:[Project Introduction](#project-introduction), [Multi-Language SDKs](#multi-language-sdks)\n\n
\n相关源码文件\n\n以下源码文件用于生成本页说明:\n\n- [web/src/pages/guides.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/guides.tsx)\n- [web/src/pages/docs.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/docs.tsx)\n- [web/src/pages/landing.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/landing.tsx)\n- [web/src/pages/spec.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/spec.tsx)\n- [web/src/components/dashboard/AuditFeed.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/components/dashboard/AuditFeed.tsx)\n- [web/src/components/dashboard/OverviewTab.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/components/dashboard/OverviewTab.tsx)\n- [web/src/pages/privacy.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/privacy.tsx)\n\n
\n\n# Quick Start Guide\n\nThis guide provides everything you need to integrate AgentsID into your AI agent workflow. AgentsID is an agent identity and permission management platform that allows you to register agents, define tool permissions, and audit all agent activity through a tamper-proof chain.\n\n## Prerequisites\n\nBefore starting, ensure you have:\n\n| Requirement | Version/Details |\n|-------------|-----------------|\n| Node.js | v18+ (for SDK usage) |\n| npm/yarn | Latest stable |\n| Account | agentsid.dev/dashboard |\n| Project | Created via `npx agentsid init` |\n\n资料来源:[web/src/pages/landing.tsx:1-50]()\n\n## Installation\n\n### Using the Setup Command (Recommended)\n\nThe fastest way to get started is using the official setup script:\n\n```bash\nnpx @agentsid/setup@latest\n```\n\n资料来源:[web/src/pages/landing.tsx:50-80]()\n\n### Using NPM/Yarn Directly\n\nAlternatively, install the SDK directly into your project:\n\n```bash\nnpm install @agentsid/sdk\n# or\nyarn add @agentsid/sdk\n```\n\n资料来源:[web/src/pages/guides.tsx:1-100]()\n\n## Quick Start Workflow\n\n```mermaid\ngraph TD\n A[Create Project] --> B[Get API Key]\n B --> C[Install SDK]\n C --> D[Register Agent]\n D --> E[Define Permissions]\n E --> F[Integrate Hook]\n F --> G[Monitor via Audit Trail]\n```\n\n资料来源:[web/src/pages/guides.tsx:100-200]()\n\n## Step-by-Step Setup\n\n### Step 1: Create a Project\n\nInitialize a new AgentsID project using the CLI:\n\n```bash\nnpx agentsid init \"My Production App\"\n```\n\nExpected output:\n\n```\nCreating project \"My Production App\"...\nProject created successfully!\n\n Project ID: proj_a1b2c3d4e5f6\n API Key: aid_proj_xR7kM2pQ9...\n Plan: free\n\n Store your API key securely. It will not be shown again.\n```\n\n资料来源:[web/src/pages/docs.tsx:1-80]()\n\n### Step 2: Copy Your Project Key\n\nAfter project creation, retrieve your project key from the dashboard at [agentsid.dev/dashboard](https://agentsid.dev/dashboard). The key format is `aid_proj_xxx...`.\n\n资料来源:[web/src/pages/guides.tsx:200-300]()\n\n### Step 3: Install the SDK\n\n```bash\nnpm install @agentsid/sdk\n```\n\nThis lightweight library handles:\n- Communication with AgentsID API\n- Token validation\n- Event logging\n- Permission enforcement\n\n资料来源:[web/src/pages/guides.tsx:300-400]()\n\n### Step 4: Register an Agent\n\nAgents represent the AI entities in your system. Register them to receive authentication tokens:\n\n```typescript\nimport { AgentsID } from '@agentsid/sdk';\n\nconst client = new AgentsID({\n projectKey: 'aid_proj_your_key_here',\n});\n\nconst { agent, token, tokenId, expiresAt } = await client.registerAgent({\n name: 'production-claude',\n onBehalfOf: 'user_abc123',\n permissions: ['search_notes', 'save_note', 'list_notes'],\n ttlHours: 24,\n metadata: { version: '1.0.0' }\n});\n```\n\n资料来源:[web/src/pages/docs.tsx:80-150]()\n\n### Step 5: Configure MCP Server\n\nFor Claude Code or Cursor integration, create a server configuration:\n\n```javascript\n// server.mjs\nimport { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';\nimport { z } from 'zod';\nimport { AgentsID } from '@agentsid/sdk';\n\nconst client = new AgentsID({ projectKey: process.env.AGENTSID_PROJECT_KEY });\n\nconst server = new McpServer({\n name: 'my-notes-server',\n version: '1.0.0'\n});\n\nserver.tool(\n 'save_note',\n 'Create a new note',\n { content: z.string(), title: z.string() },\n async ({ content, title }) => {\n const result = await client.check({\n agentToken: process.env.AGENTSID_AGENT_TOKEN,\n tool: 'save_note',\n parameters: { content, title }\n });\n \n if (!result.allowed) {\n return { content: `Tool call blocked: ${result.reason}` };\n }\n \n // Execute tool logic here\n return { content: 'Note saved successfully' };\n }\n);\n```\n\n资料来源:[web/src/pages/guides.tsx:400-500]()\n\n### Step 6: Add to IDE Configuration\n\nFor Cursor, edit `.cursor/mcp.json`:\n\n```json\n{\n \"mcpServers\": {\n \"my-notes-server\": {\n \"command\": \"node\",\n \"args\": [\"server.mjs\"],\n \"env\": {\n \"AGENTSID_PROJECT_KEY\": \"aid_proj_your_key_here\",\n \"AGENTSID_AGENT_TOKEN\": \"at_your_token_here\"\n }\n }\n }\n}\n```\n\n资料来源:[web/src/pages/guides.tsx:500-600]()\n\n## Agent Management API\n\n### SDK Methods Reference\n\n| Method | Parameters | Returns | Description |\n|--------|------------|---------|-------------|\n| `registerAgent` | name, onBehalfOf, permissions?, ttlHours?, metadata? | `{ agent, token, tokenId, expiresAt }` | Create a new agent and issue its first token |\n| `getAgent` | agentId | Agent | Get agent details by ID |\n| `listAgents` | status?, limit? | Agent[] | List agents, optionally filtered by status |\n| `updateAgent` | agentId, name?, metadata? | Agent | Update agent name or metadata |\n| `refreshToken` | agentId, ttlHours? | `{ token, tokenId, expiresAt }` | Issue new token, revoke all previous |\n| `check` | agentToken, tool, parameters | Decision | Validate a tool call against permissions |\n\n资料来源:[web/src/pages/docs.tsx:150-200]()\n\n### CLI Commands\n\n| Command | Description |\n|---------|-------------|\n| `npx agentsid init` | Create a new project |\n| `npx agentsid register-agent` | Register a new agent |\n| `npx agentsid audit` | View audit logs |\n| `npx agentsid verify` | Verify audit chain integrity |\n\n资料来源:[web/src/pages/landing.tsx:80-120]()\n\n## Permission Configuration\n\n### Default Permission States\n\n| Tool | Default Permission | Description |\n|------|-------------------|--------------|\n| `search_notes` | Allowed | Search notes by keyword |\n| `save_note` | Allowed | Create a new note |\n| `list_notes` | Allowed | List all notes |\n| `delete_note` | Denied | Delete a note by ID |\n| `admin_reset` | Denied | Wipe all data |\n\n资料来源:[web/src/pages/guides.tsx:600-700]()\n\nThe agent has access to all five tools, but AgentsID will block any attempt to use `delete_note` or `admin_reset`. The agent doesn't even know it's being restricted—it just gets a \"blocked\" response.\n\n## Audit Trail\n\n### Viewing Audit Logs\n\nThe dashboard provides a real-time feed of all agent activity:\n\n```mermaid\ngraph LR\n A[Tool Call] --> B[AgentsID API]\n B --> C{Allowed?}\n C -->|Yes| D[Execute Tool]\n C -->|No| E[Block & Log]\n D --> F[Create Audit Entry]\n E --> F\n F --> G[Update Hash Chain]\n```\n\n资料来源:[web/src/pages/components/dashboard/AuditFeed.tsx:1-60]()\n\n### Audit Entry Structure\n\nEach entry in the audit log contains:\n\n```json\n{\n \"entryId\": \"entry_abc123\",\n \"timestamp\": \"2026-03-29T12:34:56.789Z\",\n \"agentId\": \"agent_def456\",\n \"delegationId\": \"del_xyz789\",\n \"tool\": \"github.push_files\",\n \"parameters\": { \"owner\": \"myorg\", \"repo\": \"myrepo\", \"branch\": \"main\" },\n \"decision\": \"allow\",\n \"matchedRule\": 2,\n \"constraintsEvaluated\": [\"rateLimit\", \"schedule\"],\n \"durationMs\": 3,\n \"prevEntryHash\": \"sha256:e3b0c44298fc1c149afb...\",\n \"entryHash\": \"sha256:a665a45920422f9d417e...\"\n}\n```\n\n资料来源:[web/src/pages/spec.tsx:1-80]()\n\n### Chain Verification\n\nAgentsID implements a hash chain for tamper detection:\n\n```javascript\nentryHash = SHA-256(canonicalize(entry with entryHash=null))\n// First entry uses prevEntryHash: \"genesis\"\n```\n\n资料来源:[web/src/pages/spec.tsx:80-120]()\n\n### Verification API\n\n```bash\ncurl \"https://api.agentsid.dev/api/v1/audit/verify\" \\\n -H \"Authorization: Bearer aid_proj_xR7kM2pQ9...\"\n```\n\nResponse (chain intact):\n```json\n{\n \"verified\": true,\n \"entries_checked\": 1523,\n \"message\": \"Integrity chain verified\"\n}\n```\n\nResponse (chain broken):\n```json\n{\n \"verified\": false,\n \"entries_checked\": 1523,\n \"broken_at_id\": 42,\n \"message\": \"Integrity chain broken at entry 42 -- possible tampering\"\n}\n```\n\n资料来源:[web/src/pages/docs.tsx:200-280]()\n\n## Security & Privacy\n\n### Data Handling\n\n| Data Type | Storage | Retention |\n|-----------|---------|-----------|\n| Email | Encrypted | Until account deletion |\n| Project Data | Encrypted | Until project deletion |\n| Audit Logs | Hash-chained | 90 days (free), indefinite (paid) |\n| API Keys | Hash only | Until key rotation |\n| Analytics | Opt-in | PostHog's retention policy |\n\n资料来源:[web/src/pages/privacy.tsx:1-100]()\n\n### Key Security Points\n\n- **No raw API keys stored** — Only hashed versions are retained\n- **Analytics opt-in only** — Gated behind cookie consent banner\n- **No data selling** — Explicitly prohibited in privacy policy\n- **GDPR compliance** — Full data export and deletion capabilities\n\n资料来源:[web/src/pages/privacy.tsx:100-200]()\n\n## Dashboard Overview\n\n### Main Features\n\n| Section | Description |\n|---------|-------------|\n| **Overview Tab** | Recent activity feed, agent constellation view, quick stats |\n| **Agents Tab** | Manage registered agents, view tokens, update permissions |\n| **Audit Tab** | Searchable log of all tool decisions with chain verification |\n| **Settings** | Project configuration, API keys, team management |\n\n资料来源:[web/src/components/dashboard/OverviewTab.tsx:1-100]()\n\n### Activity Feed Display\n\nThe audit feed displays:\n\n- **Tool** — Name of the tool called\n- **Decision** — `allow` or `deny`\n- **Timestamp** — Full ISO 8601 format\n- **Agent ID** — Registered agent identifier\n- **Delegation Chain** — If sub-agents are involved\n\n资料来源:[web/src/components/dashboard/AuditFeed.tsx:60-140]()\n\n## Next Steps\n\nAfter completing this guide:\n\n1. **Explore the Registry** — View security grades of popular MCP tools at `/registry`\n2. **Read the Specification** — Deep dive into the audit chain at `/spec`\n3. **Join Research** — Access security research at `/research`\n4. **Subscribe to Updates** — Get weekly security digests at `/digest`\n\n资料来源:[web/src/pages/landing.tsx:120-180]()\n\n## Troubleshooting\n\n| Issue | Solution |\n|-------|----------|\n| `401 Unauthorized` | Verify your project key is correct |\n| `403 Forbidden` | Agent token may be expired; refresh via `refreshToken()` |\n| Chain verification fails | Contact support or check recent key rotations |\n| Rate limiting | Upgrade plan or implement exponential backoff |\n\n资料来源:[web/src/pages/docs.tsx:280-350]()\n\n---\n\n\n\n## High-Level Architecture\n\n### 相关页面\n\n相关主题:[Project Introduction](#project-introduction), [Backend API Reference](#backend-api), [Deny-First Permission System](#permission-system)\n\n
\n相关源码文件\n\n以下源码文件用于生成本页说明:\n\n- [web/src/pages/spec.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/spec.tsx) - Technical specifications\n- [web/src/pages/docs.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/docs.tsx) - API and SDK documentation\n- [web/src/pages/guides.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/guides.tsx) - Integration guides\n- [web/src/pages/privacy.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/privacy.tsx) - Privacy and data handling\n- [web/src/pages/landing.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/landing.tsx) - Product overview\n- [web/src/components/dashboard/AuditFeed.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/components/dashboard/AuditFeed.tsx) - Audit feed component\n- [web/src/components/dashboard/OverviewTab.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/components/dashboard/OverviewTab.tsx) - Dashboard overview\n- [README.md](https://github.com/AgentsID-dev/agentsid/blob/main/README.md) - Project overview\n
\n\n# High-Level Architecture\n\nAgentsID is an identity, permissions, and audit infrastructure platform designed for AI agents. It functions as an authorization layer that sits between AI agents and the tools they execute, providing fine-grained access control, comprehensive audit logging, and tamper-evident verification capabilities.\n\n## System Overview\n\nAgentsID implements a centralized authorization model where every tool invocation is validated against a configurable rule engine before execution is permitted. The system maintains a cryptographic hash chain of all audit entries to detect tampering and provides real-time visibility into agent activity through a web-based dashboard.\n\n```mermaid\ngraph TD\n A[\"🤖 AI Agent\"] --> B[\"AgentsID SDK / MCP Server\"]\n B --> C[\"Validation Middleware\"]\n C --> D{\"Allowed?\"}\n D -->|Yes| E[\"Execute Tool\"]\n D -->|No| F[\"Block + Log\"]\n C --> G[\"Audit Log Service\"]\n G --> H[\"Hash Chain\"]\n G --> I[\"Dashboard\"]\n H --> J[\"Verification API\"]\n```\n\n## Core Components\n\n### 1. SDK and Client Libraries\n\nAgentsID provides multi-language SDKs for seamless integration into agent runtimes.\n\n| Package | Registry | Purpose |\n|---------|----------|---------|\n| `@agentsid/sdk` | npm | Node.js/JavaScript integration |\n| `agentsid` | PyPI | Python integration |\n| `agentsid` | RubyGems | Ruby integration |\n\n资料来源:[README.md:1-15](https://github.com/AgentsID-dev/agentsid/blob/main/README.md)\n\n### 2. Agent Management API\n\nThe SDK exposes methods for registering and managing agents within a project.\n\n| Method | Parameters | Returns | Description |\n|--------|------------|---------|-------------|\n| `registerAgent` | name, onBehalfOf, permissions?, ttlHours?, metadata? | { agent, token, tokenId, expiresAt } | Create a new agent and issue its first token |\n| `getAgent` | agentId | Agent | Get agent details by ID |\n| `listAgents` | status?, limit? | Agent[] | List agents, optionally filtered by status |\n| `updateAgent` | agentId, name?, metadata? | Agent | Update agent name or metadata |\n| `refreshToken` | agentId, ttlHours? | { token, tokenId, expiresAt } | Issue new token, revoke all previous |\n\n资料来源:[web/src/pages/docs.tsx:1-80](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/docs.tsx)\n\n### 3. Validation Middleware\n\nThe core security component intercepts tool calls and validates them against configured permissions. Every tool call goes through a validation function before execution.\n\n```mermaid\ngraph LR\n A[\"Tool Call Request\"] --> B[\"Extract agent_token\"]\n B --> C[\"Call AgentsID API\"]\n C --> D{\"Decision?\"}\n D -->|allow| E[\"Execute Tool\"]\n D -->|deny| F[\"Return blocked\"]\n```\n\n资料来源:[web/src/pages/guides.tsx:1-50](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/guides.tsx)\n\n## Audit Logging System\n\n### Entry Schema\n\nEvery tool invocation generates an immutable audit entry with the following structure:\n\n```json\n{\n \"entryId\": \"entry_abc123\",\n \"timestamp\": \"2026-03-29T12:34:56.789Z\",\n \"agentId\": \"agent_def456\",\n \"delegationId\": \"del_xyz789\",\n \"tool\": \"github.push_files\",\n \"parameters\": { \"owner\": \"myorg\", \"repo\": \"myrepo\", \"branch\": \"main\" },\n \"decision\": \"allow\",\n \"matchedRule\": 2,\n \"constraintsEvaluated\": [\"rateLimit\", \"schedule\"],\n \"durationMs\": 3,\n \"prevEntryHash\": \"sha256:e3b0c44298fc1c149afb...\",\n \"entryHash\": \"sha256:a665a45920422f9d417e...\"\n}\n```\n\n资料来源:[web/src/pages/spec.tsx:1-50](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/spec.tsx)\n\n### Hash Chain Integrity\n\nThe audit log uses a cryptographic hash chain to ensure tamper-evidence. Each entry's hash includes the previous entry's hash, creating an immutable chain.\n\n```javascript\nentryHash = SHA-256(canonicalize(entry with entryHash=null))\n// First entry uses prevEntryHash: \"genesis\"\n```\n\nVerification process iterates through entries and validates the hash chain:\n\n```javascript\nfunction verifyChain(entries: AuditEntry[]): boolean {\n for (let i = 1; i < entries.length; i++) {\n const prev = entries[i - 1]\n // Verify prevEntryHash matches previous entryHash\n }\n}\n```\n\n资料来源:[web/src/pages/spec.tsx:1-50](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/spec.tsx)\n\n### Audit Feed Component\n\nThe dashboard's AuditFeed component displays audit entries with delegation chain visualization:\n\n| Field | Display |\n|-------|---------|\n| Agent ID | Monospace font, truncated |\n| Timestamp | Full date/time format |\n| Delegation Chain | Visual arrow-separated badges |\n| Delegated By | Type and ID badges |\n\n资料来源:[web/src/components/dashboard/AuditFeed.tsx:1-60](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/components/dashboard/AuditFeed.tsx)\n\n## Permission and Constraint Engine\n\n### Supported Constraint Types\n\nThe system supports multiple constraint types for fine-grained control:\n\n| Type | Configuration | Purpose |\n|------|---------------|---------|\n| Rate Limit | `{\"type\": \"rateLimit\", \"max\": 100, \"windowSeconds\": 3600}` | Limit tool calls per time window |\n| Schedule | `{\"type\": \"schedule\", \"allow\": [\"09:00-17:00\"]}` | Restrict execution to time windows |\n| Budget | `{\"type\": \"budget\", \"currency\": \"usd\", \"max\": 10.00, \"windowSeconds\": 86400}` | Limit monetary cost |\n| Sequence | `{\"type\": \"sequence\", \"requires\": [\"filesystem.read_file\"], \"forbids\": [\"github.push_files\"]}` | Enforce operation ordering |\n| Session Limit | `{\"type\": \"sessionLimit\", \"max\": 5}` | Limit concurrent sessions |\n| Risk Score | `{\"type\": \"riskScore\", \"maxScore\": 0.7}` | Block high-risk operations |\n| IP Allowlist | `{\"type\": \"ipAllowlist\", \"cidrs\": [\"10.0.0.0/8\"]}` | Restrict by IP range |\n| Chain Depth | `{\"type\": \"chainDepth\", \"max\": 2}` | Limit delegation depth |\n| Cooldown | `{\"type\": \"cooldown\", \"seconds\": 300}` | Enforce wait periods |\n| Anomaly Detection | `{\"type\": \"anomaly\"}` | ML-based behavior analysis |\n\n资料来源:[web/src/pages/spec.tsx:1-80](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/spec.tsx)\n\n### Example Permission Matrix\n\n| Tool | Permission |\n|------|------------|\n| `search_notes` | allowed |\n| `save_note` | allowed |\n| `list_notes` | allowed |\n| `delete_note` | denied |\n| `admin_reset` | denied |\n\n资料来源:[web/src/pages/guides.tsx:50-100](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/guides.tsx)\n\n## API Endpoints\n\n### Verification Endpoint\n\n```\nGET /api/v1/audit/verify\nAuthorization: Bearer \n```\n\n**Response 200 OK (chain intact):**\n```json\n{\n \"verified\": true,\n \"entries_checked\": 1523,\n \"message\": \"Integrity chain verified\"\n}\n```\n\n**Response 200 OK (chain broken):**\n```json\n{\n \"verified\": false,\n \"entries_checked\": 1523,\n \"broken_at_id\": 42,\n \"message\": \"Integrity chain broken at entry 42 -- possible tampering\"\n}\n```\n\n### Usage Endpoint\n\n```\nGET /api/v1/audit/usage\nAuthorization: Bearer \n```\n\n**Response:**\n```json\n{\n \"events_this_month\": 1200,\n \"events_limit\": 10000,\n \"agents_active\": 5,\n \"agents_limit\": 25,\n \"plan\": \"free\"\n}\n```\n\n资料来源:[web/src/pages/docs.tsx:1-120](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/docs.tsx)\n\n## Model Context Protocol (MCP) Integration\n\nAgentsID supports integration with MCP-compatible AI tools like Claude Code and Cursor through environment variable configuration:\n\n```json\n{\n \"mcpServers\": {\n \"my-notes-server\": {\n \"command\": \"node\",\n \"args\": [\"server.mjs\"],\n \"env\": {\n \"AGENTSID_PROJECT_KEY\": \"aid_proj_your_key_here\",\n \"AGENTSID_AGENT_TOKEN\": \"at_your_token_here\"\n }\n }\n }\n}\n```\n\n资料来源:[web/src/pages/guides.tsx:100-150](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/guides.tsx)\n\n## Data Flow\n\n```mermaid\nsequenceDiagram\n participant Agent as AI Agent\n participant SDK as AgentsID SDK\n participant API as AgentsID API\n participant Rules as Rule Engine\n participant Audit as Audit Service\n participant Hash as Hash Chain\n participant Dashboard as Web Dashboard\n\n Agent->>SDK: tool_call(tool_name, params)\n SDK->>API: validate(agent_token, tool_name, params)\n API->>Rules: evaluate(tool_name, constraints)\n Rules-->>API: allow/deny decision\n API-->>SDK: decision\n SDK-->>Agent: execute or block\n API->>Audit: log_entry(decision, metadata)\n Audit->>Hash: append_hash()\n Hash-->>Audit: hash_verified\n Dashboard->>API: fetch_entries()\n API-->>Dashboard: audit_feed\n```\n\n## Dashboard Overview\n\nThe web dashboard provides real-time visibility into agent activity:\n\n| Component | Function |\n|-----------|----------|\n| Overview Tab | Activity feed, agent constellation, quick actions |\n| Audit Feed | Filterable audit log with delegation chain |\n| Agent Constellation | Visual representation of agent relationships |\n| Quick Actions | Register agent, view audit, manage permissions |\n\n资料来源:[web/src/components/dashboard/OverviewTab.tsx:1-80](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/components/dashboard/OverviewTab.tsx)\n\n## Security Model\n\n### Authentication\n\nProjects use API keys with prefix `aid_proj_` for authentication. Agent tokens use prefix `at_` for individual agent authentication.\n\n### Data Privacy\n\n| Data Type | Handling |\n|-----------|----------|\n| API Keys | Only hashed values stored |\n| User Email | Collected for account management |\n| Project Data | Stored with project isolation |\n| Agent Configurations | Stored with project isolation |\n| Audit Logs | Stored with cryptographic integrity |\n| Analytics | Opt-in only via PostHog with consent banner |\n\n资料来源:[web/src/pages/privacy.tsx:1-60](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/privacy.tsx)\n\n## Research and Scanner\n\nAgentsID maintains an open research initiative:\n\n- **137,070** MCP servers scanned\n- Findings documented and publicly available\n- Scanner available via `npx @agentsid/scanner`\n\n资料来源:[web/src/pages/research.tsx:1-30](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/research.tsx)\n\n## Deployment Architecture\n\n```mermaid\ngraph TD\n subgraph \"Client Side\"\n A[AI Agent]\n B[MCP Server]\n C[Custom Integration]\n end\n \n subgraph \"AgentsID Cloud\"\n D[API Gateway]\n E[Auth Service]\n F[Rule Engine]\n G[Audit Service]\n H[Hash Chain Service]\n end\n \n subgraph \"Data Layer\"\n I[(PostgreSQL)]\n J[(Redis Cache)]\n end\n \n A --> D\n B --> D\n C --> D\n D --> E\n E --> F\n F --> G\n G --> H\n G --> I\n H --> I\n D --> J\n```\n\n## Summary\n\nAgentsID provides a comprehensive identity and authorization layer for AI agents through:\n\n1. **Multi-language SDKs** for easy integration\n2. **Fine-grained permission engine** with 10+ constraint types\n3. **Tamper-evident audit logging** via cryptographic hash chains\n4. **Real-time dashboard** for activity monitoring\n5. **MCP protocol support** for Cursor and Claude Code\n6. **Opt-in analytics** respecting user privacy\n\nThe architecture prioritizes security through hash chain verification, least-privilege permissions, and cryptographically secure token management.\n\n---\n\n\n\n## Deny-First Permission System\n\n### 相关页面\n\n相关主题:[Token Authentication and Security](#token-authentication), [Approval Gates and Webhooks](#approval-workflows)\n\n
\nRelated Source Files\n\n以下源码文件用于生成本页说明:\n\n- [web/src/pages/spec.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/spec.tsx)\n- [web/src/pages/docs.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/docs.tsx)\n- [web/src/pages/guides.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/guides.tsx)\n- [sdk-python/README.md](https://github.com/AgentsID-dev/agentsid/blob/main/sdk-python/README.md)\n- [sdk-typescript/README.md](https://github.com/AgentsID-dev/agentsid/blob/main/sdk-typescript/README.md)\n- [sdk-ruby/README.md](https://github.com/AgentsID-dev/agentsid/blob/main/sdk-ruby/README.md)\n- [sdk-java/src/main/java/dev/agentsid/AgentsID.java](https://github.com/AgentsID-dev/agentsid/blob/main/sdk-java/src/main/java/dev/agentsid/AgentsID.java)\n- [README.md](https://github.com/AgentsID-dev/agentsid/blob/main/README.md)\n
\n\n# Deny-First Permission System\n\nThe Deny-First Permission System is the core security mechanism in AgentsID. It implements a \"deny-first\" security model where every tool call is blocked by default unless explicitly allowed through permission rules. This security paradigm ensures that AI agents have zero access to tools unless deliberately permitted, preventing unintended actions and providing granular control over agent capabilities.\n\n## Overview\n\nThe permission system provides fine-grained control over what tools an AI agent can invoke. By default, all tool access is denied, and administrators must create explicit \"allow\" rules to grant access. The system supports wildcards, conditions, priorities, schedules, rate limits, and approval gates to accommodate complex permission scenarios.\n\n```mermaid\ngraph TD\n A[Tool Call Request] --> B{Permission Check}\n B -->|No Matching Rule| C[Default Deny]\n B -->|Matching Rule Found| D{Action = Allow?}\n D -->|Yes| E[Execute Tool]\n D -->|No| F[Deny Tool]\n E --> G[Log to Audit]\n F --> G\n C --> G\n```\n\n资料来源:[web/src/pages/spec.tsx:1-50]()\n\n## Permission Rule Structure\n\nA permission policy is a structured JSON object that defines an agent's permissions. Each policy contains metadata and an array of permission rules.\n\n### Policy Format\n\n```json\n{\n \"version\": \"1.0\",\n \"agentId\": \"agent_abc123\",\n \"issuedAt\": \"2026-03-29T00:00:00Z\",\n \"expiresAt\": \"2026-04-29T00:00:00Z\",\n \"rules\": [ ...PermissionRule[] ]\n}\n```\n\n| Field | Type | Required | Description |\n|-------|------|----------|-------------|\n| `version` | string | Yes | Policy format version |\n| `agentId` | string | Yes | Unique agent identifier |\n| `issuedAt` | string | Yes | ISO 8601 timestamp when policy was created |\n| `expiresAt` | string | No | Expiration timestamp for the policy |\n| `rules` | array | Yes | Array of PermissionRule objects |\n\n资料来源:[web/src/pages/spec.tsx:50-65]()\n\n### Permission Rule Components\n\nEach rule within a policy consists of the following components:\n\n| Field | Type | Required | Description |\n|-------|------|----------|-------------|\n| `tool_pattern` | string | Yes | Tool name or glob pattern (supports `*` wildcards) |\n| `action` | string | Yes | `\"allow\"` or `\"deny\"` |\n| `conditions` | object | No | Parameter constraints (AND logic) |\n| `priority` | integer | No | Higher priority rules are evaluated first (default: 0) |\n| `requires_approval` | boolean | No | Whether this action requires human approval |\n\n资料来源:[sdk-python/README.md:1-30]()\n\n## Tool Pattern Matching\n\nThe permission system uses glob-style patterns to match tool names. This allows administrators to grant or deny access to groups of tools efficiently.\n\n### Pattern Syntax\n\n| Pattern | Matches | Doesn't Match |\n|---------|---------|---------------|\n| `*` | Any single tool name segment | Namespaced tools |\n| `**` | Any tool name, including namespaced tools | Nothing |\n| `github.*` | All tools in the github namespace | Other namespaces |\n| `filesystem.read_file` | Exactly one tool | Any variation |\n| `!filesystem.write_*` | Negation — exclude write tools | N/A |\n\n资料来源:[web/src/pages/spec.tsx:80-95]()\n\n### Pattern Examples\n\n| Pattern | Example Matches |\n|---------|-----------------|\n| `search_*` | search_docs, search_code, search_users |\n| `*_file` | read_file, write_file, delete_file |\n| `*` | Everything |\n| `read_*` | read_file, read_config, read_log |\n\n资料来源:[web/src/pages/guides.tsx:1-30]()\n\n## Constraint Types\n\nThe permission system defines 13 distinct constraint types organized into 5 categories, providing comprehensive control over agent behavior.\n\n### Constraint Categories\n\n| Category | Constraint Types |\n|----------|------------------|\n| Access | Tool Patterns, Conditions, Data Classification, IP Allowlists |\n| Time & Rate | Schedule, Rate Limits, Cooldown |\n| Behavioral | Sequence Requirements, Risk Score |\n| Resource | Budget Caps, Session Limits |\n| Governance | Approval Gates, Chain Depth Limits |\n\n资料来源:[web/src/pages/docs.tsx:1-50]()\n\n### Parameter Conditions\n\nConditions allow restricting tool access based on parameter values. Only allow a tool when specific parameters match:\n\n```json\n{\n \"tool_pattern\": \"read_customer\",\n \"action\": \"allow\",\n \"conditions\": {\n \"params\": { \"customer_id\": \"cust_123\" }\n }\n}\n```\n\nThis rule means: \"Allow `read_customer`, but only for customer `cust_123`.\"\n\n资料来源:[web/src/pages/guides.tsx:30-50]()\n\n## Evaluation Algorithm\n\nThe permission engine evaluates rules in a specific order, short-circuiting on the first match:\n\n```mermaid\ngraph LR\n A[Tool Call] --> B[Sort Rules by Priority]\n B --> C{Higher Priority First}\n C --> D{Match Tool Pattern?}\n D -->|Yes| E{All Conditions Met?}\n E -->|Yes| F[Apply Action]\n E -->|No| G[Continue to Next Rule]\n D -->|No| G\n F --> H[Allow or Deny]\n G --> C\n C -->|No More Rules| I[Default Deny]\n```\n\n### Priority System\n\nRules are evaluated in priority order (highest to lowest). When a matching rule is found with all conditions satisfied, that rule's action is applied immediately.\n\n| Priority Value | Meaning |\n|----------------|---------|\n| 1000 (max) | Evaluated first |\n| 100-999 | High priority |\n| 10-99 | Medium priority |\n| 0 (default) | Low priority |\n\nExample with priority:\n\n```python\nawait aid.set_permissions(\"agt_abc123\", [\n {\"tool_pattern\": \"search_*\", \"action\": \"allow\", \"priority\": 10},\n {\"tool_pattern\": \"delete_*\", \"action\": \"deny\", \"priority\": 20},\n])\n```\n\nIn this example, `delete_*` is evaluated first due to higher priority, ensuring delete operations are blocked before any general allow rules.\n\n资料来源:[sdk-python/README.md:10-25]()\n\n## API Endpoints\n\n### Set Permissions\n\nReplace all permission rules for an agent.\n\n```\nPUT /api/v1/agents/{agent_id}/permissions\n```\n\nAny existing rules are deleted and replaced with the provided set.\n\n| Field | Type | Required | Description |\n|-------|------|----------|-------------|\n| `tool_pattern` | string | Yes | Tool name or wildcard pattern |\n| `action` | string | No | allow or deny (defaults to allow) |\n| `conditions` | object | No | Key-value constraints on tool parameters |\n| `priority` | integer | No | Rule priority (0-1000) |\n\n资料来源:[web/src/pages/docs.tsx:50-100]()\n\n### Get Permissions\n\nRetrieve the current permission rules for an agent.\n\n```\nGET /api/v1/agents/{agent_id}/permissions\n```\n\nReturns rules ordered by priority (highest first):\n\n```json\n{\n \"agent_id\": \"agt_7x9k2mNpQ4rS1tUv\",\n \"rules\": [\n {\"tool_pattern\": \"delete_*\", \"action\": \"deny\", \"priority\": 10},\n {\"tool_pattern\": \"save_memory\", \"action\": \"allow\", \"priority\": 1},\n {\"tool_pattern\": \"search_memories\", \"action\": \"allow\", \"priority\": 0}\n ]\n}\n```\n\n资料来源:[web/src/pages/docs.tsx:100-150]()\n\n### Check Permission\n\nCheck if an agent is allowed to call a specific tool.\n\n```\nPOST /api/v1/check\n```\n\n**Request Body:**\n\n| Field | Type | Required | Description |\n|-------|------|----------|-------------|\n| `agent_id` | string | Yes | Agent identifier |\n| `tool` | string | Yes | Tool name to check |\n| `params` | object | No | Tool parameters for condition evaluation |\n\n**Response (allowed):**\n\n```json\n{\n \"allowed\": true,\n \"reason\": \"Allowed by rule: save_memory\",\n \"matched_rule\": {\n \"tool_pattern\": \"save_memory\",\n \"action\": \"allow\"\n }\n}\n```\n\n**Response (denied):**\n\n```json\n{\n \"allowed\": false,\n \"reason\": \"No matching rule -- default deny\",\n \"matched_rule\": null\n}\n```\n\n资料来源:[web/src/pages/docs.tsx:150-200]()\n\n### Example curl Command\n\n```bash\ncurl -X POST https://api.agentsid.dev/api/v1/check \\\n -H \"Authorization: Bearer aid_proj_xR7kM2pQ9...\" \\\n -H \"Content-Type: application/json\" \\\n -d '{\"agent_id\": \"agt_7x9k2mNpQ4rS1tUv\", \"tool\": \"delete_memory\"}'\n```\n\n资料来源:[web/src/pages/docs.tsx:200-220]()\n\n## SDK Implementation\n\n### Python SDK\n\n```python\nfrom agentsid import AgentsID\n\naid = AgentsID(api_key=\"aid_proj_...\")\n\n# Set permissions\nawait aid.set_permissions(\"agt_abc123\", [\n {\"tool_pattern\": \"search_*\", \"action\": \"allow\", \"priority\": 10},\n {\"tool_pattern\": \"delete_*\", \"action\": \"deny\", \"priority\": 20},\n {\n \"tool_pattern\": \"send_email\",\n \"action\": \"allow\",\n \"conditions\": {\"recipient_domain\": \"company.com\"},\n },\n])\n\n# Get permissions\nrules = await aid.get_permissions(\"agt_abc123\")\n\n# Check permission\ncheck = await aid.check_permission(\"agt_abc123\", \"delete_user\", params={\"user_id\": \"u_789\"})\nif not check[\"allowed\"]:\n print(check[\"reason\"])\n```\n\n资料来源:[sdk-python/README.md:1-50]()\n\n### TypeScript SDK\n\n```typescript\nimport { AgentsID } from '@agentsid/sdk';\n\nconst aid = new AgentsID({ apiKey: 'aid_proj_...' });\n\n// Set permissions\nawait aid.setPermissions('agt_abc123', [\n { toolPattern: 'search_*', action: 'allow', priority: 10 },\n { toolPattern: 'delete_*', action: 'deny', priority: 20 },\n {\n toolPattern: 'send_email',\n action: 'allow',\n conditions: { recipient_domain: 'company.com' },\n },\n]);\n\n// Get permissions\nconst rules = await aid.getPermissions('agt_abc123');\n\n// Check permission\nconst check = await aid.checkPermission('agt_abc123', 'delete_user', { userId: 'u_789' });\n```\n\n资料来源:[sdk-typescript/README.md:1-50]()\n\n### Ruby SDK\n\n```ruby\nrequire 'agentsid'\n\nclient = AgentsID.new(api_key: 'aid_proj_...')\n\n# Set permissions\nclient.set_permissions('agt_abc123', [\n { tool_pattern: 'search_*', action: 'allow', priority: 10 },\n { tool_pattern: 'delete_*', action: 'deny', priority: 20 },\n {\n tool_pattern: 'send_email',\n action: 'allow',\n conditions: { 'recipient_domain' => 'company.com' }\n }\n])\n\n# Get permissions\nrules = client.get_permissions('agt_abc123')\n\n# Check permission\ncheck = client.check_permission('agt_abc123', 'delete_user', params: { user_id: 'u_789' })\nunless check['allowed']\n puts check['reason']\nend\n```\n\n资料来源:[sdk-ruby/README.md:1-50]()\n\n### Java SDK\n\n```java\nimport dev.agentsid.AgentsID;\n\nAgentsID aid = new AgentsID(\"aid_proj_...\");\n\n// Set permissions\nList rules = new ArrayList<>();\nJSONObject rule = new JSONObject();\nrule.put(\"tool_pattern\", \"search_*\");\nrule.put(\"action\", \"allow\");\nrules.add(rule);\n\nJSONObject response = aid.setPermissions(\"agt_abc123\", rules);\n```\n\n资料来源:[sdk-java/src/main/java/dev/agentsid/AgentsID.java:1-50]()\n\n## Common Use Cases\n\n### Code Assistant Template\n\nAn agent that can read and search code freely, but writing files requires human approval. Execution and deployment are completely blocked.\n\n```json\n[\n { \"tool_pattern\": \"read_file\", \"action\": \"allow\" },\n { \"tool_pattern\": \"search_code\", \"action\": \"allow\" },\n { \"tool_pattern\": \"list_files\", \"action\": \"allow\" },\n { \"tool_pattern\": \"write_file\", \"action\": \"allow\", \"requires_approval\": true },\n { \"tool_pattern\": \"execute_*\", \"action\": \"deny\" },\n { \"tool_pattern\": \"deploy_*\", \"action\": \"deny\" },\n { \"tool_pattern\": \"delete_*\", \"action\": \"deny\" }\n]\n```\n\n### Result Summary\n\n| Action | Status |\n|--------|--------|\n| read_file | Allowed |\n| search_code | Allowed |\n| list_files | Allowed |\n| write_file | Requires Approval |\n| execute_command, execute_script | Denied |\n| deploy_staging, deploy_production | Denied |\n| delete_file, delete_branch | Denied |\n\n资料来源:[web/src/pages/guides.tsx:50-100]()\n\n### Minimal Access Template\n\n```json\n[\n { \"tool_pattern\": \"search_*\", \"action\": \"allow\" },\n { \"tool_pattern\": \"write_*\", \"action\": \"deny\" },\n { \"tool_pattern\": \"delete_*\", \"action\": \"deny\" },\n { \"tool_pattern\": \"deploy_*\", \"action\": \"deny\" }\n]\n```\n\n资料来源:[web/src/pages/guides.tsx:100-120]()\n\n## Advanced Features\n\n### Approval Gates\n\nSensitive actions can be configured to pause for human approval. When an agent attempts to call a tool marked with `requires_approval: true`, the request is held until a human approves or denies it.\n\n```typescript\nconst pending = await aid.listApprovals();\nawait aid.approve(approvalId, { decidedBy: 'admin@example.com' });\n```\n\n### Rate Limits\n\nTools can be restricted by rate limits within permission rules:\n\n```typescript\nawait aid.setPermissions(agentId, [\n { toolPattern: 'deploy_*', action: 'allow',\n schedule: { hoursStart: 9, hoursEnd: 17, timezone: 'US/Pacific' },\n rateLimit: { max: 5, per: 'hour' } },\n]);\n```\n\n### Schedules\n\nPermission rules can include schedule constraints to limit when tools can be used:\n\n| Field | Type | Description |\n|-------|------|-------------|\n| `hoursStart` | integer | Start hour (0-23) |\n| `hoursEnd` | integer | End hour (0-23) |\n| `timezone` | string | Timezone (e.g., \"US/Pacific\") |\n\n资料来源:[README.md:1-50]()\n\n## Integration with HTTP Middleware\n\nThe TypeScript SDK provides HTTP middleware for automatic permission validation:\n\n```typescript\nimport { createHttpMiddleware } from '@agentsid/sdk';\n\nconst guard = createHttpMiddleware({ projectKey: 'aid_proj_...' });\n// Every tool call is now validated automatically.\n```\n\n资料来源:[README.md:50-80]()\n\n## Security Model Summary\n\nThe Deny-First Permission System provides several layers of security:\n\n1. **Default Deny**: All tool access is blocked unless explicitly allowed\n2. **Priority-Based Evaluation**: Rules are evaluated in priority order with short-circuiting\n3. **Parameter Conditions**: Fine-grained control over parameter values\n4. **Approval Gates**: Human oversight for sensitive operations\n5. **Rate Limits**: Protection against abuse and resource exhaustion\n6. **Schedule Constraints**: Time-based access restrictions\n\nAll 13 constraint types compose freely. A single permission rule can combine IP restrictions, budget caps, schedule windows, and approval gates—the engine evaluates them all in sequence and short-circuits on the first failure. This enables policies like \"allow fund transfers only from the VPC, during business hours, under $1000/day, with human approval\" in a single rule.\n\n资料来源:[web/src/pages/docs.tsx:50-80]()\n\n---\n\n\n\n## Token Authentication and Security\n\n### 相关页面\n\n相关主题:[Deny-First Permission System](#permission-system), [Tamper-Evident Audit System](#audit-system)\n\n
\nRelevant Source Files\n\n以下源码文件用于生成本页说明:\n\n- [web/src/pages/docs.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/docs.tsx)\n- [ARCHITECTURE.md](https://github.com/AgentsID-dev/agentsid/blob/main/ARCHITECTURE.md)\n- [web/src/pages/terms.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/terms.tsx)\n- [web/src/pages/privacy.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/privacy.tsx)\n- [web/src/pages/guides.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/guides.tsx)\n
\n\n# Token Authentication and Security\n\n## Overview\n\nAgentsID provides a comprehensive token-based authentication system for AI agents. The system enables secure identity verification, permission enforcement, and audit logging for agent-to-tool interactions. Every AI agent interacting with MCP (Model Context Protocol) servers must obtain a token through the registration process, which then serves as the authentication credential for all subsequent tool calls.\n\nThe token architecture is designed around JWT-like tokens signed with HMAC-SHA256, allowing stateless validation without database calls while maintaining the ability to revoke tokens when necessary.\n\n---\n\n## Token Format and Structure\n\nAgentsID tokens follow a structured format that encodes all necessary identity and authorization information:\n\n```\naid_tok_\n```\n\n### Token Components\n\n| Component | Description | Example Value |\n|-----------|-------------|---------------|\n| **Header** | Algorithm and token type | `{\"alg\": \"HS256\", \"typ\": \"AID\"}` |\n| **Payload** | Claims containing identity data | sub, prj, dby, iat, exp, jti |\n| **Signature** | HMAC-SHA256 of header + payload | Binary signature |\n\n### Token Payload Claims\n\n| Claim | Name | Type | Description |\n|-------|------|------|-------------|\n| `sub` | Subject | string | Agent ID (e.g., `agt_7x9k2mNpQ4rS1tUv`) |\n| `prj` | Project | string | Project ID the agent belongs to |\n| `dby` | Delegated By | string | Human user who delegated (e.g., `user_abc`) |\n| `iat` | Issued At | integer | Unix timestamp when token was created |\n| `exp` | Expires At | integer | Unix timestamp when token expires |\n| `jti` | JWT ID | string | Unique token identifier for revocation tracking |\n\n资料来源:[ARCHITECTURE.md](https://github.com/AgentsID-dev/agentsid/blob/main/ARCHITECTURE.md)\n\n### Token Lifetime\n\nTokens support configurable lifetimes between 1 and 720 hours (30 days). When registering or refreshing a token, the `ttl_hours` parameter controls the expiration window.\n\n```json\n{\n \"token\": \"aid_tok_eyJzdWIiOiJhZ3RfN3g5azJt...\",\n \"expires_at\": \"2024-03-26T12:00:00+00:00\",\n \"agent_id\": \"agt_7x9k2mNpQ4rS1tUv\"\n}\n```\n\n资料来源:[web/src/pages/docs.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/docs.tsx)\n\n---\n\n## Authentication Flow\n\nThe authentication process involves multiple steps that validate tokens before allowing tool access. The middleware intercepts requests from agents to MCP servers and performs a sequence of checks.\n\n```mermaid\nsequenceDiagram\n participant Agent\n participant Middleware\n participant Cache\n participant Database\n participant MCP_Server\n\n Agent->>Middleware: Request with Bearer token\n Middleware->>Middleware: 1. Extract token from header\n Middleware->>Middleware: 2. Validate HMAC signature\n Middleware->>Middleware: 3. Check expiry (iat/exp)\n Middleware->>Cache: 4. Check revocation (jti)\n Cache-->>Middleware: Cache miss/hit\n alt Cache miss\n Middleware->>Database: Lookup jti\n Database-->>Middleware: Revoked or valid\n end\n Middleware->>Cache: 5. Load permissions\n Cache-->>Middleware: Permission rules\n Middleware->>Middleware: 6. Match tool against rules\n Middleware->>Middleware: 7. Allow or deny\n Middleware->>Agent: Decision\n Middleware->>Audit: 8. Log async (non-blocking)\n```\n\n### Step-by-Step Validation\n\n| Step | Action | Purpose |\n|------|--------|---------|\n| 1 | Extract token | Parse `Authorization: Bearer ` header |\n| 2 | Validate signature | HMAC-SHA256 verification against project secret |\n| 3 | Check expiry | Verify `exp` claim is in the future |\n| 4 | Check revocation | Look up `jti` in revocation list (cached 60s) |\n| 5 | Load permissions | Retrieve permission rules (cached 60s) |\n| 6 | Match tool | Compare requested tool against permission patterns |\n| 7 | Allow/Deny | Return authorization decision |\n| 8 | Audit log | Record event asynchronously |\n\n资料来源:[ARCHITECTURE.md](https://github.com/AgentsID-dev/agentsid/blob/main/ARCHITECTURE.md)\n\n---\n\n## Agent Authentication Middleware\n\nThe middleware acts as a gatekeeper between AI agents and MCP servers. It enforces the authentication and authorization decisions for every tool call.\n\n### Middleware Workflow\n\n```\nAgent → MCP Server (with AgentsID middleware)\n Authorization: Bearer aid_tok_\n```\n\nThe middleware performs validation without making database calls for the critical path (signature and expiry checks). Database access is only required for revocation checks and permission loading, and these are cached for 60 seconds to minimize latency.\n\n### Caching Strategy\n\n| Data Type | Cache TTL | Purpose |\n|-----------|-----------|---------|\n| Revocation status | 60 seconds | Avoid repeated DB lookups for jti |\n| Permission rules | 60 seconds | Minimize DB load for permission loading |\n\n资料来源:[ARCHITECTURE.md](https://github.com/AgentsID-dev/agentsid/blob/main/ARCHITECTURE.md)\n\n---\n\n## Permission Engine\n\nThe permission engine determines whether an agent is authorized to call a specific tool. It uses a rule-based system with explicit allow and deny patterns.\n\n### Evaluation Order\n\nThe permission engine follows a specific evaluation order to ensure consistent security decisions:\n\n```mermaid\ngraph TD\n A[Tool Call Request] --> B{Any DENY rules match?}\n B -->|Yes| C[Deny - Explicit DENY wins]\n B -->|No| D{Any ALLOW rules match?}\n D -->|Yes| E[Allow - Explicit ALLOW]\n D -->|No| F[Deny - Default Deny]\n```\n\n| Priority | Rule Type | Behavior |\n|----------|-----------|----------|\n| 1 (highest) | Explicit DENY | Deny always wins, regardless of other rules |\n| 2 | Explicit ALLOW | Allow if a rule matches |\n| 3 (fallback) | Default | Deny if no rules match |\n\n资料来源:[ARCHITECTURE.md](https://github.com/AgentsID-dev/agentsid/blob/main/ARCHITECTURE.md)\n\n### Permission Rule Structure\n\n```json\n{\n \"permissions\": [\n {\"tool_pattern\": \"search_memories\", \"action\": \"allow\"},\n {\"tool_pattern\": \"save_memory\", \"action\": \"allow\"},\n {\"tool_pattern\": \"admin_*\", \"action\": \"deny\"}\n ]\n}\n```\n\n### Wildcard Pattern Matching\n\nThe permission engine supports wildcard patterns using `*` to match multiple tool names:\n\n| Pattern | Matches |\n|---------|---------|\n| `*` | All tools |\n| `admin_*` | Any tool starting with `admin_` |\n| `delete_*` | Any tool starting with `delete_` |\n\n资料来源:[web/src/pages/docs.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/docs.tsx)\n\n### Permission Validation Response\n\n**Allowed Response:**\n```json\n{\n \"allowed\": true,\n \"reason\": \"Allowed by rule: save_memory\",\n \"matched_rule\": {\n \"tool_pattern\": \"save_memory\",\n \"action\": \"allow\"\n }\n}\n```\n\n**Denied Response:**\n```json\n{\n \"allowed\": false,\n \"reason\": \"No matching rule -- default deny\",\n \"matched_rule\": null\n}\n```\n\n资料来源:[web/src/pages/docs.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/docs.tsx)\n\n---\n\n## Security Features\n\n### Threat Model and Mitigations\n\nAgentsID implements multiple security layers to protect against common attack vectors:\n\n| Threat | Mitigation | Implementation |\n|--------|-------------|----------------|\n| Token forgery | HMAC-SHA256 signature | Server-side secret verification |\n| Replay after revocation | jti lookup | Cache-backed revocation check |\n| Timing attacks | Constant-time comparison | `hmac.compare_digest` |\n| Cross-project token use | Token `prj` claim verification | Project ID validation against API key |\n| Permission escalation | Scope narrowing on delegation | Child permissions limited to parent scope |\n| Sensitive data in logs | Automatic redaction | Passwords, secrets, tokens, api_key, credentials, keys |\n| Error message leakage | Generic error messages | Details server-side only |\n| Project creation spam | Rate limiting | 5/minute per IP |\n\n资料来源:[web/src/pages/docs.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/docs.tsx)\n\n### Security Headers\n\nAll API responses include security headers to protect against common web vulnerabilities:\n\n| Header | Value | Purpose |\n|--------|-------|---------|\n| `Strict-Transport-Security` | `max-age=31536000; includeSubDomains` | Forces HTTPS for 1 year |\n| `X-Content-Type-Options` | `nosniff` | Prevents MIME type sniffing |\n| `X-Frame-Options` | `DENY` | Prevents clickjacking |\n| `Cache-Control` | `no-store` | Prevents caching of tokens |\n\n资料来源:[web/src/pages/docs.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/docs.tsx)\n\n### API Key Storage\n\nAgentsID never stores raw API keys. Only hashed versions are retained in the database.\n\n> AgentsID stores API key **hashes**, never raw keys. If you lose an API key, you will need to rotate it — we cannot recover it for you.\n\n资料来源:[web/src/pages/terms.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/terms.tsx)\n\n### Data Classification\n\n| Data Type | Storage Format | Purpose |\n|-----------|----------------|---------|\n| Raw API keys | Never stored | N/A |\n| API key hashes | SHA-256 hash | Verification |\n| Agent tokens | HMAC-SHA256 signed JWT | Authentication |\n| Permission rules | JSON | Authorization |\n| Audit logs | Protected by hash chain | Compliance |\n\n资料来源:[web/src/pages/privacy.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/privacy.tsx)\n\n---\n\n## Token Delegation\n\nAgentsID supports token delegation, allowing an agent to create subordinate agents with limited permissions.\n\n### Delegation Constraints\n\n| Constraint | Description |\n|------------|-------------|\n| Permission narrowing | Child permissions cannot exceed parent permissions |\n| TTL limitation | Child tokens have shorter lifetimes than parent |\n| Chain tracking | `dby` claim maintains delegation history |\n\n### Delegation API Example\n\n```bash\ncurl -X POST https://api.agentsid.dev/api/v1/agents/delegate \\\n -H \"Authorization: Bearer aid_proj_xR7kM2pQ9...\" \\\n -H \"Content-Type: application/json\" \\\n -d '{\n \"parent_agent_id\": \"agt_7x9k2mNpQ4rS1tUv\",\n \"parent_token\": \"aid_tok_eyJzdWIiOi...\",\n \"child_name\": \"sub-researcher\",\n \"child_permissions\": [\"search_memories\"],\n \"ttl_hours\": 12\n }'\n```\n\n### Delegation Error Responses\n\n| Code | Reason |\n|------|--------|\n| `401` | Invalid or missing API key |\n| `403` | Permission scope violation — child permissions exceed parent's scope |\n| `404` | Parent agent not found |\n\n资料来源:[web/src/pages/docs.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/docs.tsx)\n\n---\n\n## Audit Logging\n\nEvery tool call is logged to the audit trail for compliance and security monitoring.\n\n### Audit Log Contents\n\nAudit logs capture:\n- Tool call records\n- Allow/deny decisions\n- Timestamps\n- Agent identity\n- Request parameters (redacted sensitive fields)\n\n### Hash Chain Integrity\n\n> Audit logs are protected by a tamper-evident hash chain. This means we can detect if any log entry has been altered after the fact.\n\n```json\n{\n \"verified\": false,\n \"entries_checked\": 1523,\n \"broken_at_id\": 42,\n \"message\": \"Integrity chain broken at entry 42 -- possible tampering\"\n}\n```\n\n### Verification Endpoint\n\n```bash\ncurl \"https://api.agentsid.dev/api/v1/audit/verify\" \\\n -H \"Authorization: Bearer aid_proj_xR7kM2pQ9...\"\n```\n\n资料来源:[web/src/pages/docs.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/docs.tsx)\n\n### Data Retention by Plan\n\n| Plan | Retention |\n|------|-----------|\n| Free | 7 days |\n| Paid | Plan-specific |\n\n> If you downgrade from a paid plan to Free, your audit logs will be trimmed to the Free tier retention window (7 days) within 30 days of the plan change.\n\n资料来源:[web/src/pages/terms.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/terms.tsx)\n\n---\n\n## API Endpoints\n\n### Token Management Endpoints\n\n| Endpoint | Method | Description |\n|----------|--------|-------------|\n| `/api/v1/agents/register` | POST | Register new agent and issue token |\n| `/api/v1/agents/{agent_id}/refresh` | POST | Issue new token, revoke all previous |\n| `/api/v1/agents/{agent_id}` | DELETE | Revoke agent and all tokens |\n| `/api/v1/agents/delegate` | POST | Create delegated agent token |\n\n### Validation Endpoints\n\n| Endpoint | Method | Description |\n|----------|--------|-------------|\n| `/api/v1/validate` | POST | Validate token and check permissions |\n| `/api/v1/check` | POST | Check if tool call is allowed |\n\n### Validate Endpoint\n\n```bash\ncurl -X POST https://api.agentsid.dev/api/v1/validate \\\n -H \"Authorization: Bearer aid_proj_xR7kM2pQ9...\" \\\n -H \"Content-Type: application/json\" \\\n -d '{\n \"token\": \"aid_tok_eyJzdWIiOiJhZ3RfN3g5azJt...\",\n \"tool\": \"save_memory\",\n \"params\": {\"category\": \"note\"}\n }'\n```\n\n### Validation Response (Valid Token)\n\n```json\n{\n \"valid\": true,\n \"agent_id\": \"agt_7x9k2mNpQ4rS1tUv\",\n \"project_id\": \"proj_xR7kM2pQ9...\",\n \"expires_at\": 1711411200,\n \"permission\": {\n \"allowed\": true,\n \"reason\": \"Allowed by rule: save_memory\",\n \"matched_rule\": {\"tool_pattern\": \"save_memory\", \"action\": \"allow\"}\n }\n}\n```\n\n### Validation Response (Invalid Token)\n\n```json\n{\n \"valid\": false,\n \"reason\": \"Token validation failed\"\n}\n```\n\n> **Note:** The same error message is returned for expired tokens, invalid signatures, revoked tokens, and project mismatches to prevent information leakage.\n\n资料来源:[web/src/pages/docs.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/docs.tsx)\n\n---\n\n## Token Lifecycle Management\n\n```mermaid\nstateDiagram-v2\n [*] --> Registered: Agent Registration\n Registered --> Active: Token Issued\n Active --> Expired: TTL Reached\n Active --> Revoked: Manual Revocation\n Active --> Refreshed: Token Refresh\n Expired --> [*]: Cleanup\n Revoked --> [*]: Cleanup\n Refreshed --> Active: New Token Issued\n Refreshed --> Revoked: Old Tokens Revoked\n```\n\n### Token Refresh Behavior\n\nWhen a token is refreshed:\n1. All previous tokens for the agent are immediately revoked\n2. A new token with fresh `iat` and `exp` claims is issued\n3. The old `jti` values are added to the revocation list\n\n### Agent Update Behavior\n\nUpdating an agent's name or metadata **does not affect** tokens or permissions.\n\n| Field | Update Effect |\n|-------|---------------|\n| `name` | No effect on tokens |\n| `metadata` | No effect on tokens |\n| Permission rules | Immediately effective (cached 60s) |\n\n资料来源:[web/src/pages/docs.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/docs.tsx)\n\n---\n\n## Quick Start: Registering an Agent\n\n```bash\ncurl -X POST https://agentsid.dev/api/v1/agents/register \\\n -H \"Authorization: Bearer YOUR_PROJECT_KEY\" \\\n -H \"Content-Type: application/json\" \\\n -d '{\n \"name\": \"claude-notes-agent\",\n \"permissions\": [\n {\"tool_pattern\": \"search_notes\", \"action\": \"allow\"},\n {\"tool_pattern\": \"save_note\", \"action\": \"allow\"},\n {\"tool_pattern\": \"list_notes\", \"action\": \"allow\"},\n {\"tool_pattern\": \"delete_note\", \"action\": \"deny\"},\n {\"tool_pattern\": \"admin_*\", \"action\": \"deny\"}\n ]\n }'\n```\n\nThe response includes an `agent_token` which serves as the authentication credential for the agent.\n\n资料来源:[web/src/pages/guides.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/guides.tsx)\n\n---\n\n## Summary\n\nAgentsID provides a robust token authentication system with the following key characteristics:\n\n- **Stateless Validation**: HMAC-SHA256 signatures enable verification without database calls\n- **Flexible Permissions**: Pattern-based rules with wildcard support and explicit deny precedence\n- **Revocation Support**: Unique token IDs (jti) enable revocation tracking with cached lookups\n- **Audit Trail**: Hash-chain protected logs for compliance and security monitoring\n- **Delegation**: Hierarchical agent relationships with permission narrowing\n- **Security Hardening**: Timing-safe comparisons, sensitive data redaction, and comprehensive security headers\n\n---\n\n\n\n## Tamper-Evident Audit System\n\n### 相关页面\n\n相关主题:[Token Authentication and Security](#token-authentication), [Approval Gates and Webhooks](#approval-workflows)\n\n
\nRelevant Source Files\n\n以下源码文件用于生成本页说明:\n\n- [web/src/pages/spec.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/spec.tsx)\n- [web/src/pages/docs.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/docs.tsx)\n- [web/src/pages/privacy.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/privacy.tsx)\n- [web/src/pages/guides.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/guides.tsx)\n- [web/src/components/dashboard/AuditFeed.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/components/dashboard/AuditFeed.tsx)\n- [web/src/components/dashboard/AgentDetail.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/components/dashboard/AgentDetail.tsx)\n- [PRODUCT.md](https://github.com/AgentsID-dev/agentsid/blob/main/PRODUCT.md)\n
\n\n# Tamper-Evident Audit System\n\nThe Tamper-Evident Audit System is a core security feature of AgentsID that provides cryptographically-linked, append-only logging of all agent tool calls. Every evaluation decision—whether allowed or denied—is permanently recorded with integrity guarantees that make tampering mathematically detectable.\n\n## Overview\n\nThe audit system operates as a **hash-chained append-only ledger**. Each log entry is cryptographically linked to the previous entry via SHA-256 hashing, creating an immutable chain that proves exactly what happened, when, and under whose authority. 资料来源:[web/src/pages/spec.tsx:1-50]()\n\n### Design Principles\n\n| Principle | Description |\n|-----------|-------------|\n| **Deny-first** | Absent a matching allow rule, all tool calls are denied |\n| **Tamper-evident** | Hash chain makes any modification mathematically detectable |\n| **Auditable** | Every evaluation decision is logged with cryptographic integrity |\n| **Portable** | The spec is a JSON schema, not a platform dependency |\n\n资料来源:[web/src/pages/spec.tsx:50-70]()\n\n## Audit Entry Schema\n\nEach audit log entry captures a complete record of a tool call evaluation. The schema follows a standardized format that ensures consistency across all logged events.\n\n```json\n{\n \"entryId\": \"entry_abc123\",\n \"timestamp\": \"2026-03-29T12:34:56.789Z\",\n \"agentId\": \"agent_def456\",\n \"delegationId\": \"del_xyz789\",\n \"tool\": \"github.push_files\",\n \"parameters\": { \"owner\": \"myorg\", \"repo\": \"myrepo\", \"branch\": \"main\" },\n \"decision\": \"allow\",\n \"matchedRule\": 2,\n \"constraintsEvaluated\": [\"rateLimit\", \"schedule\"],\n \"durationMs\": 3,\n \"prevEntryHash\": \"sha256:e3b0c44298fc1c149afb...\",\n \"entryHash\": \"sha256:a665a45920422f9d417e...\"\n}\n```\n\n资料来源:[web/src/pages/spec.tsx:70-90]()\n\n### Field Descriptions\n\n| Field | Type | Description |\n|-------|------|-------------|\n| `entryId` | string | Unique identifier for the audit entry |\n| `timestamp` | ISO 8601 | When the evaluation occurred |\n| `agentId` | string | Which agent made the tool call |\n| `delegationId` | string | Delegation chain reference |\n| `tool` | string | The tool being evaluated (e.g., `github.push_files`) |\n| `parameters` | object | What data was sent to the tool |\n| `decision` | string | `allow` or `deny` |\n| `matchedRule` | number | Index of the policy rule that matched |\n| `constraintsEvaluated` | array | List of constraints checked (rateLimit, schedule) |\n| `durationMs` | number | Evaluation time in milliseconds |\n| `prevEntryHash` | string | SHA-256 hash of the previous entry |\n| `entryHash` | string | SHA-256 hash of this entry (with entryHash set to null) |\n\n资料来源:[web/src/pages/guides.tsx:100-130]()\n\n## Hash Chain Integrity\n\nThe foundation of tamper-evidence is the cryptographic hash chain that links all audit entries together. This mechanism ensures data integrity without requiring a centralized trusted authority.\n\n### Hash Calculation\n\n```javascript\nentryHash = SHA-256(canonicalize(entry with entryHash=null))\n// First entry uses prevEntryHash: \"genesis\"\n```\n\n资料来源:[web/src/pages/spec.tsx:90-95]()\n\n### Verification Algorithm\n\n```javascript\nfunction verifyChain(entries: AuditEntry[]): boolean {\n for (let i = 1; i < entries.length; i++) {\n const prev = entries[i - 1]\n // Verify prevEntryHash matches previous entry's entryHash\n // Verify canonicalized hash matches stored entryHash\n }\n}\n```\n\n资料来源:[web/src/pages/spec.tsx:95-105]()\n\n### Integrity Verification Response\n\n**Chain Intact (200 OK):**\n```json\n{\n \"verified\": true,\n \"entries_checked\": 1523,\n \"message\": \"All entries verified -- chain intact\"\n}\n```\n\n**Chain Broken (200 OK):**\n```json\n{\n \"verified\": false,\n \"entries_checked\": 1523,\n \"broken_at_id\": 42,\n \"message\": \"Integrity chain broken at entry 42 -- possible tampering\"\n}\n```\n\n资料来源:[web/src/pages/docs.tsx:1-50]()\n\n## Architecture\n\n```mermaid\ngraph TD\n A[Agent Tool Call] --> B[Policy Evaluator]\n B --> C{Audit Entry Created}\n C --> D[SHA-256 Hash Calculation]\n D --> E[Append to Chain]\n E --> F[prevEntryHash set to previous entryHash]\n F --> G[Audit Log Stored]\n G --> H[Dashboard Display]\n \n I[Verification Request] --> J[Traverse Chain]\n J --> K{Hash Match?}\n K -->|Yes| L[Continue]\n K -->|No| M[Flag Tampering]\n \n style M fill:#ffcccc\n style G fill:#ccffcc\n```\n\n## Audit API Methods\n\nThe AgentsID SDK provides three primary methods for interacting with the audit system.\n\n### Method Reference\n\n| Method | Parameters | Returns | Description |\n|--------|------------|---------|-------------|\n| `getAuditLog` | `agentId?`, `tool?`, `action?`, `since?`, `limit?`, `offset?` | `{ entries[], total, limit, offset }` | Query audit log with filters |\n| `getAuditStats` | `days?` | `{ totalEvents, byAction, byTool, denyRatePct }` | Aggregate statistics |\n| `verifyAuditChain` | `(none)` | `{ verified, entriesChecked, message }` | Verify hash chain integrity |\n\n资料来源:[web/src/pages/docs.tsx:50-80]()\n\n### Statistics Response Format\n\n```json\n{\n \"total_events\": 1423,\n \"events_by_action\": {\n \"allow\": 1308,\n \"deny\": 115\n },\n \"events_by_tool\": {\n \"save_memory\": 800,\n \"search_memories\": 500,\n \"delete_memory\": 123,\n \"list_categories\": 100\n },\n \"deny_rate_pct\": 8.1\n}\n```\n\n资料来源:[web/src/pages/docs.tsx:80-120]()\n\n## Audit Feed Dashboard\n\nThe dashboard provides a real-time audit feed that displays events as they happen. The interface includes filtering capabilities and visual indicators for allowed versus denied actions.\n\n### Visual Design\n\nThe audit feed uses color coding to distinguish between allowed and denied events:\n\n- **Allowed actions**: Green background tint (`bg-green-500/5` → `bg-green-500/10` on hover)\n- **Denied actions**: Red background tint (`bg-red-500/5` → `bg-red-500/10` on hover)\n\n```typescript\nclassName={`cursor-pointer border-b border-border transition-colors ${\n isAllow\n ? \"bg-green-500/5 hover:bg-green-500/10\"\n : \"bg-red-500/5 hover:bg-red-500/10\"\n} ${isNew ? \"animate-in slide-in-from-top-2 fade-in duration-400\" : \"\"}`}\n```\n\n资料来源:[web/src/components/dashboard/AuditFeed.tsx:1-50]()\n\n### Filtering Capabilities\n\nThe dashboard supports filtering by:\n- **Agent**: Filter by specific agent ID\n- **Tool**: Filter by specific tool name\n- **Result**: Filter by allowed or denied status\n- **Time range**: Filter by date/time window\n\n### Activity Timeline Component\n\nThe agent detail page includes an Activity Timeline component that displays the audit entries for a specific agent:\n\n```tsx\n
\n \n
\n```\n\n资料来源:[web/src/components/dashboard/AgentDetail.tsx:1-50]()\n\n## Security Properties\n\nThe tamper-evident audit system provides several security guarantees:\n\n### Encryption in Transit\nAll communication between clients and the AgentsID API uses TLS 1.2 or higher.\n\n### HMAC Token Signing\nAgent tokens are signed with HMAC-SHA256. The signing secret never leaves the server. Raw API keys are never stored—only their hashes.\n\n### Tamper-Evident Logs\nEach log entry is chained to the previous via a hash, making unauthorized modifications mathematically detectable.\n\n资料来源:[web/src/pages/privacy.tsx:100-130]()\n\n## Use Cases\n\n### Debugging\n> \"The agent did something weird at 3pm.\" Go to the audit trail, find the 3pm entries, see exactly what tools were called and with what parameters.\n\n### Compliance\nNeed to prove that your AI agent never accessed customer data it shouldn't have? The audit trail is your evidence.\n\n### Security Review\nAfter an incident, review all denied calls. Multiple denied calls for the same dangerous tool might indicate a prompt injection attack.\n\n### Performance Monitoring\nSee which tools are called most often and how they're being used.\n\n资料来源:[web/src/pages/guides.tsx:50-80]()\n\n## Data Retention\n\n| Plan | Retention Period | Notes |\n|------|------------------|-------|\n| Free | 7 days | Audit logs trimmed after plan downgrade |\n| Pro | 30 days | Standard retention |\n| Enterprise | Custom | Configurable retention policies |\n\nWhen downgrading from Pro to Free, audit logs are trimmed to the 7-day window within 30 days. Users should export logs before downgrading if preservation is needed.\n\n资料来源:[web/src/pages/privacy.tsx:1-30]()\n\n## Reference Implementation\n\n| Component | Package | Description |\n|-----------|---------|-------------|\n| Policy evaluator | `@agentsid/sdk` | Core evaluation engine (TypeScript) |\n| MCP middleware | `@agentsid/sdk` | MCP protocol integration |\n| Audit API | `api.agentsid.dev` | REST API for audit operations |\n\n资料来源:[web/src/pages/spec.tsx:200-220]()\n\n## AuditEntry Data Model\n\nFrom the product specification, the core data model for audit entries:\n\n```\nAuditEntry {\n id: \"aud_...\"\n timestamp: ISO 8601\n agent_id: \"agt_...\"\n delegated_by: \"user_...\" // human in the chain\n tool: \"save_memory\"\n action: \"allow\" | \"deny\"\n params: { ... } // what was passed to the tool\n result: \"success\" | \"error\"\n delegation_chain: [user_abc → agt_xyz]\n}\n```\n\nQueryable by: agent, user, tool, time range, action.\nExportable as JSON or CSV for compliance.\n\n资料来源:[PRODUCT.md:1-50]()\n\n---\n\n\n\n## Backend API Reference\n\n### 相关页面\n\n相关主题:[High-Level Architecture](#high-level-architecture)\n\n
\n相关源码文件\n\n以下源码文件用于生成本页说明:\n\n- [web/src/pages/docs.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/docs.tsx)\n- [web/src/pages/spec.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/spec.tsx)\n- [web/src/pages/guides.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/guides.tsx)\n- [README.md](https://github.com/AgentsID-dev/agentsid/blob/main/README.md)\n- [web/src/pages/privacy.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/privacy.tsx)\n- [web/src/pages/research.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/research.tsx)\n
\n\n# Backend API Reference\n\n## Overview\n\nThe AgentsID Backend API provides a comprehensive identity, permissions, and audit system for AI agents. The API serves as the central control plane for managing agent identities, enforcing permission rules, and maintaining tamper-proof audit logs.\n\n**Base URL:** `https://api.agentsid.dev/api/v1`\n\nAll endpoints (except project creation and health checks) require a project API key in the `Authorization` header:\n\n```\nAuthorization: Bearer aid_proj_\n```\n\n## Authentication\n\n### Project API Key\n\nEvery project is assigned a unique API key during initialization. This key authenticates the project owner and grants access to all project resources including agents, permissions, and audit logs.\n\n**Key Format:** `aid_proj_` prefix followed by a 16+ character alphanumeric string\n\n**Example:**\n```bash\ncurl https://api.agentsid.dev/api/v1/audit/usage \\\n -H \"Authorization: Bearer aid_proj_xR7kM2pQ9...\"\n```\n\n### Agent Tokens\n\nAgent tokens are short-lived credentials issued to individual agents. Each agent receives a token upon registration with an optional TTL (time-to-live):\n\n```json\n{\n \"agent\": \"agt_7x9k2mNpQ4rS1tUv\",\n \"token\": \"aid_tok_...\",\n \"tokenId\": \"tok_abc123\",\n \"expiresAt\": \"2026-03-26 14:30:00+00:00\"\n}\n```\n\n资料来源:[web/src/pages/guides.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/guides.tsx)\n\n## API Endpoints\n\n### Projects\n\n| Endpoint | Method | Description |\n|----------|--------|-------------|\n| `/api/v1/projects` | POST | Create a new project |\n| `/api/v1/projects/{project_id}` | GET | Get project details |\n| `/api/v1/projects/{project_id}` | PATCH | Update project settings |\n\n资料来源:[web/src/pages/docs.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/docs.tsx)\n\n### Agents\n\n#### Register Agent\n\n```\nPOST /api/v1/agents/register\n```\n\nCreates a new agent and issues its first authentication token.\n\n**Request Body:**\n```json\n{\n \"name\": \"research-assistant\",\n \"onBehalfOf\": \"user_abc\",\n \"permissions\": [\"search_memories\", \"save_memory\"],\n \"ttlHours\": 24,\n \"metadata\": {\n \"framework\": \"langchain\"\n }\n}\n```\n\n**Response:**\n```json\n{\n \"id\": \"agt_7x9k2mNpQ4rS1tUv\",\n \"name\": \"research-assistant\",\n \"project_id\": \"proj_a1b2c3d4e5f6\",\n \"created_by\": \"user_abc\",\n \"status\": \"active\",\n \"expires_at\": \"2026-03-26 14:30:00+00:00\",\n \"metadata\": {\"framework\": \"langchain\"},\n \"created_at\": \"2026-03-25 14:30:00+00:00\",\n \"revoked_at\": null\n}\n```\n\n#### List Agents\n\n```\nGET /api/v1/agents/?status=active&limit=10\n```\n\nReturns a paginated list of agents within the project.\n\n**Query Parameters:**\n| Parameter | Type | Description |\n|-----------|------|-------------|\n| `status` | string | Filter by status: `active`, `revoked` |\n| `limit` | integer | Maximum results (default: 10) |\n\n#### Get Agent\n\n```\nGET /api/v1/agents/{agent_id}\n```\n\nRetrieves details for a specific agent.\n\n**Response Codes:**\n| Code | Reason |\n|------|--------|\n| `200 OK` | Agent found |\n| `401 Unauthorized` | Invalid or missing API key |\n| `404 Not Found` | Agent not found or does not belong to this project |\n\n#### Update Agent\n\n```\nPATCH /api/v1/agents/{agent_id}\n```\n\nUpdates an agent's name or metadata. Does not affect tokens or permissions.\n\n**Request Body:**\n```json\n{\n \"name\": \"new-agent-name\",\n \"metadata\": {\n \"version\": \"2.0\"\n }\n}\n```\n\n资料来源:[web/src/pages/docs.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/docs.tsx)\n\n### Permissions\n\n#### Check Permission\n\n```\nPOST /api/v1/check\n```\n\nValidates whether an agent is permitted to execute a specific tool. This is the core enforcement endpoint.\n\n**Request Body:**\n```json\n{\n \"agent_id\": \"agt_7x9k2mNpQ4rS1tUv\",\n \"tool\": \"delete_memory\"\n}\n```\n\n**Response (Allowed):**\n```json\n{\n \"allowed\": true,\n \"reason\": \"Allowed by rule: save_memory\",\n \"matched_rule\": {\n \"tool_pattern\": \"save_memory\",\n \"action\": \"allow\"\n }\n}\n```\n\n**Response (Denied):**\n```json\n{\n \"allowed\": false,\n \"reason\": \"No matching rule -- default deny\",\n \"matched_rule\": null\n}\n```\n\n**curl Example:**\n```bash\ncurl -X POST https://api.agentsid.dev/api/v1/check \\\n -H \"Authorization: Bearer aid_proj_xR7kM2pQ9...\" \\\n -H \"Content-Type: application/json\" \\\n -d '{\"agent_id\": \"agt_7x9k2mNpQ4rS1tUv\", \"tool\": \"delete_memory\"}'\n```\n\n#### Permission Rule Structure\n\n```json\n{\n \"tool_pattern\": \"github.push_files\",\n \"action\": \"allow\",\n \"constraints\": [\n { \"type\": \"rateLimit\", \"max\": 10, \"windowSeconds\": 3600 }\n ]\n}\n```\n\n**Tool Pattern Matching:**\n| Pattern | Description |\n|---------|-------------|\n| `*` | Match all tools |\n| `github.*` | Match all GitHub-related tools |\n| `save_memory` | Exact match |\n\n资料来源:[web/src/pages/spec.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/spec.tsx)\n\n### Validation\n\n#### Validate Tool Parameters\n\n```\nPOST /api/v1/validate\n```\n\nValidates parameters for a specific tool against defined schemas.\n\n### Audit\n\n#### Verify Integrity Chain\n\n```\nGET /api/v1/audit/verify\n```\n\nVerifies the cryptographic integrity of the audit log chain. Each entry contains a SHA-256 hash linking to the previous entry, creating a tamper-evident chain.\n\n**Response (Chain Valid):**\n```json\n{\n \"verified\": true,\n \"entries_checked\": 1523,\n \"message\": \"Integrity chain verified\"\n}\n```\n\n**Response (Chain Broken):**\n```json\n{\n \"verified\": false,\n \"entries_checked\": 1523,\n \"broken_at_id\": 42,\n \"message\": \"Integrity chain broken at entry 42 -- possible tampering\"\n}\n```\n\n#### Get Usage Statistics\n\n```\nGET /api/v1/audit/usage\n```\n\nReturns current usage statistics and plan limits for the authenticated project.\n\n**Response:**\n```json\n{\n \"events_this_month\": 1200,\n \"events_limit\": 10000,\n \"agents_active\": 5,\n \"agents_limit\": 25,\n \"plan\": \"free\"\n}\n```\n\n## Audit Log Format\n\n### Entry Schema\n\n```json\n{\n \"entryId\": \"entry_abc123\",\n \"timestamp\": \"2026-03-29T12:34:56.789Z\",\n \"agentId\": \"agent_def456\",\n \"delegationId\": \"del_xyz789\",\n \"tool\": \"github.push_files\",\n \"parameters\": {\n \"owner\": \"myorg\",\n \"repo\": \"myrepo\",\n \"branch\": \"main\"\n },\n \"decision\": \"allow\",\n \"matchedRule\": 2,\n \"constraintsEvaluated\": [\"rateLimit\", \"schedule\"],\n \"durationMs\": 3,\n \"prevEntryHash\": \"sha256:e3b0c44298fc1c149afb...\",\n \"entryHash\": \"sha256:a665a45920422f9d417e...\"\n}\n```\n\n### Hash Chain Integrity\n\nThe system uses SHA-256 cryptographic hashing to create a tamper-evident audit trail:\n\n```javascript\nentryHash = SHA-256(canonicalize(entry with entryHash=null))\n// First entry uses prevEntryHash: \"genesis\"\n```\n\n**Verification Algorithm:**\n```javascript\nfunction verifyChain(entries: AuditEntry[]): boolean {\n for (let i = 1; i < entries.length; i++) {\n const prev = entries[i - 1]\n const expected = SHA-256(canonicalize(entries[i].with(prevEntryHash = prev.entryHash)))\n if (entries[i].entryHash !== expected) {\n return false\n }\n }\n return true\n}\n```\n\n资料来源:[web/src/pages/spec.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/spec.tsx)\n\n## Constraint Types\n\nConstraints attach runtime conditions to rules beyond simple parameter validation.\n\n| Constraint | Purpose |\n|------------|---------|\n| `schedule` | Restrict execution to specific days/hours |\n| `rateLimit` | Limit requests within a time window |\n| `budget` | Cap monetary spend |\n| `sequence` | Require or forbid tool sequences |\n| `sessionLimit` | Limit concurrent sessions |\n| `riskScore` | Block high-risk operations |\n| `ipAllowlist` | Restrict to specific IP ranges |\n| `chainDepth` | Limit agent delegation depth |\n| `cooldown` | Enforce minimum time between calls |\n| `anomaly` | Detect unusual behavior patterns |\n\n### Schedule Constraint\n\n```json\n{\n \"type\": \"schedule\",\n \"daysOfWeek\": [1, 2, 3, 4, 5],\n \"hoursUTC\": [8, 17],\n \"timezone\": \"America/New_York\"\n}\n```\n\n### Rate Limit Constraint\n\n```json\n{\n \"type\": \"rateLimit\",\n \"max\": 100,\n \"windowSeconds\": 3600,\n \"scope\": \"agent\"\n}\n```\n\n| Scope | Description |\n|-------|-------------|\n| `agent` | Counter is per agent instance |\n| `principal` | Counter shared across all agents |\n\n### Budget Constraint\n\n```json\n{\n \"type\": \"budget\",\n \"currency\": \"usd\",\n \"max\": 10.00,\n \"windowSeconds\": 86400\n}\n```\n\n### Sequence Constraint\n\n```json\n{\n \"type\": \"sequence\",\n \"requires\": [\"filesystem.read_file\"],\n \"forbids\": [\"github.push_files\"]\n}\n```\n\n### Session Limit Constraint\n\n```json\n{\n \"type\": \"sessionLimit\",\n \"max\": 5\n}\n```\n\n### Risk Score Constraint\n\n```json\n{\n \"type\": \"riskScore\",\n \"maxScore\": 0.7\n}\n```\n\n### IP Allowlist Constraint\n\n```json\n{\n \"type\": \"ipAllowlist\",\n \"cidrs\": [\"10.0.0.0/8\", \"192.168.1.0/24\"]\n}\n```\n\n### Chain Depth Constraint\n\n```json\n{\n \"type\": \"chainDepth\",\n \"max\": 2\n}\n```\n\n### Cooldown Constraint\n\n```json\n{\n \"type\": \"cooldown\",\n \"seconds\": 300\n}\n```\n\n资料来源:[web/src/pages/spec.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/spec.tsx)\n\n## SDK Reference\n\nThe AgentsID SDK provides programmatic access to the API in multiple languages.\n\n### Available SDKs\n\n| Package | Registry | Command |\n|---------|----------|---------|\n| JavaScript/TypeScript | npm | `npm install @agentsid/sdk` |\n| Python | PyPI | `pip install agentsid` |\n| Ruby | RubyGems | `gem install agentsid` |\n\n### Agent Methods\n\n| Method | Parameters | Returns | Description |\n|--------|------------|---------|-------------|\n| `registerAgent` | `name, onBehalfOf, permissions?, ttlHours?, metadata?` | `{ agent, token, tokenId, expiresAt }` | Create a new agent and issue its first token |\n| `getAgent` | `agentId` | `Agent` | Get agent details by ID |\n| `listAgents` | `status?, limit?` | `Agent[]` | List agents, optionally filtered by status |\n| `updateAgent` | `agentId, name?, metadata?` | `Agent` | Update agent name or metadata |\n| `refreshToken` | `agentId, ttlHours?` | `{ token, tokenId, expiresAt }` | Issue new token, revoke all previous |\n\n### SDK Initialization\n\n```javascript\nimport AgentsID from '@agentsid/sdk'\n\nconst client = new AgentsID({\n projectKey: 'aid_proj_xR7kM2pQ9...',\n agentToken: 'aid_tok_...'\n})\n```\n\n资料来源:[web/src/pages/docs.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/docs.tsx)\n\n## CLI Reference\n\n### Initialization\n\n```bash\nnpx agentsid init \"My Production App\"\n```\n\nCreates a new project and receives the API key.\n\n**Output:**\n```\nCreating project \"My Production App\"...\nProject created successfully!\n\n Project ID: proj_a1b2c3d4e5f6\n API Key: aid_proj_xR7kM2pQ9...\n Plan: free\n\n Store your API key securely. It will not be shown again.\n```\n\n### Register Agent\n\n```bash\nnpx agentsid register-agent \\\n --name \"research-assistant\" \\\n --on-behalf-of \"user_abc\" \\\n --permissions \"search_memories,save_memory\" \\\n --ttl 24\n```\n\n**Output:**\n```\nAgent registered!\n\n Agent ID: agt_7x9k2mNpQ4rS1tUv\n Token: aid_tok_...\n Expires: 2026-03-26 14:30:00+00:00\n```\n\n## Architecture Overview\n\n```mermaid\ngraph TD\n A[AI Agent] -->|1. Request Tool Call| B[AgentsID SDK]\n B -->|2. Check Permission| C[AgentsID API]\n C -->|3. Evaluate Rules| D[Permission Engine]\n D -->|4. Query| E[(Database)]\n E -->|5. Rule Match| D\n D -->|6. Decision| C\n C -->|7. Allow/Deny| B\n B -->|8. Execute or Block| A\n C -->|9. Log Event| F[Audit Log]\n F -->|10. Hash Chain| G[Integrity Verification]\n```\n\n## Rate Limits and Quotas\n\n| Plan | Events/Month | Agents | Features |\n|------|--------------|--------|----------|\n| Free | 10,000 | 25 | Core permissions, basic audit |\n| Pro | 100,000 | 100 | Advanced constraints, SSO |\n| Enterprise | Unlimited | Unlimited | Custom SLAs, dedicated support |\n\n资料来源:[web/src/pages/privacy.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/privacy.tsx)\n\n## Error Handling\n\n| HTTP Code | Meaning | Common Causes |\n|-----------|---------|---------------|\n| `400 Bad Request` | Invalid request body | Missing required fields, malformed JSON |\n| `401 Unauthorized` | Authentication failed | Invalid or expired API key |\n| `403 Forbidden` | Permission denied | Agent lacks required permissions |\n| `404 Not Found` | Resource not found | Invalid agent ID or project ID |\n| `429 Too Many Requests` | Rate limit exceeded | Too many requests within time window |\n| `500 Internal Server Error` | Server error | System maintenance or outage |\n\n## Security Considerations\n\n### API Key Storage\n\n- API keys are hashed before storage; raw keys are never persisted\n- Project keys should be stored in environment variables\n- Agent tokens should be rotated periodically using `refreshToken`\n\n### Data Handling\n\n- Raw exports of project data, agent configurations, and audit logs are available in JSON format\n- PostHog analytics is opt-in only, gated behind cookie consent\n- The system does not sell user data\n\n### Audit Log Immutability\n\nThe hash chain mechanism ensures:\n\n1. Any tampering with historical entries breaks the chain\n2. Verification can be performed at any time via `/api/v1/audit/verify`\n3. Genesis entry uses a fixed seed value: `\"genesis\"`\n\n资料来源:[web/src/pages/privacy.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/privacy.tsx)\n\n## Related Documentation\n\n- [Guides and Tutorials](https://agentsid.dev/guides)\n- [Full API Documentation](https://agentsid.dev/docs#api-reference)\n- [Privacy Policy](https://agentsid.dev/privacy)\n- [Research Papers](https://agentsid.dev/research)\n\n---\n\n\n\n## Approval Gates and Webhooks\n\n### 相关页面\n\n相关主题:[Deny-First Permission System](#permission-system), [Tamper-Evident Audit System](#audit-system)\n\n
\nRelated Source Files\n\n以下源码文件用于生成本页说明:\n\n- [server/src/services/approval.py](https://github.com/AgentsID-dev/agentsid/blob/main/server/src/services/approval.py)\n- [server/src/api/approvals.py](https://github.com/AgentsID-dev/agentsid/blob/main/server/src/api/approvals.py)\n- [server/src/api/webhooks.py](https://github.com/AgentsID-dev/agentsid/blob/main/server/src/api/webhooks.py)\n- [server/src/services/webhook.py](https://github.com/AgentsID-dev/agentsid/blob/main/server/src/services/webhook.py)\n- [server/src/services/notifications.py](https://github.com/AgentsID-dev/agentsid/blob/main/server/src/services/notifications.py)\n
\n\n# Approval Gates and Webhooks\n\nAgentsID provides two complementary mechanisms for controlling and monitoring AI agent behavior: **Approval Gates** and **Webhooks**. Together, they enable organizations to implement human-in-the-loop oversight for sensitive operations while maintaining real-time visibility into agent activities through event-driven notifications.\n\n## Overview\n\nApproval Gates pause agent tool executions and require explicit human authorization before proceeding. This creates a checkpoint system where certain actions cannot complete without human review.\n\nWebhooks deliver real-time event notifications to your systems when significant events occur—including when approvals are requested, when decisions are made, and when policy violations or rate limits are encountered.\n\n资料来源:[web/src/pages/docs.tsx:1-100]()\n\n## Approval Gates\n\n### Purpose and Scope\n\nApproval Gates provide human-in-the-loop control over agent actions. When an agent attempts to execute a tool that matches a permission rule with `requires_approval: true`, the system halts execution and creates a pending approval record.\n\nThe approval mechanism supports:\n\n- **Tool-specific gating**: Require approval only for specific dangerous operations (file writes, deletions, deployments)\n- **Universal gating**: Require approval for all tool calls (maximum oversight)\n- **Conditional gating**: Combine with other permission constraints (schedule, rate limits, risk scores)\n- **Time-boxed decisions**: Approvers receive notifications and must decide within acceptable timeframes\n\n资料来源:[web/src/pages/guides.tsx:1-50]()\n\n### How Approval Gates Work\n\n```mermaid\nsequenceDiagram\n participant Agent\n participant AgentsID_API\n participant ApprovalService\n participant NotificationService\n participant Human\n participant Dashboard\n\n Agent->>AgentsID_API: Tool call (e.g., delete_file)\n AgentsID_API->>ApprovalService: Validate against permission rules\n ApprovalService-->>AgentsID_API: requires_approval: true\n AgentsID_API->>ApprovalService: Create pending approval\n ApprovalService-->>AgentsID_API: approval_id\n AgentsID_API-->>Agent: 202 Accepted (pending)\n NotificationService->>Human: Email/webhook notification\n Human->>Dashboard: Review approval request\n Human->>Dashboard: Approve or reject\n Dashboard->>ApprovalService: Process decision\n ApprovalService-->>Agent: Decision (allow/deny)\n```\n\n### Configuring Approval Gates\n\nApproval gates are configured within permission rules using the `requires_approval` field:\n\n```json\n{\n \"tool_pattern\": \"deploy_production\",\n \"action\": \"allow\",\n \"requires_approval\": true\n}\n```\n\n#### Cautious Agent Template\n\nFor maximum oversight, all tool calls can require approval:\n\n```json\n[\n { \"tool_pattern\": \"*\", \"action\": \"allow\", \"requires_approval\": true }\n]\n```\n\nThis configuration pauses every agent action and requires human authorization before execution proceeds. The system waits indefinitely for a decision.\n\n资料来源:[web/src/pages/guides.tsx:1-50]()\n\n#### Selective Approval Requirements\n\nConfigure approval requirements for specific high-risk operations while allowing routine operations to proceed automatically:\n\n```json\n[\n { \"tool_pattern\": \"read_file\", \"action\": \"allow\" },\n { \"tool_pattern\": \"search_code\", \"action\": \"allow\" },\n { \"tool_pattern\": \"list_files\", \"action\": \"allow\" },\n { \"tool_pattern\": \"write_file\", \"action\": \"allow\", \"requires_approval\": true },\n { \"tool_pattern\": \"execute_*\", \"action\": \"deny\" },\n { \"tool_pattern\": \"deploy_*\", \"action\": \"deny\" },\n { \"tool_pattern\": \"delete_*\", \"action\": \"deny\" }\n]\n```\n\n资料来源:[web/src/pages/guides.tsx:50-100]()\n\n### Approval API Endpoints\n\n#### List Pending Approvals\n\nRetrieves all pending approval requests for the authenticated project.\n\n| Property | Value |\n|----------|-------|\n| Method | `GET` |\n| Path | `/api/v1/approvals/` |\n\n**Response:**\n\n```json\n[\n {\n \"id\": 1,\n \"agent_id\": \"agt_7x9k2mNpQ4rS1tUv\",\n \"tool\": \"delete_user\",\n \"params\": { \"user_id\": \"usr_123\" },\n \"status\": \"pending\",\n \"requested_at\": \"2026-03-25 14:30:00+00:00\"\n }\n]\n```\n\n**curl Example:**\n\n```bash\ncurl \"https://api.agentsid.dev/api/v1/approvals/\" \\\n -H \"Authorization: Bearer aid_proj_xR7kM2pQ9...\"\n```\n\n资料来源:[web/src/pages/docs.tsx:1-100]()\n\n#### Get Pending Approval Count\n\nReturns the count of pending approvals, useful for dashboard badges and polling applications.\n\n| Property | Value |\n|----------|-------|\n| Method | `GET` |\n| Path | `/api/v1/approvals/count` |\n\n**Response:**\n\n```json\n{\n \"pending_count\": 3\n}\n```\n\n**curl Example:**\n\n```bash\ncurl \"https://api.agentsid.dev/api/v1/approvals/count\" \\\n -H \"Authorization: Bearer aid_proj_xR7kM2pQ9...\"\n```\n\n资料来源:[web/src/pages/docs.tsx:100-200]()\n\n#### Approve a Pending Action\n\nGrants authorization for a previously pending tool call.\n\n| Property | Value |\n|----------|-------|\n| Method | `POST` |\n| Path | `/api/v1/approvals/{id}/approve` |\n\n**Request Body:**\n\n| Field | Type | Required | Description |\n|-------|------|----------|-------------|\n| `decided_by` | string | Yes | Identifier of the human approver |\n| `reason` | string | No | Optional reason for the decision |\n\n**Example Request Body:**\n\n```json\n{\n \"decided_by\": \"admin@example.com\",\n \"reason\": \"Verified with user\"\n}\n```\n\n**curl Example:**\n\n```bash\ncurl -X POST \"https://api.agentsid.dev/api/v1/approvals/1/approve\" \\\n -H \"Authorization: Bearer aid_proj_xR7kM2pQ9...\" \\\n -H \"Content-Type: application/json\" \\\n -d '{\"decided_by\": \"admin@example.com\"}'\n```\n\n资料来源:[web/src/pages/docs.tsx:200-300]()\n\n#### Reject a Pending Action\n\nDenies authorization for a pending tool call.\n\n| Property | Value |\n|----------|-------|\n| Method | `POST` |\n| Path | `/api/v1/approvals/{id}/reject` |\n\n**Request Body:**\n\n| Field | Type | Required | Description |\n|-------|------|----------|-------------|\n| `decided_by` | string | Yes | Identifier of the human rejecting |\n| `reason` | string | No | Reason for rejection |\n\n**curl Example:**\n\n```bash\ncurl -X POST \"https://api.agentsid.dev/api/v1/approvals/1/reject\" \\\n -H \"Authorization: Bearer aid_proj_xR7kM2pQ9...\" \\\n -H \"Content-Type: application/json\" \\\n -d '{\"decided_by\": \"admin@example.com\", \"reason\": \"Not authorized\"}'\n```\n\n资料来源:[web/src/pages/docs.tsx:300-400]()\n\n### SDK Usage\n\nThe TypeScript/Python SDKs provide convenient methods for working with approvals:\n\n```typescript\nimport { AgentsID } from \"@agentsid/sdk\"\n\nconst client = new AgentsID({ apiKey: process.env.AGENTSID_API_KEY })\n\n// List pending approvals\nconst pending = await client.approvals.list();\n\n// Approve an action\nawait client.approvals.approve(approvalId, { decidedBy: 'admin@example.com' });\n\n// Reject an action\nawait client.approvals.reject(approvalId, { decidedBy: 'admin@example.com', reason: 'Security policy violation' });\n```\n\n资料来源:[README.md:1-100]()\n\n## Webhooks\n\n### Purpose and Scope\n\nWebhooks enable real-time event notifications sent to your configured endpoints. When significant events occur within the AgentsID system, HTTP POST requests are delivered to your registered URLs with event payloads.\n\nAgentsID supports **8 webhook event types**:\n\n| Event Type | Trigger |\n|------------|---------|\n| `agent.created` | New agent registered |\n| `agent.revoked` | Agent token revoked |\n| `agent.denied` | Agent denied (permission violation) |\n| `limit.approaching` | Usage approaching plan limits |\n| `limit.reached` | Plan limits reached |\n| `approval.requested` | New approval requested |\n| `approval.decided` | Approval resolved (approved or rejected) |\n| `chain.broken` | Audit chain integrity broken |\n\n资料来源:[README.md:100-200]()\n\n### Webhook Architecture\n\n```mermaid\ngraph TD\n subgraph Events\n A[Agent Created] --> W[Webhook Service]\n B[Approval Requested] --> W\n C[Limit Reached] --> W\n D[Chain Broken] --> W\n end\n \n subgraph Delivery\n W --> S[Signature Verification]\n S --> R[Retry Queue]\n R --> E[Endpoint Delivery]\n end\n \n subgraph Consumer\n E --> P[Your Application]\n end\n```\n\n### Creating Webhook Subscriptions\n\n| Property | Value |\n|----------|-------|\n| Method | `POST` |\n| Path | `/api/v1/webhooks/` |\n\n**Request Body:**\n\n| Field | Type | Required | Description |\n|-------|------|----------|-------------|\n| `name` | string | Yes | Webhook name (1-255 characters) |\n| `url` | string | Yes | Destination URL (1-2000 characters) |\n| `events` | string[] | Yes | Array of event types to subscribe to |\n| `secret` | string | No | Shared secret for signature verification |\n\n资料来源:[web/src/pages/docs.tsx:400-500]()\n\n### Webhook Payload Structure\n\nEach webhook delivery includes a JSON payload with event details:\n\n```json\n{\n \"event\": \"approval.requested\",\n \"timestamp\": \"2026-03-25T14:30:00Z\",\n \"data\": {\n \"approval_id\": 1,\n \"agent_id\": \"agt_7x9k2mNpQ4rS1tUv\",\n \"tool\": \"deploy_production\",\n \"params\": { \"environment\": \"production\" }\n }\n}\n```\n\n### Webhook Security\n\nWebhook requests include signature headers for verification:\n\n| Header | Description |\n|--------|-------------|\n| `X-AgentsID-Signature` | HMAC-SHA256 signature of the payload |\n| `X-AgentsID-Timestamp` | Unix timestamp of the request |\n\nVerify signatures by computing the HMAC-SHA256 of the payload using your webhook secret and comparing it to the provided signature.\n\n### Retry Policy\n\nFailed webhook deliveries (non-2xx responses or timeouts) are retried with exponential backoff:\n\n- First retry: 1 minute\n- Second retry: 5 minutes\n- Third retry: 30 minutes\n- Final retry: 2 hours\n\nAfter all retry attempts, the webhook delivery is marked as failed and no further retries occur.\n\n## Dashboard Integration\n\nThe AgentsID dashboard provides a visual interface for managing approvals and viewing webhook configurations.\n\n### Approvals Dashboard\n\nFrom the dashboard at `agentsid.dev/dashboard`, administrators can:\n\n- View all pending approval requests\n- See tool parameters and context\n- Approve or reject requests\n- View approval history\n\n资料来源:[web/src/pages/guides.tsx:1-50]()\n\n### Permission Editor\n\nThe dashboard includes a visual permission editor that allows configuring `requires_approval` flags:\n\n```typescript\ninterface PermissionRule {\n tool_pattern: string;\n action: \"allow\" | \"deny\";\n requires_approval?: boolean;\n priority?: number;\n schedule?: ScheduleConfig;\n rate_limit?: RateLimitConfig;\n}\n```\n\nThe editor displays active rules with their approval requirements and other constraint indicators.\n\n资料来源:[web/src/components/dashboard/PoliciesTab.tsx:1-100]()\n\n## Audit Trail Integration\n\nAll approval-related events are recorded in the audit trail:\n\n| Audit Entry Field | Description |\n|-------------------|-------------|\n| `entryId` | Unique identifier |\n| `timestamp` | ISO 8601 timestamp |\n| `agentId` | Agent that triggered the event |\n| `tool` | Tool that was called |\n| `parameters` | Tool parameters |\n| `decision` | allow, deny, or pending |\n| `matchedRule` | Index of matched permission rule |\n| `constraintsEvaluated` | List of constraints checked |\n\nThe audit trail maintains hash-chain integrity for compliance verification. Each entry's hash includes the previous entry's hash, creating an immutable chain.\n\n资料来源:[web/src/pages/spec.tsx:1-100]()\n\n## Use Cases\n\n### Development Environment Approval\n\nConfigure automatic deployments to staging while requiring approval for production:\n\n```json\n[\n { \"tool_pattern\": \"deploy_staging\", \"action\": \"allow\" },\n { \"tool_pattern\": \"deploy_production\", \"action\": \"allow\", \"requires_approval\": true }\n]\n```\n\n### Data Protection Workflow\n\nRequire approval for operations accessing confidential data:\n\n```json\n[\n { \"tool_pattern\": \"read_data\", \"action\": \"allow\", \"data_level\": [\"internal\"] },\n { \"tool_pattern\": \"read_data\", \"action\": \"allow\", \"data_level\": [\"confidential\", \"restricted\"], \"requires_approval\": true }\n]\n```\n\n### Training Wheels Mode\n\nFor new agents or testing, require approval for everything:\n\n```json\n[\n { \"tool_pattern\": \"*\", \"action\": \"allow\", \"requires_approval\": true }\n]\n```\n\nThis allows observing agent behavior before granting full autonomy.\n\n资料来源:[web/src/pages/guides.tsx:50-100]()\n\n## Summary\n\n| Feature | Description |\n|---------|-------------|\n| **Approval Gates** | Pause tool execution for human review before allowing or denying |\n| **Webhooks** | Real-time event notifications to external systems |\n| **Approval API** | Programmatic access to pending approvals and decision-making |\n| **Dashboard** | Visual interface for managing approvals and viewing audit logs |\n| **Integration** | SDK support for TypeScript, Python, Ruby, and Java |\n\n---\n\n\n\n## Web Dashboard\n\n### 相关页面\n\n相关主题:[Backend API Reference](#backend-api)\n\n
\nRelevant Source Files\n\n以下源码文件用于生成本页说明:\n\n- [web/src/pages/dashboard.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/dashboard.tsx)\n- [web/src/components/dashboard](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/components/dashboard)\n- [web/src/components/dashboard/Skeletons.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/components/dashboard/Skeletons.tsx)\n- [web/src/components/dashboard/AgentCards.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/components/dashboard/AgentCards.tsx)\n- [web/src/components/dashboard/PermissionEditor.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/components/dashboard/PermissionEditor.tsx)\n- [web/src/components/dashboard/AuditFeed.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/components/dashboard/AuditFeed.tsx)\n- [web/src/pages/guides.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/guides.tsx)\n- [web/src/pages/terms.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/terms.tsx)\n- [web/src/pages/privacy.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/privacy.tsx)\n
\n\n# Web Dashboard\n\nThe Web Dashboard is the central management interface for AgentsID, providing real-time monitoring, agent configuration, and audit trail visualization for AI agent security controls.\n\n## Overview\n\nThe dashboard serves as the command center where users:\n\n- **Monitor agent activity** in real-time through the audit feed\n- **Manage agent permissions** using pattern-based tool allow/deny rules\n- **Register and configure new agents** with unique tokens\n- **View security statistics** and compliance metrics\n- **Access audit logs** for forensic analysis and compliance reporting\n\n资料来源:[web/src/pages/dashboard.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/dashboard.tsx)\n\n## Architecture\n\n```mermaid\ngraph TD\n A[Browser Client] --> B[Dashboard App]\n B --> C[Supabase Backend]\n C --> D[AgentsID API]\n D --> E[Protected MCP Servers]\n \n B --> F[Sidebar Navigation]\n B --> G[Main Content Area]\n B --> H[Register Agent Modal]\n \n G --> I[Overview Tab]\n G --> J[Agents Tab]\n G --> K[Audit Feed Tab]\n \n I --> L[AuditStats]\n J --> M[AgentCards]\n J --> N[PermissionEditor]\n K --> O[AuditFeed]\n```\n\n## Dashboard Layout Structure\n\nThe dashboard uses a responsive sidebar layout with the following regions:\n\n| Region | Description | File Reference |\n|--------|-------------|----------------|\n| **Sidebar** | Persistent navigation with tab switching | `web/src/pages/dashboard.tsx` |\n| **Mobile Header** | Hamburger menu for mobile navigation | `web/src/pages/dashboard.tsx` |\n| **Main Content** | Tab-based content area | `web/src/pages/dashboard.tsx` |\n| **Error Banner** | Error display with retry capability | `web/src/pages/dashboard.tsx` |\n\n### Responsive Behavior\n\n- **Desktop (md+)**: Fixed 240px sidebar on the left, content area with `md:ml-60` offset\n- **Mobile**: Collapsible sidebar with hamburger toggle, full-width content\n- **Max Content Width**: 1400px centered with `max-w-[1400px] mx-auto`\n\n资料来源:[web/src/pages/dashboard.tsx:1-50](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/dashboard.tsx)\n\n## Tab Navigation\n\nThe dashboard supports the following navigation tabs:\n\n```mermaid\nstateDiagram-v2\n [*] --> Overview\n Overview --> Agents\n Agents --> AuditFeed\n AuditFeed --> Overview\n \n Overview: OverviewTab
apiKey, agents, auditStats\n Agents: AgentCards + PermissionEditor\n AuditFeed: AuditFeed Component\n```\n\n### Tab States\n\n| Tab | Component | Key Props |\n|-----|-----------|-----------|\n| `overview` | OverviewTab | apiKey, agents, auditStats, onTabChange, onRegisterAgent |\n| `agents` | Agent management view | AgentCards, PermissionEditor |\n| Audit Feed | Real-time event stream | AuditFeed with filtering |\n\n资料来源:[web/src/pages/dashboard.tsx:100-150](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/dashboard.tsx)\n\n## Core Components\n\n### AgentCards\n\nDisplays registered agents with status indicators and activity metrics.\n\n**Key Features:**\n- Agent name and status display\n- Activity counters (allow/deny events)\n- Quick action buttons for agent management\n\n资料来源:[web/src/components/dashboard/AgentCards.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/components/dashboard/AgentCards.tsx)\n\n### PermissionEditor\n\nConfigures tool permission rules for each agent using pattern matching.\n\n**Permission Rule Structure:**\n\n```typescript\ninterface PermissionRule {\n tool_pattern: string; // Glob pattern for tool names\n action: \"allow\" | \"deny\";\n}\n```\n\n**Example Configuration:**\n\n```json\n[\n { \"tool_pattern\": \"search_*\", \"action\": \"allow\" },\n { \"tool_pattern\": \"read_*\", \"action\": \"allow\" },\n { \"tool_pattern\": \"write_*\", \"action\": \"deny\" },\n { \"tool_pattern\": \"delete_*\", \"action\": \"deny\" }\n]\n```\n\n资料来源:[web/src/components/dashboard/PermissionEditor.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/components/dashboard/PermissionEditor.tsx)\n\n### AuditFeed\n\nProvides real-time visibility into agent tool calls with allow/deny decisions.\n\n**Audit Event Properties:**\n- Agent name and identifier\n- Tool call name and parameters\n- Decision status (allowed/denied)\n- Timestamp\n- Traces back to the rule commit that authorized the decision\n\n资料来源:[web/src/components/dashboard/AuditFeed.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/components/dashboard/AuditFeed.tsx)\n资料来源:[web/src/pages/landing.tsx:50-60](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/landing.tsx)\n\n## Data Models\n\n### AuditStats\n\nCollected from the dashboard for real-time monitoring:\n\n| Field | Type | Description |\n|-------|------|-------------|\n| totalEvents | number | Total audit events |\n| allowedCount | number | Allowed tool calls |\n| deniedCount | number | Denied tool calls |\n| recentActivity | Event[] | Last N events for display |\n\n资料来源:[web/src/pages/dashboard.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/dashboard.tsx)\n\n### Agent Data\n\n| Field | Description |\n|-------|-------------|\n| agentId | Unique identifier |\n| name | Human-readable agent name |\n| token | Agent authentication token |\n| tokenId | Token reference ID |\n| expiresAt | Token expiration timestamp |\n| permissions | Array of PermissionRule objects |\n| status | \"active\" \\| \"inactive\" \\| \"expired\" |\n| metadata | Optional additional data |\n\n资料来源:[web/src/pages/docs.tsx:SDK_INIT_TABS](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/docs.tsx)\n\n## Agent Registration Flow\n\n```mermaid\nsequenceDiagram\n participant User\n participant Dashboard\n participant Modal as RegisterAgentModal\n participant API as AgentsID API\n \n User->>Dashboard: Click \"Register Agent\"\n Dashboard->>Modal: Open registration modal\n User->>Modal: Enter agent details\n Modal->>API: registerAgent(name, permissions)\n API->>API: Generate token + tokenId\n API->>Modal: Return {agent, token, tokenId, expiresAt}\n Modal->>User: Display credentials\n User->>Dashboard: Configure MCP server with token\n```\n\n### Registration Modal\n\nAccessible from both the Overview tab and Agents tab via the `onRegisterAgent` callback.\n\n资料来源:[web/src/pages/dashboard.tsx:Footer](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/dashboard.tsx)\n\n## Error Handling\n\n### Error Banner Component\n\nWhen dashboard data loading fails:\n\n```tsx\n{loadError && (\n
\n {loadError}\n \n
\n)}\n```\n\n**Features:**\n- Auto-dismiss on successful retry\n- Manual retry button\n- Responsive margin/padding\n\n资料来源:[web/src/pages/dashboard.tsx:100-115](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/dashboard.tsx)\n\n## Loading States\n\n### DashboardSkeleton\n\nDisplayed during initial page load for better UX:\n\n| Skeleton Region | Description |\n|-----------------|-------------|\n| Sidebar skeleton | 240px width, logo + navigation items |\n| Main content skeleton | Header + tab content placeholders |\n| Chart skeleton | 200px height area chart placeholder |\n\n```tsx\nfunction DashboardSkeleton() {\n return (\n
\n {/* Sidebar skeleton */}\n
\n \n
\n \n \n \n \n
\n
\n {/* Main content skeleton */}\n
\n \n
\n
\n );\n}\n```\n\n资料来源:[web/src/components/dashboard/Skeletons.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/components/dashboard/Skeletons.tsx)\n\n## Privacy and Data Practices\n\nThe dashboard handles the following user data:\n\n| Data Type | Storage | Purpose |\n|-----------|---------|---------|\n| Email address | Supabase Auth | Account identification |\n| Project names | Dashboard DB | Project organization |\n| Agent names/permissions | Dashboard DB | Agent configuration |\n| API key hashes | Dashboard DB | Credential verification (never raw) |\n| Audit log entries | Dashboard DB | Compliance and monitoring |\n| Token metadata | Dashboard DB | HMAC verification |\n\n资料来源:[web/src/pages/privacy.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/privacy.tsx)\n资料来源:[web/src/pages/terms.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/terms.tsx)\n\n## Navigation Links\n\nThe dashboard footer provides links to related pages:\n\n| Link | Path | Purpose |\n|------|------|---------|\n| Docs | `/docs` | SDK documentation |\n| Guides | `/guides` | Setup tutorials |\n| Dashboard | `/dashboard` | Current page |\n| GitHub | External | Source code repository |\n| Terms | `/terms` | Terms of service |\n| Privacy | `/privacy` | Privacy policy |\n\n资料来源:[web/src/pages/dashboard.tsx:Footer](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/dashboard.tsx)\n\n## Usage with AI Coding Tools\n\nThe dashboard integrates with AI coding assistants through MCP (Model Context Protocol) servers:\n\n| Platform | Setup Command | Configuration |\n|----------|---------------|---------------|\n| Claude Code | `claude mcp add` | Environment variables for project key and agent token |\n| Codex CLI | `codex mcp add` | Similar MCP server registration |\n\n### Testing Workflow\n\n1. **Register agent** → Get project key and agent token\n2. **Configure MCP server** → Set environment variables\n3. **Test allowed calls** → Verify successful tool executions\n4. **Test denied calls** → Verify blocked operations\n5. **Check dashboard** → Review audit feed for all events\n\n资料来源:[web/src/pages/guides.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/guides.tsx)\n\n## Security Model\n\n```mermaid\ngraph LR\n A[AI Agent] -->|tool_call| B[AgentsID Scanner]\n B -->|allow/deny| C[Dashboard Audit Feed]\n C -->|visualize| D[User Dashboard]\n \n B -->|block| A[AI Agent]\n B -->|allow| E[Protected MCP Server]\n```\n\n**Key Security Properties:**\n- API keys are hashed before storage (never stored raw)\n- Token-based authentication with configurable TTL\n- Pattern-based permission rules\n- Complete audit trail for all tool calls\n- Compliance with data export and opt-out requirements\n\n资料来源:[web/src/pages/privacy.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/privacy.tsx)\n\n---\n\n\n\n## Multi-Language SDKs\n\n### 相关页面\n\n相关主题:[Quick Start Guide](#quick-start-guide), [Backend API Reference](#backend-api)\n\n
\n相关源码文件\n\n以下源码文件用于生成本页说明:\n\n- [sdk-typescript/src/client.ts](https://github.com/AgentsID-dev/agentsid/blob/main/sdk-typescript/src/client.ts)\n- [sdk-typescript/src/middleware.ts](https://github.com/AgentsID-dev/agentsid/blob/main/sdk-typescript/src/middleware.ts)\n- [sdk-python/agentsid/client.py](https://github.com/AgentsID-dev/agentsid/blob/main/sdk-python/agentsid/client.py)\n- [sdk-python/agentsid/middleware.py](https://github.com/AgentsID-dev/agentsid/blob/main/sdk-python/agentsid/middleware.py)\n- [sdk-ruby/lib/agentsid/client.rb](https://github.com/AgentsID-dev/agentsid/blob/main/sdk-ruby/lib/agentsid/client.rb)\n- [sdk-java/src/main/java/dev/agentsid/AgentsID.java](https://github.com/AgentsID-dev/agentsid/blob/main/sdk-java/src/main/java/dev/agentsid/AgentsID.java)\n- [sdk-java/src/main/java/dev/agentsid/MCPMiddleware.java](https://github.com/AgentsID-dev/agentsid/blob/main/sdk-java/src/main/java/dev/agentsid/MCPMiddleware.java)\n
\n\n# Multi-Language SDKs\n\nAgentsID provides official Software Development Kits (SDKs) for multiple programming languages, enabling developers to integrate agent permission management, tool validation, and audit logging into their applications regardless of their preferred technology stack. Each SDK exposes a unified API surface while adapting to language-specific conventions and idioms.\n\n## Overview\n\nThe AgentsID SDK ecosystem covers four primary languages:\n\n| Language | Package/Registry | Primary Module |\n|----------|------------------|----------------|\n| TypeScript/JavaScript | `@agentsid/sdk` | `client.ts`, `middleware.ts` |\n| Python | `agentsid` (PyPI) | `client.py`, `middleware.py` |\n| Ruby | `agentsid` (RubyGems) | `client.rb` |\n| Java | Maven Central | `AgentsID.java`, `MCPMiddleware.java` |\n\n资料来源:[web/src/pages/docs.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/docs.tsx)\n\n## SDK Architecture\n\nAll SDKs follow a consistent layered architecture consisting of:\n\n1. **Client Layer** - Core API wrapper handling authentication, request serialization, and HTTP communication\n2. **Middleware Layer** - Integration adapters for frameworks like MCP (Model Context Protocol) and HTTP servers\n3. **Model Layer** - Typed data structures for requests, responses, and domain objects (agents, tokens, permissions)\n\n```mermaid\ngraph TD\n A[Application Code] --> B[SDK Client]\n B --> C[HTTP/REST API]\n C --> D[AgentsID Backend]\n \n E[Framework Integration] --> B\n F[MCP Server] --> E\n G[HTTP Server] --> E\n \n B --> H[Response Models]\n H --> A\n```\n\n资料来源:[sdk-typescript/src/client.ts](https://github.com/AgentsID-dev/agentsid/blob/main/sdk-typescript/src/client.ts), [sdk-python/agentsid/client.py](https://github.com/AgentsID-dev/agentsid/blob/main/sdk-python/agentsid/client.py)\n\n## Initialization\n\n### TypeScript/JavaScript\n\n```typescript\nimport { AgentsID } from '@agentsid/sdk';\n\nconst aid = new AgentsID({ \n projectKey: 'aid_proj_YOUR_KEY' \n});\n```\n\n资料来源:[web/src/pages/guides.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/guides.tsx)\n\n### Python\n\n```python\nfrom agentsid import AgentsID\n\naid = AgentsID(project_key=\"aid_proj_YOUR_KEY\")\n```\n\n资料来源:[web/src/pages/guides.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/guides.tsx)\n\n### Ruby\n\n```ruby\nrequire 'agentsid'\n\naid = AgentsID.new(project_key: 'aid_proj_YOUR_KEY')\n```\n\n资料来源:[sdk-ruby/lib/agentsid/client.rb](https://github.com/AgentsID-dev/agentsid/blob/main/sdk-ruby/lib/agentsid/client.rb)\n\n### Java\n\n```java\nimport dev.agentsid.AgentsID;\n\nAgentsID aid = new AgentsID(\"aid_proj_YOUR_KEY\");\n```\n\n资料来源:[sdk-java/src/main/java/dev/agentsid/AgentsID.java](https://github.com/AgentsID-dev/agentsid/blob/main/sdk-java/src/main/java/dev/agentsid/AgentsID.java)\n\n## Agent Management\n\n### Registering an Agent\n\nThe `registerAgent` method creates a new agent with scoped permissions and issues its first authentication token.\n\n```mermaid\nsequenceDiagram\n participant App as Application\n participant SDK as SDK Client\n participant API as AgentsID API\n \n App->>SDK: registerAgent(name, onBehalfOf, permissions)\n SDK->>API: POST /api/v1/agents\n API->>API: Create agent record\n API->>API: Generate token with JWT\n API-->>SDK: { agent, token, tokenId, expiresAt }\n SDK-->>App: Agent credentials\n```\n\n资料来源:[sdk-typescript/src/client.ts](https://github.com/AgentsID-dev/agentsid/blob/main/sdk-typescript/src/client.ts)\n\n**Method Signature (TypeScript):**\n\n```typescript\nconst { agent, token, tokenId, expiresAt } = await aid.registerAgent({\n name: 'research-bot',\n onBehalfOf: 'user_123',\n permissions: ['search_*', 'save_memory'],\n});\n```\n\n**Parameters:**\n\n| Parameter | Type | Required | Description |\n|-----------|------|----------|-------------|\n| `name` | string | Yes | Human-readable agent identifier |\n| `onBehalfOf` | string | Yes | Principal ID (user or system) the agent acts for |\n| `permissions` | string[] | No | Permission patterns to grant (e.g., `save_memory`, `search_*`) |\n| `ttlHours` | number | No | Token lifetime in hours (default varies by plan) |\n| `metadata` | object | No | Arbitrary key-value pairs for organization |\n\n资料来源:[web/src/pages/docs.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/docs.tsx)\n\n### Agent Methods Reference\n\n| Method | Description | Returns |\n|--------|-------------|---------|\n| `registerAgent()` | Create a new agent with initial token | `{ agent, token, tokenId, expiresAt }` |\n| `getAgent(agentId)` | Retrieve agent details | `Agent` object |\n| `listAgents(status?, limit?)` | List agents with optional filtering | `Agent[]` |\n| `updateAgent(agentId, updates)` | Update agent name or metadata | `Agent` object |\n| `refreshToken(agentId, ttlHours?)` | Revoke existing tokens and issue new one | `{ token, tokenId, expiresAt }` |\n| `revokeAgent(agentId)` | Permanently deactivate an agent | `void` |\n\n资料来源:[web/src/pages/docs.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/docs.tsx), [sdk-python/agentsid/client.py](https://github.com/AgentsID-dev/agentsid/blob/main/sdk-python/agentsid/client.py)\n\n## Permission Validation\n\n### Checking Tool Access\n\nThe `validate` method checks whether an agent's token permits execution of a specific tool.\n\n```typescript\nconst result = await aid.validate(token, 'save_memory');\nconsole.log(result.permission.allowed); // → true\n```\n\n**Response Schema:**\n\n```json\n{\n \"valid\": true,\n \"agent_id\": \"agt_7x9k2mNpQ4rS1tUv\",\n \"timestamp\": \"2026-03-25T14:30:00Z\",\n \"permission\": {\n \"allowed\": true,\n \"reason\": \"Allowed by rule: save_memory\",\n \"matched_rule\": {\n \"tool_pattern\": \"save_memory\",\n \"action\": \"allow\"\n }\n }\n}\n```\n\n资料来源:[web/src/pages/docs.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/docs.tsx)\n\n### Deny-First Default Behavior\n\nAgentsID employs a deny-first security model. If a tool is not explicitly listed in the agent's permission set, access is denied by default:\n\n```json\n{\n \"allowed\": false,\n \"reason\": \"No matching rule -- default deny\",\n \"matched_rule\": null\n}\n```\n\n资料来源:[web/src/pages/docs.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/docs.tsx)\n\n## Middleware Integration\n\n### HTTP Middleware\n\nThe HTTP middleware adapter enables seamless integration with existing web frameworks.\n\n```typescript\nimport { createHttpMiddleware } from '@agentsid/sdk';\n\nconst middleware = createHttpMiddleware({\n projectKey: 'aid_proj_YOUR_KEY',\n onUnauthorized: (req, res) => {\n res.status(401).json({ error: 'Invalid agent token' });\n }\n});\n```\n\n资料来源:[sdk-typescript/src/middleware.ts](https://github.com/AgentsID-dev/agentsid/blob/main/sdk-typescript/src/middleware.ts)\n\n### MCP Server Middleware\n\nFor Model Context Protocol servers, the SDK provides specialized middleware that intercepts tool calls before execution.\n\n```mermaid\ngraph LR\n A[AI Tool] -->|Tool Call| B[MCP Middleware]\n B --> C{Validate with AgentsID}\n C -->|Allowed| D[Tool Handler]\n C -->|Denied| E[Error Response]\n D --> F[Execute Tool]\n```\n\n资料来源:[sdk-java/src/main/java/dev/agentsid/MCPMiddleware.java](https://github.com/AgentsID-dev/agentsid/blob/main/sdk-java/src/main/java/dev/agentsid/MCPMiddleware.java), [sdk-python/agentsid/middleware.py](https://github.com/AgentsID-dev/agentsid/blob/main/sdk-python/agentsid/middleware.py)\n\n**Python MCP Middleware Pattern:**\n\n```python\nfrom agentsid.middleware import MCPMiddleware\n\nclass ProtectedNotesServer:\n def __init__(self, agentsid_client):\n self.middleware = MCPMiddleware(agentsid_client)\n \n async def handle_tool_call(self, tool_name: str, params: dict):\n # Validate before execution\n result = await self.middleware.validate(tool_name, params)\n if not result.allowed:\n raise PermissionError(f\"Tool '{tool_name}' is not permitted\")\n \n # Proceed with tool execution\n return await self.execute_tool(tool_name, params)\n```\n\n资料来源:[sdk-python/agentsid/middleware.py](https://github.com/AgentsID-dev/agentsid/blob/main/sdk-python/agentsid/middleware.py)\n\n## Audit Logging\n\n### Retrieving Audit Logs\n\nThe SDK provides access to the complete audit trail for agent activities:\n\n```typescript\nconst log = await aid.getAuditLog();\nconsole.log('Audit events:', log.entries.length);\n```\n\n**Response Schema:**\n\n```json\n{\n \"entries\": [\n {\n \"id\": 42,\n \"agent_id\": \"agt_7x9k2mNpQ4rS1tUv\",\n \"action\": \"tool_call\",\n \"tool\": \"save_memory\",\n \"params\": { \"category\": \"note\" },\n \"decision\": \"allowed\",\n \"ip_address\": \"203.0.113.42\",\n \"user_agent\": \"MyApp/1.0\",\n \"created_at\": \"2026-03-25T14:30:00+00:00\"\n }\n ],\n \"pagination\": {\n \"cursor\": \"eyJpZCI6NDJ9\",\n \"has_more\": true\n }\n}\n```\n\n资料来源:[web/src/pages/guides.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/guides.tsx), [web/src/pages/docs.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/docs.tsx)\n\n### Verifying Audit Integrity\n\nThe audit system supports cryptographic verification to detect tampering:\n\n```typescript\nconst verification = await aid.verifyAuditLog();\nif (!verification.verified) {\n console.error('Chain broken at entry:', verification.broken_at_id);\n}\n```\n\n**Verification Response (intact chain):**\n\n```json\n{\n \"verified\": true,\n \"entries_checked\": 1523,\n \"message\": \"Integrity chain verified -- all entries match their Merkle proofs\"\n}\n```\n\n**Verification Response (tampering detected):**\n\n```json\n{\n \"verified\": false,\n \"entries_checked\": 1523,\n \"broken_at_id\": 42,\n \"message\": \"Integrity chain broken at entry 42 -- possible tampering\"\n}\n```\n\n资料来源:[web/src/pages/docs.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/docs.tsx)\n\n## Delegation\n\nAgentsID supports hierarchical agent delegation, where one agent can create sub-agents with constrained permissions:\n\n```typescript\nconst delegate = await aid.delegate({\n parentAgentId: 'agt_parent',\n parentToken: 'aid_tok_...',\n childName: 'sub-researcher',\n childPermissions: ['search_memories'],\n ttlHours: 12\n});\n```\n\n**Constraints:**\n\n| Constraint Type | Parameters | Description |\n|-----------------|------------|-------------|\n| `rateLimit` | `max`, `windowSeconds`, `scope` | Maximum calls per time window |\n| `schedule` | `daysOfWeek`, `hoursUTC`, `timezone` | Time-based access windows |\n\n资料来源:[web/src/pages/docs.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/docs.tsx), [web/src/pages/spec.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/spec.tsx)\n\n## Usage Limits\n\nThe SDK exposes methods to monitor API usage against plan limits:\n\n```typescript\nconst usage = await aid.getUsage();\nconsole.log(`Events: ${usage.events_this_month}/${usage.events_limit}`);\nconsole.log(`Agents: ${usage.agents_active}/${usage.agents_limit}`);\nconsole.log(`Plan: ${usage.plan}`);\n```\n\n**Response Schema:**\n\n```json\n{\n \"events_this_month\": 1200,\n \"events_limit\": 10000,\n \"agents_active\": 5,\n \"agents_limit\": 25,\n \"plan\": \"free\"\n}\n```\n\n资料来源:[web/src/pages/docs.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/docs.tsx)\n\n## Error Handling\n\nThe SDK provides consistent error handling across all languages:\n\n| HTTP Code | Condition |\n|-----------|-----------|\n| `401` | Invalid or missing API key |\n| `403` | Permission scope violation or delegation constraint breach |\n| `404` | Resource not found (agent, token, etc.) |\n| `429` | Rate limit exceeded |\n\n**Token Validation Errors:**\n\nAll token validation failures return intentionally generic messages to prevent information leakage:\n\n```json\n{\n \"valid\": false,\n \"reason\": \"Token validation failed\"\n}\n```\n\n资料来源:[web/src/pages/docs.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/docs.tsx)\n\n## Quick Reference\n\n### Installation Commands\n\n| Language | Command |\n|----------|---------|\n| TypeScript | `npm install @agentsid/sdk` |\n| Python | `pip install agentsid` |\n| Ruby | `gem install agentsid` |\n| Java | Add to Maven or Gradle dependencies |\n\n资料来源:[web/src/pages/landing.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/landing.tsx)\n\n### Environment Variables\n\n| Variable | Description |\n|----------|-------------|\n| `AGENTSID_PROJECT_KEY` | Your project API key (`aid_proj_...`) |\n| `AGENTSID_AGENT_TOKEN` | Agent authentication token (`aid_tok_...`) |\n| `AGENTSID_URL` | API endpoint (defaults to `https://agentsid.dev`) |\n\n资料来源:[web/src/pages/guides.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/guides.tsx)\n\n---\n\n---\n\n## Doramagic 踩坑日志\n\n项目:AgentsID-dev/agentsid\n\n摘要:发现 7 个潜在踩坑项,其中 0 个为 high/blocking;最高优先级:身份坑 - 仓库名和安装名不一致。\n\n## 1. 身份坑 · 仓库名和安装名不一致\n\n- 严重度:medium\n- 证据强度:runtime_trace\n- 发现:仓库名 `agentsid` 与安装入口 `@agentsid/sdk` 不完全一致。\n- 对用户的影响:用户照着仓库名搜索包或照着包名找仓库时容易走错入口。\n- 建议检查:在 npm/PyPI/GitHub 上确认包名映射和官方 README 说明。\n- 复现命令:`npm install @agentsid/sdk`\n- 防护动作:页面必须同时展示 repo 名和真实安装入口,避免用户搜索错包。\n- 证据:identity.distribution | github_repo:1192733106 | https://github.com/AgentsID-dev/agentsid | repo=agentsid; install=@agentsid/sdk\n\n## 2. 能力坑 · 能力判断依赖假设\n\n- 严重度:medium\n- 证据强度:source_linked\n- 发现:README/documentation is current enough for a first validation pass.\n- 对用户的影响:假设不成立时,用户拿不到承诺的能力。\n- 建议检查:将假设转成下游验证清单。\n- 防护动作:假设必须转成验证项;没有验证结果前不能写成事实。\n- 证据:capability.assumptions | github_repo:1192733106 | https://github.com/AgentsID-dev/agentsid | README/documentation is current enough for a first validation pass.\n\n## 3. 维护坑 · 维护活跃度未知\n\n- 严重度:medium\n- 证据强度:source_linked\n- 发现:未记录 last_activity_observed。\n- 对用户的影响:新项目、停更项目和活跃项目会被混在一起,推荐信任度下降。\n- 建议检查:补 GitHub 最近 commit、release、issue/PR 响应信号。\n- 防护动作:维护活跃度未知时,推荐强度不能标为高信任。\n- 证据:evidence.maintainer_signals | github_repo:1192733106 | https://github.com/AgentsID-dev/agentsid | last_activity_observed missing\n\n## 4. 安全/权限坑 · 下游验证发现风险项\n\n- 严重度:medium\n- 证据强度:source_linked\n- 发现:no_demo\n- 对用户的影响:下游已经要求复核,不能在页面中弱化。\n- 建议检查:进入安全/权限治理复核队列。\n- 防护动作:下游风险存在时必须保持 review/recommendation 降级。\n- 证据:downstream_validation.risk_items | github_repo:1192733106 | https://github.com/AgentsID-dev/agentsid | no_demo; severity=medium\n\n## 5. 安全/权限坑 · 存在评分风险\n\n- 严重度:medium\n- 证据强度:source_linked\n- 发现:no_demo\n- 对用户的影响:风险会影响是否适合普通用户安装。\n- 建议检查:把风险写入边界卡,并确认是否需要人工复核。\n- 防护动作:评分风险必须进入边界卡,不能只作为内部分数。\n- 证据:risks.scoring_risks | github_repo:1192733106 | https://github.com/AgentsID-dev/agentsid | no_demo; severity=medium\n\n## 6. 维护坑 · issue/PR 响应质量未知\n\n- 严重度:low\n- 证据强度:source_linked\n- 发现:issue_or_pr_quality=unknown。\n- 对用户的影响:用户无法判断遇到问题后是否有人维护。\n- 建议检查:抽样最近 issue/PR,判断是否长期无人处理。\n- 防护动作:issue/PR 响应未知时,必须提示维护风险。\n- 证据:evidence.maintainer_signals | github_repo:1192733106 | https://github.com/AgentsID-dev/agentsid | issue_or_pr_quality=unknown\n\n## 7. 维护坑 · 发布节奏不明确\n\n- 严重度:low\n- 证据强度:source_linked\n- 发现:release_recency=unknown。\n- 对用户的影响:安装命令和文档可能落后于代码,用户踩坑概率升高。\n- 建议检查:确认最近 release/tag 和 README 安装命令是否一致。\n- 防护动作:发布节奏未知或过期时,安装说明必须标注可能漂移。\n- 证据:evidence.maintainer_signals | github_repo:1192733106 | https://github.com/AgentsID-dev/agentsid | release_recency=unknown\n\n\n", "markdown_key": "agentsid", "pages": "draft", "source_refs": [ { "evidence_id": "github_repo:1192733106", "kind": "repo", "supports_claim_ids": [ "claim_identity", "claim_distribution", "claim_capability" ], "url": "https://github.com/AgentsID-dev/agentsid" }, { "evidence_id": "art_5e45862d5409489a8dbf277a3f18ab14", "kind": "docs", "supports_claim_ids": [ "claim_identity", "claim_distribution", "claim_capability" ], "url": "https://github.com/AgentsID-dev/agentsid#readme" } ], "summary": "DeepWiki/Human Wiki 完整输出,末尾追加 Discovery Agent 踩坑日志。", "title": "agentsid 说明书", "toc": [ "https://github.com/AgentsID-dev/agentsid 项目说明书", "目录", "Project Introduction", "Overview", "The Problem", "Core Concepts", "Architecture", "Key Features", "Doramagic 踩坑日志" ] } }, "quality_gate": { "blocking_gaps": [], "category_confidence": "medium", "compile_status": "ready_for_review", "five_assets_present": true, "install_sandbox_verified": true, "missing_evidence": [], "next_action": "publish to Doramagic.ai project surfaces", "prompt_preview_boundary_ok": true, "publish_status": "publishable", "quick_start_verified": true, "repo_clone_verified": true, "repo_commit": "eb87e5047420b516a2157da8d7f1969f8821c672", "repo_inspection_error": null, "repo_inspection_files": [ "Dockerfile", "README.md", "docs/API.md", "docs/fastmcp-integration.md", "docs/SECURITY.md", "docs/permission-spec-v1.md", "docs/state-of-agent-security-2026.md", "docs/devrel/cursor-marketplace-listing.md", "docs/digest/issue-01.md", "docs/blog/2026-04-17-the-251-gap.md", "docs/hn-responses/2026-04-17.md" ], "repo_inspection_verified": true, "review_reasons": [ "community_discussion_evidence_below_public_threshold" ], "tag_count_ok": true, "unsupported_claims": [] }, "schema_version": "0.1", "user_assets": { "ai_context_pack": { "asset_id": "ai_context_pack", "filename": "AI_CONTEXT_PACK.md", "markdown": "# agentsid - Doramagic AI Context Pack\n\n> 定位:安装前体验与判断资产。它帮助宿主 AI 有一个好的开始,但不代表已经安装、执行或验证目标项目。\n\n## 充分原则\n\n- **充分原则,不是压缩原则**:AI Context Pack 应该充分到让宿主 AI 在开工前理解项目价值、能力边界、使用入口、风险和证据来源;它可以分层组织,但不以最短摘要为目标。\n- **压缩策略**:只压缩噪声和重复内容,不压缩会影响判断和开工质量的上下文。\n\n## 给宿主 AI 的使用方式\n\n你正在读取 Doramagic 为 agentsid 编译的 AI Context Pack。请把它当作开工前上下文:帮助用户理解适合谁、能做什么、如何开始、哪些必须安装后验证、风险在哪里。不要声称你已经安装、运行或执行了目标项目。\n\n## Claim 消费规则\n\n- **事实来源**:Repo Evidence + Claim/Evidence Graph;Human Wiki 只提供显著性、术语和叙事结构。\n- **事实最低状态**:`supported`\n- `supported`:可以作为项目事实使用,但回答中必须引用 claim_id 和证据路径。\n- `weak`:只能作为低置信度线索,必须要求用户继续核实。\n- `inferred`:只能用于风险提示或待确认问题,不能包装成项目事实。\n- `unverified`:不得作为事实使用,应明确说证据不足。\n- `contradicted`:必须展示冲突来源,不得替用户强行选择一个版本。\n\n## 它最适合谁\n\n- **AI 研究者或研究型 Agent 构建者**:README 明确围绕研究、实验或论文工作流展开。 证据:`README.md` Claim:`clm_0002` supported 0.86\n\n## 它能做什么\n\n- **命令行启动或安装流程**(需要安装后验证):项目文档中存在可执行命令,真实使用需要在本地或宿主环境中运行这些命令。 证据:`README.md` Claim:`clm_0001` supported 0.86\n\n## 怎么开始\n\n- `npm install @agentsid/sdk # TypeScript` 证据:`README.md` Claim:`clm_0003` supported 0.86\n- `pip install agentsid # Python` 证据:`README.md` Claim:`clm_0004` supported 0.86\n- `npx agentsid init # Create project, get API key` 证据:`README.md` Claim:`clm_0005` supported 0.86\n- `npx agentsid register-agent --name \"bot\" # Register an agent` 证据:`README.md` Claim:`clm_0006` supported 0.86\n- `npx agentsid list-agents # List all agents` 证据:`README.md` Claim:`clm_0007` supported 0.86\n- `npx agentsid audit --agent # View audit log` 证据:`README.md` Claim:`clm_0008` supported 0.86\n- `npx agentsid revoke # Revoke an agent` 证据:`README.md` Claim:`clm_0009` supported 0.86\n- `git clone https://github.com/AgentsID-dev/agentsid.git` 证据:`README.md` Claim:`clm_0010` supported 0.86\n- `pip install -e .` 证据:`README.md` Claim:`clm_0011` supported 0.86\n\n## 继续前判断卡\n\n- **当前建议**:需要管理员/安全审批\n- **为什么**:继续前可能涉及密钥、账号、外部服务或敏感上下文,建议先经过管理员或安全审批。\n\n### 30 秒判断\n\n- **现在怎么做**:需要管理员/安全审批\n- **最小安全下一步**:先跑 Prompt Preview;若涉及凭证或企业环境,先审批再试装\n- **先别相信**:角色质量和任务匹配不能直接相信。\n- **继续会触碰**:角色选择偏差、命令执行、本地环境或项目文件\n\n### 现在可以相信\n\n- **适合人群线索:AI 研究者或研究型 Agent 构建者**(supported):有 supported claim 或项目证据支撑,但仍不等于真实安装效果。 证据:`README.md` Claim:`clm_0002` supported 0.86\n- **能力存在:命令行启动或安装流程**(supported):可以相信项目包含这类能力线索;是否适合你的具体任务仍要试用或安装后验证。 证据:`README.md` Claim:`clm_0001` supported 0.86\n- **存在 Quick Start / 安装命令线索**(supported):可以相信项目文档出现过启动或安装入口;不要因此直接在主力环境运行。 证据:`README.md` Claim:`clm_0003` supported 0.86\n\n### 现在还不能相信\n\n- **角色质量和任务匹配不能直接相信。**(unverified):角色库证明有很多角色,不证明每个角色都适合你的具体任务,也不证明角色能产生高质量结果。\n- **不能把角色文案当成真实执行能力。**(unverified):安装前只能判断角色描述和任务画像是否匹配,不能证明它能在宿主 AI 里完成任务。\n- **真实输出质量不能在安装前相信。**(unverified):Prompt Preview 只能展示引导方式,不能证明真实项目中的结果质量。\n- **宿主 AI 版本兼容性不能在安装前相信。**(unverified):Claude、Cursor、Codex、Gemini 等宿主加载规则和版本差异必须在真实环境验证。\n- **不会污染现有宿主 AI 行为,不能直接相信。**(inferred):Skill、plugin、AGENTS/CLAUDE/GEMINI 指令可能改变宿主 AI 的默认行为。\n- **可安全回滚不能默认相信。**(unverified):除非项目明确提供卸载和恢复说明,否则必须先在隔离环境验证。\n- **真实安装后是否与用户当前宿主 AI 版本兼容?**(unverified):兼容性只能通过实际宿主环境验证。\n- **项目输出质量是否满足用户具体任务?**(unverified):安装前预览只能展示流程和边界,不能替代真实评测。\n\n### 继续会触碰什么\n\n- **角色选择偏差**:用户对任务应该由哪个专家角色处理的判断。 原因:选错角色会让 AI 从错误专业视角回答,浪费时间或误导决策。\n- **命令执行**:包管理器、网络下载、本地插件目录、项目配置或用户主目录。 原因:运行第一条命令就可能产生环境改动;必须先判断是否值得跑。 证据:`README.md`\n- **本地环境或项目文件**:安装结果、插件缓存、项目配置或本地依赖目录。 原因:安装前无法证明写入范围和回滚方式,需要隔离验证。 证据:`README.md`\n- **环境变量 / API Key**:项目入口文档明确出现 API key、token、secret 或账号凭证配置。 原因:如果真实安装需要凭证,应先使用测试凭证并经过权限/合规判断。 证据:`README.md`\n- **宿主 AI 上下文**:AI Context Pack、Prompt Preview、Skill 路由、风险规则和项目事实。 原因:导入上下文会影响宿主 AI 后续判断,必须避免把未验证项包装成事实。\n\n### 最小安全下一步\n\n- **先跑 Prompt Preview**:先用交互式试用验证任务画像和角色匹配,不要先导入整套角色库。(适用:任何项目都适用,尤其是输出质量未知时。)\n- **只在隔离目录或测试账号试装**:避免安装命令污染主力宿主 AI、真实项目或用户主目录。(适用:存在命令执行、插件配置或本地写入线索时。)\n- **不要使用真实生产凭证**:环境变量/API key 一旦进入宿主或工具链,可能产生账号和合规风险。(适用:出现 API、TOKEN、KEY、SECRET 等环境线索时。)\n- **安装后只验证一个最小任务**:先验证加载、兼容、输出质量和回滚,再决定是否深用。(适用:准备从试用进入真实工作流时。)\n\n### 退出方式\n\n- **保留安装前状态**:记录原始宿主配置和项目状态,后续才能判断是否可恢复。\n- **保留原始角色选择记录**:如果输出偏题,可以回到任务画像阶段重新选择角色,而不是继续沿着错误角色推进。\n- **记录安装命令和写入路径**:没有明确卸载说明时,至少要知道哪些目录或配置需要手动清理。\n- **准备撤销测试 API key 或 token**:测试凭证泄露或误用时,可以快速止损。\n- **如果没有回滚路径,不进入主力环境**:不可回滚是继续前阻断项,不应靠信任或运气继续。\n\n## 哪些只能预览\n\n- 解释项目适合谁和能做什么\n- 基于项目文档演示典型对话流程\n- 帮助用户判断是否值得安装或继续研究\n\n## 哪些必须安装后验证\n\n- 真实安装 Skill、插件或 CLI\n- 执行脚本、修改本地文件或访问外部服务\n- 验证真实输出质量、性能和兼容性\n\n## 边界与风险判断卡\n\n- **把安装前预览误认为真实运行**:用户可能高估项目已经完成的配置、权限和兼容性验证。 处理方式:明确区分 prompt_preview_can_do 与 runtime_required。 Claim:`clm_0012` inferred 0.45\n- **命令执行会修改本地环境**:安装命令可能写入用户主目录、宿主插件目录或项目配置。 处理方式:先在隔离环境或测试账号中运行。 证据:`README.md` Claim:`clm_0013` supported 0.86\n- **待确认**:真实安装后是否与用户当前宿主 AI 版本兼容?。原因:兼容性只能通过实际宿主环境验证。\n- **待确认**:项目输出质量是否满足用户具体任务?。原因:安装前预览只能展示流程和边界,不能替代真实评测。\n- **待确认**:安装命令是否需要网络、权限或全局写入?。原因:这影响企业环境和个人环境的安装风险。\n\n## 开工前工作上下文\n\n### 加载顺序\n\n- 先读取 how_to_use.host_ai_instruction,建立安装前判断资产的边界。\n- 读取 claim_graph_summary,确认事实来自 Claim/Evidence Graph,而不是 Human Wiki 叙事。\n- 再读取 intended_users、capabilities 和 quick_start_candidates,判断用户是否匹配。\n- 需要执行具体任务时,优先查 role_skill_index,再查 evidence_index。\n- 遇到真实安装、文件修改、网络访问、性能或兼容性问题时,转入 risk_card 和 boundaries.runtime_required。\n\n### 任务路由\n\n- **命令行启动或安装流程**:先说明这是安装后验证能力,再给出安装前检查清单。 边界:必须真实安装或运行后验证。 证据:`README.md` Claim:`clm_0001` supported 0.86\n\n### 上下文规模\n\n- 文件总数:254\n- 重要文件覆盖:40/254\n- 证据索引条目:55\n- 角色 / Skill 条目:21\n\n### 证据不足时的处理\n\n- **missing_evidence**:说明证据不足,要求用户提供目标文件、README 段落或安装后验证记录;不要补全事实。\n- **out_of_scope_request**:说明该任务超出当前 AI Context Pack 证据范围,并建议用户先查看 Human Manual 或真实安装后验证。\n- **runtime_request**:给出安装前检查清单和命令来源,但不要替用户执行命令或声称已执行。\n- **source_conflict**:同时展示冲突来源,标记为待核实,不要强行选择一个版本。\n\n## Prompt Recipes\n\n### 适配判断\n\n- 目标:判断这个项目是否适合用户当前任务。\n- 预期输出:适配结论、关键理由、证据引用、安装前可预览内容、必须安装后验证内容、下一步建议。\n\n```text\n请基于 agentsid 的 AI Context Pack,先问我 3 个必要问题,然后判断它是否适合我的任务。回答必须包含:适合谁、能做什么、不能做什么、是否值得安装、证据来自哪里。所有项目事实必须引用 evidence_refs、source_paths 或 claim_id。\n```\n\n### 安装前体验\n\n- 目标:让用户在安装前感受核心工作流,同时避免把预览包装成真实能力或营销承诺。\n- 预期输出:一段带边界标签的体验剧本、安装后验证清单和谨慎建议;不含真实运行承诺或强营销表述。\n\n```text\n请把 agentsid 当作安装前体验资产,而不是已安装工具或真实运行环境。\n\n请严格输出四段:\n1. 先问我 3 个必要问题。\n2. 给出一段“体验剧本”:用 [安装前可预览]、[必须安装后验证]、[证据不足] 三种标签展示它可能如何引导工作流。\n3. 给出安装后验证清单:列出哪些能力只有真实安装、真实宿主加载、真实项目运行后才能确认。\n4. 给出谨慎建议:只能说“值得继续研究/试装”“先补充信息后再判断”或“不建议继续”,不得替项目背书。\n\n硬性边界:\n- 不要声称已经安装、运行、执行测试、修改文件或产生真实结果。\n- 不要写“自动适配”“确保通过”“完美适配”“强烈建议安装”等承诺性表达。\n- 如果描述安装后的工作方式,必须使用“如果安装成功且宿主正确加载 Skill,它可能会……”这种条件句。\n- 体验剧本只能写成“示例台词/假设流程”:使用“可能会询问/可能会建议/可能会展示”,不要写“已写入、已生成、已通过、正在运行、正在生成”。\n- Prompt Preview 不负责给安装命令;如用户准备试装,只能提示先阅读 Quick Start 和 Risk Card,并在隔离环境验证。\n- 所有项目事实必须来自 supported claim、evidence_refs 或 source_paths;inferred/unverified 只能作风险或待确认项。\n\n```\n\n### 角色 / Skill 选择\n\n- 目标:从项目里的角色或 Skill 中挑选最匹配的资产。\n- 预期输出:候选角色或 Skill 列表,每项包含适用场景、证据路径、风险边界和是否需要安装后验证。\n\n```text\n请读取 role_skill_index,根据我的目标任务推荐 3-5 个最相关的角色或 Skill。每个推荐都要说明适用场景、可能输出、风险边界和 evidence_refs。\n```\n\n### 风险预检\n\n- 目标:安装或引入前识别环境、权限、规则冲突和质量风险。\n- 预期输出:环境、权限、依赖、许可、宿主冲突、质量风险和未知项的检查清单。\n\n```text\n请基于 risk_card、boundaries 和 quick_start_candidates,给我一份安装前风险预检清单。不要替我执行命令,只说明我应该检查什么、为什么检查、失败会有什么影响。\n```\n\n### 宿主 AI 开工指令\n\n- 目标:把项目上下文转成一次对话开始前的宿主 AI 指令。\n- 预期输出:一段边界明确、证据引用明确、适合复制给宿主 AI 的开工前指令。\n\n```text\n请基于 agentsid 的 AI Context Pack,生成一段我可以粘贴给宿主 AI 的开工前指令。这段指令必须遵守 not_runtime=true,不能声称项目已经安装、运行或产生真实结果。\n```\n\n\n## 角色 / Skill 索引\n\n- 共索引 21 个角色 / Skill / 项目文档条目。\n\n- **The Problem**(project_doc):Identity, permissions, and audit for AI agents. The Auth0 for the agent economy. 激活提示:当用户需要理解项目结构、安装方式或边界时参考。 证据:`README.md`\n- **AgentsID — Download Metrics**(project_doc):Auto-updated daily by GitHub Actions. Last run: 2026-05-14 激活提示:当用户需要理解项目结构、安装方式或边界时参考。 证据:`metrics/README.md`\n- **AgentsID Java SDK**(project_doc):! Maven https://img.shields.io/badge/maven-dev.agentsid:agentsid--sdk-7c5bf0?style=flat-square https://agentsid.dev ! Java https://img.shields.io/badge/java-17%2B-7c5bf0?style=flat-square https://openjdk.org/ ! License https://img.shields.io/badge/license-MIT-7c5bf0?style=flat-square ../LICENSE 激活提示:当用户需要理解项目结构、安装方式或边界时参考。 证据:`sdk-java/README.md`\n- **agentsid**(project_doc):! PyPI version https://img.shields.io/pypi/v/agentsid.svg https://pypi.org/project/agentsid/ ! Python https://img.shields.io/pypi/pyversions/agentsid.svg https://pypi.org/project/agentsid/ ! License: MIT https://img.shields.io/badge/License-MIT-blue.svg https://opensource.org/licenses/MIT 激活提示:当用户需要理解项目结构、安装方式或边界时参考。 证据:`sdk-python/README.md`\n- **agentsid**(project_doc):! Gem Version https://img.shields.io/gem/v/agentsid.svg https://rubygems.org/gems/agentsid ! License: MIT https://img.shields.io/badge/License-MIT-blue.svg https://opensource.org/licenses/MIT 激活提示:当用户需要理解项目结构、安装方式或边界时参考。 证据:`sdk-ruby/README.md`\n- **@agentsid/sdk**(project_doc):! npm version https://img.shields.io/npm/v/@agentsid/sdk.svg https://www.npmjs.com/package/@agentsid/sdk ! License: MIT https://img.shields.io/badge/License-MIT-blue.svg https://opensource.org/licenses/MIT 激活提示:当用户需要理解项目结构、安装方式或边界时参考。 证据:`sdk-typescript/README.md`\n- **@agentsid/setup**(project_doc):Guided setup wizard for AgentsID https://agentsid.dev — protect your AI coding agent in 2 minutes. 激活提示:当用户需要理解项目结构、安装方式或边界时参考。 证据:`setup/README.md`\n- **React + TypeScript + Vite**(project_doc):This template provides a minimal setup to get React working in Vite with HMR and some ESLint rules. 激活提示:当用户需要理解项目结构、安装方式或边界时参考。 证据:`web/README.md`\n- **AgentsID Security Model**(project_doc):This document describes the security architecture of AgentsID: how tokens are signed and validated, how permissions are evaluated, how delegation chains enforce scope narrowing, and what is recorded in the audit trail. 激活提示:当用户需要理解项目结构、安装方式或边界时参考。 证据:`docs/SECURITY.md`\n- **AgentsID + FastMCP Integration Guide**(project_doc):AgentsID + FastMCP Integration Guide 激活提示:当用户需要理解项目结构、安装方式或边界时参考。 证据:`docs/fastmcp-integration.md`\n- **AgentsID Permission Specification v1.0**(project_doc):AgentsID Permission Specification v1.0 激活提示:当用户需要理解项目结构、安装方式或边界时参考。 证据:`docs/permission-spec-v1.md`\n- **The State of MCP Server Security — 2026**(project_doc):The State of MCP Server Security — 2026 激活提示:当用户需要理解项目结构、安装方式或边界时参考。 证据:`docs/state-of-agent-security-2026.md`\n- **The 251 gap: the MCP servers our own registry couldn't see**(project_doc):The 251 gap: the MCP servers our own registry couldn't see 激活提示:当用户需要理解项目结构、安装方式或边界时参考。 证据:`docs/blog/2026-04-17-the-251-gap.md`\n- **Cursor Marketplace Listing — AgentsID Guard**(project_doc):Cursor Marketplace Listing — AgentsID Guard 激活提示:当用户需要理解项目结构、安装方式或边界时参考。 证据:`docs/devrel/cursor-marketplace-listing.md`\n- **MCP Security Digest — Issue 1**(project_doc):Subject primary : Issue 1 — 1,332 MCP servers fail. Here are the 5 worst. Subject short alt : The 5 worst MCP servers we've scanned Subject plain alt : MCP Security Digest 1 — 1,332 F grades Preheader: 94.8% of servers with 51+ tools grade F. One pattern predicts most of it. 激活提示:当用户需要理解项目结构、安装方式或边界时参考。 证据:`docs/digest/issue-01.md`\n- **HN Response Drafts — 2026-04-17**(project_doc):Post: \"460 MCP servers tell agents to act secretly\" Show HN Status: Pre-drafted responses for likely comment archetypes. Steven reviews and posts from his account. Append real comment text + context above each response once they land. 激活提示:当用户需要理解项目结构、安装方式或边界时参考。 证据:`docs/hn-responses/2026-04-17.md`\n- **Cursor + Codex Integration Research**(project_doc):Cursor + Codex Integration Research 激活提示:当用户需要理解项目结构、安装方式或边界时参考。 证据:`setup/docs/cursor-integration-research.md`\n- **AgentsID — Technical Architecture**(project_doc):Layer Technology Why ------- ----------- ----- API Server FastAPI Python Steven's strongest stack, async, type-safe, fast to build Database PostgreSQL Supabase Already have it, proven, free tier TypeScript SDK Pure TypeScript, zero deps npm package, MCP middleware Python SDK Pure Python, zero deps PyPI package, MCP middleware CLI Node.js npx Developer onboarding Auth HMAC token signing Simple, no external auth deps… 激活提示:当用户需要理解项目结构、安装方式或边界时参考。 证据:`ARCHITECTURE.md`\n- **Changelog**(project_doc):All notable changes to this project will be documented in this file. 激活提示:当用户需要理解项目结构、安装方式或边界时参考。 证据:`CHANGELOG.md`\n- **AgentsID — Identity and Auth for AI Agents**(project_doc):AgentsID — Identity and Auth for AI Agents 激活提示:当用户需要理解项目结构、安装方式或边界时参考。 证据:`PRODUCT.md`\n- **Changelog**(project_doc):All notable changes to @agentsid/setup are documented here. 激活提示:当用户需要理解项目结构、安装方式或边界时参考。 证据:`setup/CHANGELOG.md`\n\n## 证据索引\n\n- 共索引 55 条证据。\n\n- **The Problem**(documentation):Identity, permissions, and audit for AI agents. The Auth0 for the agent economy. 证据:`README.md`\n- **AgentsID — Download Metrics**(documentation):Auto-updated daily by GitHub Actions. Last run: 2026-05-14 证据:`metrics/README.md`\n- **AgentsID Java SDK**(documentation):! Maven https://img.shields.io/badge/maven-dev.agentsid:agentsid--sdk-7c5bf0?style=flat-square https://agentsid.dev ! Java https://img.shields.io/badge/java-17%2B-7c5bf0?style=flat-square https://openjdk.org/ ! License https://img.shields.io/badge/license-MIT-7c5bf0?style=flat-square ../LICENSE 证据:`sdk-java/README.md`\n- **agentsid**(documentation):! PyPI version https://img.shields.io/pypi/v/agentsid.svg https://pypi.org/project/agentsid/ ! Python https://img.shields.io/pypi/pyversions/agentsid.svg https://pypi.org/project/agentsid/ ! License: MIT https://img.shields.io/badge/License-MIT-blue.svg https://opensource.org/licenses/MIT 证据:`sdk-python/README.md`\n- **agentsid**(documentation):! Gem Version https://img.shields.io/gem/v/agentsid.svg https://rubygems.org/gems/agentsid ! License: MIT https://img.shields.io/badge/License-MIT-blue.svg https://opensource.org/licenses/MIT 证据:`sdk-ruby/README.md`\n- **@agentsid/sdk**(documentation):! npm version https://img.shields.io/npm/v/@agentsid/sdk.svg https://www.npmjs.com/package/@agentsid/sdk ! License: MIT https://img.shields.io/badge/License-MIT-blue.svg https://opensource.org/licenses/MIT 证据:`sdk-typescript/README.md`\n- **@agentsid/setup**(documentation):Guided setup wizard for AgentsID https://agentsid.dev — protect your AI coding agent in 2 minutes. 证据:`setup/README.md`\n- **React + TypeScript + Vite**(documentation):This template provides a minimal setup to get React working in Vite with HMR and some ESLint rules. 证据:`web/README.md`\n- **Package**(package_manifest):{ \"name\": \"agentsid\", \"version\": \"0.1.0\", \"description\": \"AgentsID CLI — manage agent identities from the terminal\", \"type\": \"module\", \"bin\": { \"agentsid\": \"dist/index.js\" }, \"scripts\": { \"build\": \"tsc\", \"dev\": \"tsc --watch\" }, \"keywords\": \"ai\", \"agents\", \"auth\", \"identity\", \"mcp\", \"cli\" , \"author\": \"AgentsID\", \"license\": \"MIT\", \"devDependencies\": { \"@types/node\": \"^25.5.0\", \"typescript\": \"^5.3.0\" } } 证据:`cli/package.json`\n- **Package**(package_manifest):{ \"name\": \"agentsid-demo\", \"version\": \"1.0.0\", \"type\": \"module\", \"dependencies\": { \"@agentsid/sdk\": \"^0.1.0\", \"@modelcontextprotocol/sdk\": \"^1.0.0\", \"zod\": \"^4.3.6\" } } 证据:`demo/package.json`\n- **Package**(package_manifest):{ \"name\": \"@agentsid/mcp-scanner\", \"version\": \"0.2.0\", \"description\": \"MCP security scanner. Scores any MCP server against the AgentsID trust framework and looks up pre-scanned results from the public registry.\", \"type\": \"module\", \"main\": \"src/index.mjs\", \"bin\": { \"agentsid-scanner\": \"src/index.mjs\" }, \"scripts\": { \"start\": \"node src/index.mjs\" }, \"keywords\": \"mcp\", \"mcp-server\", \"security\", \"scanner\", \"agentsid\", \"trust-score\", \"ai-agents\" , \"mcpName\": \"agentsid-mcp-scanner\", \"license\": \"MIT\", \"repository\": { \"type\": \"git\", \"url\": \"git+https://github.com/AgentsID-dev/agentsid-scanner.git\" }, \"dependencies\": { \"@agentsid/scanner\": \"^0.2.0\", \"@modelcontextprotocol/sdk\": \"^1.0.0\" } } 证据:`mcp-scanner/package.json`\n- **Package**(package_manifest):{ \"name\": \"@agentsid/sdk\", \"version\": \"0.1.0\", \"description\": \"Identity and auth for AI agents — drop-in MCP middleware, per-tool permissions, delegation chains, audit trails\", \"main\": \"dist/index.js\", \"types\": \"dist/index.d.ts\", \"type\": \"module\", \"files\": \"dist\" , \"scripts\": { \"build\": \"tsc\", \"dev\": \"tsc --watch\", \"prepublishOnly\": \"npm run build\" }, \"keywords\": \"ai\", \"agents\", \"auth\", \"identity\", \"mcp\", \"security\", \"permissions\", \"audit\", \"delegation\", \"tokens\" , \"author\": \"AgentsID \", \"license\": \"MIT\", \"homepage\": \"https://agentsid.dev\", \"repository\": { \"type\": \"git\", \"url\": \"https://github.com/agentsid/agentsid\" }, \"bugs\": { \"url\": \"https://github.com/agentsid/agentsid/issues\" }, \"engin… 证据:`sdk-typescript/package.json`\n- **Package**(package_manifest):{ \"name\": \"@agentsid/setup\", \"version\": \"0.2.4\", \"description\": \"Guided setup wizard for AgentsID — protect your AI agent in 2 minutes\", \"type\": \"module\", \"bin\": { \"agentsid-setup\": \"./dist/cli.js\" }, \"files\": \"dist\", \"README.md\", \"LICENSE\", \"CHANGELOG.md\" , \"scripts\": { \"build\": \"tsc && npm run copy-assets\", \"copy-assets\": \"mkdir -p dist/hook && cp src/hook/pre-tool.sh src/hook/post-tool.sh src/hook/cursor-adapter.sh dist/hook/\", \"dev\": \"tsx src/cli.tsx\", \"test\": \"vitest run\", \"prepublishOnly\": \"npm run build && npm test\" }, \"dependencies\": { \"ink\": \"^5.1.0\", \"ink-select-input\": \"^6.0.0\", \"ink-spinner\": \"^5.0.0\", \"ink-text-input\": \"^6.0.0\", \"react\": \"^18.3.0\" }, \"devDependencies\": { \"@type… 证据:`setup/package.json`\n- **Package**(package_manifest):{ \"name\": \"web\", \"private\": true, \"version\": \"0.0.0\", \"type\": \"module\", \"scripts\": { \"dev\": \"vite\", \"build\": \"tsc -b && vite build\", \"lint\": \"eslint .\", \"preview\": \"vite preview\" }, \"dependencies\": { \"@radix-ui/react-accordion\": \"^1.2.12\", \"@radix-ui/react-dialog\": \"^1.1.15\", \"@radix-ui/react-icons\": \"^1.3.2\", \"@radix-ui/react-label\": \"^2.1.8\", \"@radix-ui/react-navigation-menu\": \"^1.2.14\", \"@radix-ui/react-slot\": \"^1.2.4\", \"@sentry/react\": \"^10.46.0\", \"@tailwindcss/vite\": \"^4.2.2\", \"@xyflow/react\": \"^12.10.1\", \"class-variance-authority\": \"^0.7.1\", \"clsx\": \"^2.1.1\", \"lucide-react\": \"^1.7.0\", \"motion\": \"^12.38.0\", \"posthog-js\": \"^1.365.0\", \"react\": \"^19.2.4\", \"react-dom\": \"^19.2.4\", \"react-ro… 证据:`web/package.json`\n- **License**(source_file):Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files the \"Software\" , to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: 证据:`setup/LICENSE`\n- **AgentsID Security Model**(documentation):This document describes the security architecture of AgentsID: how tokens are signed and validated, how permissions are evaluated, how delegation chains enforce scope narrowing, and what is recorded in the audit trail. 证据:`docs/SECURITY.md`\n- **AgentsID + FastMCP Integration Guide**(documentation):AgentsID + FastMCP Integration Guide 证据:`docs/fastmcp-integration.md`\n- **AgentsID Permission Specification v1.0**(documentation):AgentsID Permission Specification v1.0 证据:`docs/permission-spec-v1.md`\n- **The State of MCP Server Security — 2026**(documentation):The State of MCP Server Security — 2026 证据:`docs/state-of-agent-security-2026.md`\n- **The 251 gap: the MCP servers our own registry couldn't see**(documentation):The 251 gap: the MCP servers our own registry couldn't see 证据:`docs/blog/2026-04-17-the-251-gap.md`\n- **Cursor Marketplace Listing — AgentsID Guard**(documentation):Cursor Marketplace Listing — AgentsID Guard 证据:`docs/devrel/cursor-marketplace-listing.md`\n- **MCP Security Digest — Issue 1**(documentation):Subject primary : Issue 1 — 1,332 MCP servers fail. Here are the 5 worst. Subject short alt : The 5 worst MCP servers we've scanned Subject plain alt : MCP Security Digest 1 — 1,332 F grades Preheader: 94.8% of servers with 51+ tools grade F. One pattern predicts most of it. 证据:`docs/digest/issue-01.md`\n- **HN Response Drafts — 2026-04-17**(documentation):Post: \"460 MCP servers tell agents to act secretly\" Show HN Status: Pre-drafted responses for likely comment archetypes. Steven reviews and posts from his account. Append real comment text + context above each response once they land. 证据:`docs/hn-responses/2026-04-17.md`\n- **Cursor + Codex Integration Research**(documentation):Cursor + Codex Integration Research 证据:`setup/docs/cursor-integration-research.md`\n- **AgentsID — Technical Architecture**(documentation):Layer Technology Why ------- ----------- ----- API Server FastAPI Python Steven's strongest stack, async, type-safe, fast to build Database PostgreSQL Supabase Already have it, proven, free tier TypeScript SDK Pure TypeScript, zero deps npm package, MCP middleware Python SDK Pure Python, zero deps PyPI package, MCP middleware CLI Node.js npx Developer onboarding Auth HMAC token signing Simple, no external auth deps Deployment Railway + Docker Already have config patterns from Vault 证据:`ARCHITECTURE.md`\n- **Changelog**(documentation):All notable changes to this project will be documented in this file. 证据:`CHANGELOG.md`\n- **AgentsID — Identity and Auth for AI Agents**(documentation):AgentsID — Identity and Auth for AI Agents 证据:`PRODUCT.md`\n- **Changelog**(documentation):All notable changes to @agentsid/setup are documented here. 证据:`setup/CHANGELOG.md`\n- **Tsconfig**(structured_config):{ \"compilerOptions\": { \"target\": \"ES2022\", \"module\": \"ESNext\", \"moduleResolution\": \"bundler\", \"lib\": \"ES2022\", \"DOM\" , \"outDir\": \"dist\", \"rootDir\": \"src\", \"strict\": true, \"declaration\": false, \"sourceMap\": false, \"esModuleInterop\": true, \"skipLibCheck\": true }, \"include\": \"src\" , \"exclude\": \"node modules\", \"dist\" } 证据:`cli/tsconfig.json`\n- **Tsconfig**(structured_config):{ \"compilerOptions\": { \"target\": \"ES2022\", \"module\": \"ESNext\", \"moduleResolution\": \"bundler\", \"lib\": \"ES2022\", \"DOM\" , \"outDir\": \"dist\", \"rootDir\": \"src\", \"strict\": true, \"declaration\": true, \"declarationMap\": true, \"sourceMap\": true, \"esModuleInterop\": true, \"skipLibCheck\": true }, \"include\": \"src\" , \"exclude\": \"node modules\", \"dist\" } 证据:`sdk-typescript/tsconfig.json`\n- **Tsconfig**(structured_config):{ \"compilerOptions\": { \"target\": \"ES2022\", \"module\": \"NodeNext\", \"moduleResolution\": \"NodeNext\", \"jsx\": \"react-jsx\", \"outDir\": \"./dist\", \"rootDir\": \"./src\", \"strict\": true, \"esModuleInterop\": true, \"skipLibCheck\": true, \"declaration\": true }, \"include\": \"src/ / \" , \"exclude\": \"node modules\", \"dist\" } 证据:`setup/tsconfig.json`\n- **Tsconfig.App**(structured_config):{ \"compilerOptions\": { \"tsBuildInfoFile\": \"./node modules/.tmp/tsconfig.app.tsbuildinfo\", \"target\": \"ES2023\", \"useDefineForClassFields\": true, \"lib\": \"ES2023\", \"DOM\", \"DOM.Iterable\" , \"module\": \"ESNext\", \"types\": \"vite/client\" , \"skipLibCheck\": true, \"moduleResolution\": \"bundler\", \"allowImportingTsExtensions\": true, \"verbatimModuleSyntax\": true, \"moduleDetection\": \"force\", \"noEmit\": true, \"jsx\": \"react-jsx\", \"strict\": true, \"noUnusedLocals\": true, \"noUnusedParameters\": true, \"erasableSyntaxOnly\": true, \"noFallthroughCasesInSwitch\": true, \"noUncheckedSideEffectImports\": true, \"baseUrl\": \".\", \"paths\": { \"@/ \": \"./src/ \" } }, \"include\": \"src\" } 证据:`web/tsconfig.app.json`\n- **Tsconfig**(structured_config):{ \"files\": , \"references\": { \"path\": \"./tsconfig.app.json\" }, { \"path\": \"./tsconfig.node.json\" } } 证据:`web/tsconfig.json`\n- **Tsconfig.Node**(structured_config):{ \"compilerOptions\": { \"tsBuildInfoFile\": \"./node modules/.tmp/tsconfig.node.tsbuildinfo\", \"target\": \"ES2023\", \"lib\": \"ES2023\" , \"module\": \"ESNext\", \"types\": \"node\" , \"skipLibCheck\": true, 证据:`web/tsconfig.node.json`\n- **Python**(source_file):Python pycache / .pyc .pyo .venv/ .egg-info/ dist/ build/ .ruff cache/ .pytest cache/ 证据:`.gitignore`\n- **Force rebuild by changing this comment: v5**(source_file):WORKDIR /app/web COPY web/package.json web/package-lock.json ./ RUN npm ci COPY web/ . RUN npm run build 证据:`Dockerfile`\n- **Parse env vars**(source_file):name: 'AgentsID MCP Scan' description: 'Scan MCP servers for security issues. Posts a PR comment, renders a workflow summary, and uploads findings to the GitHub Security tab.' author: 'AgentsID' 证据:`action.yml`\n- **Server**(source_file):/ AgentsID Demo — A real MCP server protected by AgentsID Tools: - search notes: Search through notes ALLOWED - save note: Save a new note ALLOWED - list notes: List all notes ALLOWED - delete note: Delete a note DENIED by AgentsID - admin reset: Reset everything DENIED by AgentsID / 证据:`demo/server.mjs`\n- **Npm Downloads**(source_file):date,package,daily,weekly,monthly 2026-04-07,@agentsid/scanner,17,307,467 2026-04-07,@agentsid/mcp-scanner,26,609,609 2026-04-07,@agentsid/sdk,2,9,70 2026-04-07,@agentsid/proxy,7,28,64 2026-04-08,@agentsid/scanner,17,307,467 2026-04-08,@agentsid/mcp-scanner,26,609,609 2026-04-08,@agentsid/sdk,2,9,70 2026-04-08,@agentsid/proxy,7,28,64 2026-04-09,@agentsid/scanner,118,392,585 2026-04-09,@agentsid/mcp-scanner,17,626,626 2026-04-09,@agentsid/sdk,1,10,71 2026-04-09,@agentsid/proxy,1,19,65 2026-04-10,@agentsid/scanner,26,410,611 2026-04-10,@agentsid/mcp-scanner,36,662,662 2026-04-10,@agentsid/sdk,0,8,71 2026-04-10,@agentsid/proxy,0,16,65 2026-04-11,@agentsid/scanner,16,398,627 2026-04-11,@agentsi… 证据:`metrics/npm-downloads.csv`\n- **Railway**(source_file):build builder = \"DOCKERFILE\" dockerfilePath = \"Dockerfile\" 证据:`railway.toml`\n- **!/bin/bash**(source_file):!/bin/bash Pull real-time GitHub traffic for agentsid-scanner Usage: ./scripts/gh-traffic.sh 证据:`scripts/gh-traffic.sh`\n- **!/bin/bash**(source_file):!/bin/bash Track npm download stats for AgentsID packages Usage: ./scripts/npm-downloads.sh --daily Packages tracked: @agentsid/scanner — core scanner library @agentsid/mcp-scanner — MCP server wrapper 证据:`scripts/npm-downloads.sh`\n- **Pom**(source_file):dev.agentsid agentsid-sdk 0.1.0 jar 证据:`sdk-java/pom.xml`\n- **Pyproject**(source_file):project name = \"agentsid\" version = \"0.1.0\" description = \"Identity and auth for AI agents — drop-in MCP middleware\" readme = \"README.md\" requires-python = \" =3.10\" dependencies = \"httpx =0.25.0\" license = {text = \"MIT\"} keywords = \"ai\", \"agents\", \"auth\", \"identity\", \"mcp\", \"security\" 证据:`sdk-python/pyproject.toml`\n- **frozen string literal: true**(source_file):Gem::Specification.new do spec spec.name = \"agentsid\" spec.version = \"0.1.0\" spec.authors = \"AgentsID\" spec.email = \"support@agentsid.dev\" 证据:`sdk-ruby/agentsid.gemspec`\n- **server/.dockerignore**(source_file):.env .env. .venv/ pycache / .pyc .git/ .github/ tests/ .pytest cache/ .ruff cache/ .md .full-review/ 证据:`server/.dockerignore`\n- **Required**(source_file):Required AGENTSID DATABASE URL=postgresql+asyncpg://user:pass@localhost:5432/agentsid AGENTSID SIGNING SECRET=generate-a-64-char-random-string-here 证据:`server/.env.example`\n- **Dockerfile**(source_file):COPY pyproject.toml . RUN uv pip install --system --no-cache . resend cryptography sentry-sdk fastapi 证据:`server/Dockerfile`\n- **A generic, single database configuration.**(source_file):A generic, single database configuration. 证据:`server/alembic.ini`\n- **Docker Compose**(source_file):services: db: image: postgres:16 restart: unless-stopped environment: POSTGRES USER: agentsid POSTGRES PASSWORD: agentsid local POSTGRES DB: agentsid ports: - \"5432:5432\" volumes: - pgdata:/var/lib/postgresql/data healthcheck: test: \"CMD-SHELL\", \"pg isready -U agentsid -d agentsid\" interval: 5s timeout: 5s retries: 5 证据:`server/docker-compose.yml`\n- **Pyproject**(source_file):project name = \"agentsid-server\" version = \"0.2.0\" description = \"Identity and auth for AI agents\" requires-python = \" =3.12\" dependencies = \"fastapi =0.115.0\", \"uvicorn standard =0.32.0\", \"sqlalchemy asyncio =2.0.36\", \"asyncpg =0.30.0\", \"alembic =1.14.0\", \"pydantic =2.10.0\", \"pydantic-settings =2.6.0\", \"httpx =0.28.0\", \"slowapi =0.1.9\", \"pyyaml =6.0.2\", \"cryptography =43.0.0\", \"resend =2.4.0\", 证据:`server/pyproject.toml`\n- **Logs**(source_file):Logs logs .log npm-debug.log yarn-debug.log yarn-error.log pnpm-debug.log lerna-debug.log 证据:`web/.gitignore`\n- **Eslint.Config**(source_file):import js from '@eslint/js' import globals from 'globals' import reactHooks from 'eslint-plugin-react-hooks' import reactRefresh from 'eslint-plugin-react-refresh' import tseslint from 'typescript-eslint' import { defineConfig, globalIgnores } from 'eslint/config' 证据:`web/eslint.config.js`\n- **Index**(source_file):AgentsID — Identity for AI Agents !function t,e {var o,n,p,r;e. SV window.posthog=e,e. i= ,e.init=function i,s,a {function g t,e {var o=e.split \".\" ;2==o.length&& t=t o 0 ,e=o 1 ,t e =function {t.push e .concat Array.prototype.slice.call arguments,0 }} p=t.createElement \"script\" .type=\"text/javascript\",p.async=!0,p.src=s.api host.replace \".i.posthog.com\",\"-assets.i.posthog.com\" +\"/static/array.js\", r=t.getElementsByTagName \"script\" 0 .parentNode.insertBefore p,r ;var u=e;for void 0!==a?u=e a = :a=\"posthog\",u.people=u.people ,u.toString=function t {var e=\"posthog\";return\"posthog\"!==a&& e+=\".\"+a ,t e+=\" stub \" ,e},u.people.toString=function {return u.toString 1 +\".people stub \"},o=\"init captu… 证据:`web/index.html`\n- **Vite.Config**(source_file):import { defineConfig } from \"vite\"; import react from \"@vitejs/plugin-react\"; import tailwindcss from \"@tailwindcss/vite\"; import path from \"path\"; 证据:`web/vite.config.ts`\n\n## 宿主 AI 必须遵守的规则\n\n- **把本资产当作开工前上下文,而不是运行环境。**:AI Context Pack 只包含证据化项目理解,不包含目标项目的可执行状态。 证据:`README.md`, `metrics/README.md`, `sdk-java/README.md`\n- **回答用户时区分可预览内容与必须安装后才能验证的内容。**:安装前体验的消费者价值来自降低误装和误判,而不是伪装成真实运行。 证据:`README.md`, `metrics/README.md`, `sdk-java/README.md`\n\n## 用户开工前应该回答的问题\n\n- 你准备在哪个宿主 AI 或本地环境中使用它?\n- 你只是想先体验工作流,还是准备真实安装?\n- 你最在意的是安装成本、输出质量、还是和现有规则的冲突?\n\n## 验收标准\n\n- 所有能力声明都能回指到 evidence_refs 中的文件路径。\n- AI_CONTEXT_PACK.md 没有把预览包装成真实运行。\n- 用户能在 3 分钟内看懂适合谁、能做什么、如何开始和风险边界。\n\n---\n\n## Doramagic Context Augmentation\n\n下面内容用于强化 Repomix/AI Context Pack 主体。Human Manual 只提供阅读骨架;踩坑日志会被转成宿主 AI 必须遵守的工作约束。\n\n## Human Manual 骨架\n\n使用规则:这里只是项目阅读路线和显著性信号,不是事实权威。具体事实仍必须回到 repo evidence / Claim Graph。\n\n宿主 AI 硬性规则:\n- 不得把页标题、章节顺序、摘要或 importance 当作项目事实证据。\n- 解释 Human Manual 骨架时,必须明确说它只是阅读路线/显著性信号。\n- 能力、安装、兼容性、运行状态和风险判断必须引用 repo evidence、source path 或 Claim Graph。\n\n- **Project Introduction**:importance `high`\n - source_paths: README.md, PRODUCT.md\n- **Quick Start Guide**:importance `high`\n - source_paths: README.md, sdk-typescript/src/index.ts, sdk-python/agentsid/__init__.py\n- **High-Level Architecture**:importance `high`\n - source_paths: ARCHITECTURE.md, server/src/app.py, server/src/api\n- **Deny-First Permission System**:importance `high`\n - source_paths: server/src/services/permission.py, server/src/api/permissions.py, server/src/core/validators.py, docs/permission-spec-v1.md\n- **Token Authentication and Security**:importance `high`\n - source_paths: server/src/core/security.py, server/src/services/identity.py, server/src/api/agents.py, server/src/api/validate.py\n- **Tamper-Evident Audit System**:importance `high`\n - source_paths: server/src/services/audit.py, server/src/api/audit.py, server/alembic/versions/21eca51078a1_add_audit_integrity_hash_chain.py\n- **Backend API Reference**:importance `high`\n - source_paths: docs/API.md, server/src/api, server/src/models/models.py, server/src/core/database.py\n- **Approval Gates and Webhooks**:importance `medium`\n - source_paths: server/src/services/approval.py, server/src/api/approvals.py, server/src/api/webhooks.py, server/src/services/webhook.py, server/src/services/notifications.py\n\n## Repo Inspection Evidence / 源码检查证据\n\n- repo_clone_verified: true\n- repo_inspection_verified: true\n- repo_commit: `eb87e5047420b516a2157da8d7f1969f8821c672`\n- inspected_files: `Dockerfile`, `README.md`, `docs/API.md`, `docs/fastmcp-integration.md`, `docs/SECURITY.md`, `docs/permission-spec-v1.md`, `docs/state-of-agent-security-2026.md`, `docs/devrel/cursor-marketplace-listing.md`, `docs/digest/issue-01.md`, `docs/blog/2026-04-17-the-251-gap.md`, `docs/hn-responses/2026-04-17.md`\n\n宿主 AI 硬性规则:\n- 没有 repo_clone_verified=true 时,不得声称已经读过源码。\n- 没有 repo_inspection_verified=true 时,不得把 README/docs/package 文件判断写成事实。\n- 没有 quick_start_verified=true 时,不得声称 Quick Start 已跑通。\n\n## Doramagic Pitfall Constraints / 踩坑约束\n\n这些规则来自 Doramagic 发现、验证或编译过程中的项目专属坑点。宿主 AI 必须把它们当作工作约束,而不是普通说明文字。\n\n### Constraint 1: 仓库名和安装名不一致\n\n- Trigger: 仓库名 `agentsid` 与安装入口 `@agentsid/sdk` 不完全一致。\n- Host AI rule: 在 npm/PyPI/GitHub 上确认包名映射和官方 README 说明。\n- Why it matters: 用户照着仓库名搜索包或照着包名找仓库时容易走错入口。\n- Evidence: identity.distribution | github_repo:1192733106 | https://github.com/AgentsID-dev/agentsid | repo=agentsid; install=@agentsid/sdk\n- Hard boundary: 不要把这个坑点包装成已解决、已验证或可忽略,除非后续验证证据明确证明它已经关闭。\n\n### Constraint 2: 能力判断依赖假设\n\n- Trigger: README/documentation is current enough for a first validation pass.\n- Host AI rule: 将假设转成下游验证清单。\n- Why it matters: 假设不成立时,用户拿不到承诺的能力。\n- Evidence: capability.assumptions | github_repo:1192733106 | https://github.com/AgentsID-dev/agentsid | README/documentation is current enough for a first validation pass.\n- Hard boundary: 不要把这个坑点包装成已解决、已验证或可忽略,除非后续验证证据明确证明它已经关闭。\n\n### Constraint 3: 维护活跃度未知\n\n- Trigger: 未记录 last_activity_observed。\n- Host AI rule: 补 GitHub 最近 commit、release、issue/PR 响应信号。\n- Why it matters: 新项目、停更项目和活跃项目会被混在一起,推荐信任度下降。\n- Evidence: evidence.maintainer_signals | github_repo:1192733106 | https://github.com/AgentsID-dev/agentsid | last_activity_observed missing\n- Hard boundary: 不要把这个坑点包装成已解决、已验证或可忽略,除非后续验证证据明确证明它已经关闭。\n\n### Constraint 4: 下游验证发现风险项\n\n- Trigger: no_demo\n- Host AI rule: 进入安全/权限治理复核队列。\n- Why it matters: 下游已经要求复核,不能在页面中弱化。\n- Evidence: downstream_validation.risk_items | github_repo:1192733106 | https://github.com/AgentsID-dev/agentsid | no_demo; severity=medium\n- Hard boundary: 不要把这个坑点包装成已解决、已验证或可忽略,除非后续验证证据明确证明它已经关闭。\n\n### Constraint 5: 存在评分风险\n\n- Trigger: no_demo\n- Host AI rule: 把风险写入边界卡,并确认是否需要人工复核。\n- Why it matters: 风险会影响是否适合普通用户安装。\n- Evidence: risks.scoring_risks | github_repo:1192733106 | https://github.com/AgentsID-dev/agentsid | no_demo; severity=medium\n- Hard boundary: 不要把这个坑点包装成已解决、已验证或可忽略,除非后续验证证据明确证明它已经关闭。\n\n### Constraint 6: issue/PR 响应质量未知\n\n- Trigger: issue_or_pr_quality=unknown。\n- Host AI rule: 抽样最近 issue/PR,判断是否长期无人处理。\n- Why it matters: 用户无法判断遇到问题后是否有人维护。\n- Evidence: evidence.maintainer_signals | github_repo:1192733106 | https://github.com/AgentsID-dev/agentsid | issue_or_pr_quality=unknown\n- Hard boundary: 不要把这个坑点包装成已解决、已验证或可忽略,除非后续验证证据明确证明它已经关闭。\n\n### Constraint 7: 发布节奏不明确\n\n- Trigger: release_recency=unknown。\n- Host AI rule: 确认最近 release/tag 和 README 安装命令是否一致。\n- Why it matters: 安装命令和文档可能落后于代码,用户踩坑概率升高。\n- Evidence: evidence.maintainer_signals | github_repo:1192733106 | https://github.com/AgentsID-dev/agentsid | release_recency=unknown\n- Hard boundary: 不要把这个坑点包装成已解决、已验证或可忽略,除非后续验证证据明确证明它已经关闭。\n", "summary": "给宿主 AI 的上下文和工作边界。", "title": "AI Context Pack / 带给我的 AI" }, "boundary_risk_card": { "asset_id": "boundary_risk_card", "filename": "BOUNDARY_RISK_CARD.md", "markdown": "# Boundary & Risk Card / 安装前决策卡\n\n项目:AgentsID-dev/agentsid\n\n## Doramagic 试用结论\n\n当前结论:可以进入发布前推荐检查;首次使用仍应从最小权限、临时目录和可回滚配置开始。\n\n## 用户现在可以做\n\n- 可以先阅读 Human Manual,理解项目目的和主要工作流。\n- 可以复制 Prompt Preview 做安装前体验;这只验证交互感,不代表真实运行。\n- 可以把官方 Quick Start 命令放到隔离环境中验证,不要直接进主力环境。\n\n## 现在不要做\n\n- 不要把 Prompt Preview 当成项目实际运行结果。\n- 不要把 metadata-only validation 当成沙箱安装验证。\n- 不要把未验证能力写成“已支持、已跑通、可放心安装”。\n- 不要在首次试用时交出生产数据、私人文件、真实密钥或主力配置目录。\n\n## 安装前检查\n\n- 宿主 AI 是否匹配:mcp_host\n- 官方安装入口状态:已发现官方入口\n- 是否在临时目录、临时宿主或容器中验证:必须是\n- 是否能回滚配置改动:必须能\n- 是否需要 API Key、网络访问、读写文件或修改宿主配置:未确认前按高风险处理\n- 是否记录了安装命令、实际输出和失败日志:必须记录\n\n## 当前阻塞项\n\n- review_required: community_discussion_evidence_below_public_threshold\n\n## 项目专属踩坑\n\n- 仓库名和安装名不一致(medium):用户照着仓库名搜索包或照着包名找仓库时容易走错入口。 建议检查:在 npm/PyPI/GitHub 上确认包名映射和官方 README 说明。\n- 能力判断依赖假设(medium):假设不成立时,用户拿不到承诺的能力。 建议检查:将假设转成下游验证清单。\n- 维护活跃度未知(medium):新项目、停更项目和活跃项目会被混在一起,推荐信任度下降。 建议检查:补 GitHub 最近 commit、release、issue/PR 响应信号。\n- 下游验证发现风险项(medium):下游已经要求复核,不能在页面中弱化。 建议检查:进入安全/权限治理复核队列。\n- 存在评分风险(medium):风险会影响是否适合普通用户安装。 建议检查:把风险写入边界卡,并确认是否需要人工复核。\n\n## 风险与权限提示\n\n- no_demo: medium\n\n## 证据缺口\n\n- 暂未发现结构化证据缺口。\n", "summary": "安装、权限、验证和推荐前风险。", "title": "Boundary & Risk Card / 边界与风险卡" }, "human_manual": { "asset_id": "human_manual", "filename": "HUMAN_MANUAL.md", "markdown": "# https://github.com/AgentsID-dev/agentsid 项目说明书\n\n生成时间:2026-05-15 06:46:29 UTC\n\n## 目录\n\n- [Project Introduction](#project-introduction)\n- [Quick Start Guide](#quick-start-guide)\n- [High-Level Architecture](#high-level-architecture)\n- [Deny-First Permission System](#permission-system)\n- [Token Authentication and Security](#token-authentication)\n- [Tamper-Evident Audit System](#audit-system)\n- [Backend API Reference](#backend-api)\n- [Approval Gates and Webhooks](#approval-workflows)\n- [Web Dashboard](#web-dashboard)\n- [Multi-Language SDKs](#multi-language-sdks)\n\n\n\n## Project Introduction\n\n### 相关页面\n\n相关主题:[Quick Start Guide](#quick-start-guide), [High-Level Architecture](#high-level-architecture)\n\n
\nRelevant Source Files\n\n以下源码文件用于生成本页说明:\n\n- [README.md](https://github.com/AgentsID-dev/agentsid/blob/main/README.md)\n- [web/src/pages/landing.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/landing.tsx)\n- [web/src/pages/guides.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/guides.tsx)\n- [web/src/pages/docs.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/docs.tsx)\n- [web/src/pages/research.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/research.tsx)\n- [web/src/pages/privacy.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/privacy.tsx)\n- [web/src/pages/terms.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/terms.tsx)\n- [server/src/services/notifications.py](https://github.com/AgentsID-dev/agentsid/blob/main/server/src/services/notifications.py)\n
\n\n# Project Introduction\n\nAgentsID is an identity, permissions, and audit infrastructure platform designed specifically for AI agents. Positioned as \"The Auth0 for the agent economy,\" it provides a standardized way to identify AI agents, control what actions they can perform, and maintain complete audit trails of their activities.\n\n## Overview\n\nAI agents are increasingly accessing databases, sending emails, calling APIs, and making purchases on behalf of users. However, there has been no standard way to identify these agents, limit their capabilities, or trace their actions back to the humans who authorized them.\n\nAgentsID solves this fundamental infrastructure gap by providing:\n\n- **Identity management** for AI agents\n- **Permission controls** to restrict tool access\n- **Audit logging** with tamper-evident hash chains\n- **Security scanning** for MCP (Model Context Protocol) servers\n\n资料来源:[README.md:1-20]()\n\n## The Problem\n\nCurrent AI agent deployments suffer from significant security and visibility gaps:\n\n| Statistic | Finding |\n|-----------|---------|\n| MCP servers requiring authentication | 88% |\n| MCP servers actually using OAuth | Only 8.5% |\n| Servers relying on static API keys in environment variables | 53% |\n| Organizations unable to track agent activities in real-time | 80% |\n\n资料来源:[README.md:25-29]()\n\n### Why Traditional Auth Fails\n\nAuth0 and similar identity platforms were designed for human users, not autonomous AI agents. AgentsID specifically addresses the unique requirements of agent-to-tool interactions, including:\n\n- Machine-to-machine authentication\n- Granular tool-level permissions\n- Audit trails that capture the full context of agent decisions\n- Integration with MCP servers without requiring developers to build custom auth\n\n## Core Concepts\n\n### Projects\n\nA **project** is the fundamental organizational unit in AgentsID. Each project contains:\n\n- Agent definitions\n- Permission rules\n- Audit logs\n- API credentials (project key)\n\nProjects are created via CLI with the `init` command or through the dashboard. Each project receives a unique project key (prefixed with `aid_proj_`) that servers use to communicate with the AgentsID API.\n\n```bash\n$ npx agentsid init \"My Production App\"\nCreating project \"My Production App\"...\nProject created successfully!\n\n Project ID: proj_a1b2c3d4e5f6\n API Key: aid_proj_xR7kM2pQ9...\n Plan: free\n```\n\n资料来源:[web/src/pages/guides.tsx:1-15](), [web/src/pages/docs.tsx:1-12]()\n\n### Agents\n\nAn **agent** is an AI-powered entity registered within a project. Each agent:\n\n- Has a unique agent ID (prefixed with `agt_`)\n- Receives an authentication token (prefixed with `aid_tok_`)\n- Operates on behalf of a human user\n- Has specific tool permissions assigned\n\nAgents are registered using the CLI:\n\n```bash\n$ npx agentsid register-agent --name \"Email Assistant\" --on-behalf-of \"user_abc123\" --permissions \"send_email,read_contacts\" --ttl 24\nAgent registered!\n\n Agent ID: agt_7x9k2mNpQ4rS1tUv\n Token: aid_tok_eyJzdWIiOi...\n Expires: 2026-03-26T14:30:00Z\n```\n\n资料来源:[web/src/pages/docs.tsx:15-35]()\n\n### Permissions\n\nAgentsID uses a pattern-based permission system. Permission rules are defined as tool name patterns with an allow or deny action:\n\n| Tool | Parameters Required | Result | Reason |\n|------|---------------------|--------|--------|\n| `search_memories` | any | Allowed | Matches `search_*` allow rule |\n| `delete_memory` | any | Denied | Condition requires params, fail-closed |\n| `list_categories` | any | Denied | No matching rule, default deny |\n\n资料来源:[web/src/pages/docs.tsx:100-115]()\n\nDefault behavior is **deny-all** — if no rule matches a tool call, the request is blocked. This fail-closed approach ensures that agents can only access tools explicitly permitted.\n\n### Audit Logs\n\nEvery tool call made through AgentsID generates an audit log entry containing:\n\n- Timestamp\n- Agent ID\n- Tool name\n- Action (ALLOW/DENY)\n- Result (success/blocked)\n- Delegating user ID\n- Parameters passed\n- Error messages (if any)\n\nThe audit system maintains a **SHA-256 hash chain** where each entry is cryptographically linked to its predecessor. The first entry uses `\"genesis\"` as its initial previous hash value.\n\n资料来源:[web/src/pages/docs.tsx:120-135]()\n\n## Architecture\n\n### System Flow\n\n```mermaid\ngraph TD\n A[Your Application] -->|Tool Call| B[AgentsID SDK]\n B -->|Validate + Log| C[AgentsID API]\n C -->|Check Permissions| D[Permission Engine]\n D -->|Allow/Deny| C\n C -->|Audit Entry| E[(Audit Log DB)]\n C -->|Response| B\n B -->|Result| A\n \n F[Dashboard] -->|Manage| G[Projects & Agents]\n F -->|View| E\n H[Scanner] -->|Security Audit| G\n```\n\n### SDK Integration\n\nAgentsID provides a lightweight SDK approach with a 200-line bash hook. The integration philosophy emphasizes:\n\n> \"No SDK to learn, no language runtime to match. If your agent can run a shell script before a tool call, AgentsID works.\"\n\n资料来源:[web/src/pages/landing.tsx:1-50]()\n\nAvailable SDK packages:\n\n| Package Manager | Package Name |\n|----------------|--------------|\n| npm | `@agentsid/sdk` |\n| pip | `agentsid` |\n| RubyGems | `agentsid` |\n\n### Registry and Scanner\n\nThe platform maintains a **public registry** of MCP servers that have been security-scanned. Each server receives a security grade based on findings:\n\n```mermaid\ngraph LR\n A[MCP Server] -->|Scan| B[AgentsID Scanner]\n B -->|Findings| C[Grade Calculator]\n C -->|Grade A-F| D[Public Registry]\n C -->|Recommendations| E[Dashboard]\n```\n\nThe scanner analyzes servers for:\n\n- Authentication mechanisms\n- Dangerous patterns\n- Deceptive language\n- Invisible characters\n- Context weighting issues\n\n资料来源:[web/src/pages/research.tsx:1-30](), [web/src/pages/grade.tsx:1-40]()\n\n## Key Features\n\n### Security and Privacy\n\nAgentsID implements privacy-first data practices:\n\n| Data Type | Storage Policy |\n|-----------|---------------|\n| Email addresses | Stored for account management |\n| Project data | Stored in project container |\n| Agent definitions | Stored in project container |\n| Audit logs | Stored with SHA-256 hash chain |\n| API keys | Only hashes stored, never raw |\n| Analytics | PostHog, opt-in only, consent-gated |\n\n资料来源:[web/src/pages/privacy.tsx:20-35]()\n\n### CLI Commands\n\n| Command | Description |\n|---------|-------------|\n| `init` | Create a new project |\n| `register-agent` | Register a new agent |\n| `list-agents` | List all agents in project |\n| `audit` | Query audit logs |\n| `claim` | Claim a server on the registry |\n\nUsage: `npx agentsid `\n\n资料来源:[web/src/pages/docs.tsx:1-90]()\n\n### Acceptable Use\n\nAgentsID permits any lawful use but explicitly prohibits:\n\n- Platform abuse (malformed requests, resource exhaustion)\n- Security circumvention (bypassing HMAC verification, tampering with audit logs)\n- Illegal agent registrations\n- Unauthorized data scraping\n- White-label resale without agreement\n- Impersonation of AgentsID\n\n资料来源:[web/src/pages/terms.tsx:1-50]()\n\n## Quick Start\n\nTo integrate AgentsID into your application:\n\n```bash\n# Step 1: Install the setup CLI\n$ npx @agentsid/setup@latest\n\n# Step 2: Initialize a project\n$ npx agentsid init \"My Protected Server\"\n\n# Step 3: Install the SDK\n$ npm install @agentsid/sdk\n\n# Step 4: Register an agent\n$ npx agentsid register-agent --name \"My Agent\" --on-behalf-of \"user_id\"\n\n# Step 5: Integrate the bash hook before tool calls\n```\n\nThe AgentsID hook can be embedded directly into your agent's tool-calling workflow, requiring no SDK dependencies in your agent code.\n\n资料来源:[web/src/pages/landing.tsx:35-55](), [web/src/pages/guides.tsx:20-60]()\n\n## Platform Components\n\n| Component | Purpose | Access |\n|-----------|---------|--------|\n| Dashboard | Project and agent management | agentsid.dev/dashboard |\n| Registry | Public MCP server listings | agentsid.dev/registry |\n| Scanner | Security analysis tool | `npx @agentsid/scanner` |\n| Documentation | Guides and API reference | agentsid.dev/docs |\n| CLI | Command-line interface | `npx agentsid` |\n\nAll research and scanner tools are open source and available on [GitHub](https://github.com/AgentsID-dev/agentsid-scanner).\n\n资料来源:[web/src/pages/research.tsx:25-35]()\n\n## Data Flow Summary\n\n```mermaid\nsequenceDiagram\n participant User\n participant Agent\n participant SDK\n participant AgentsID\n participant Tool\n \n User->>Agent: Authorize action\n Agent->>SDK: Call tool (e.g., send_email)\n SDK->>AgentsID: Validate request\n AgentsID->>AgentsID: Check permissions\n Alt Permission granted\n AgentsID->>Tool: Forward request\n Tool->>AgentsID: Response\n AgentsID->>SDK: Allow + log\n SDK->>Agent: Success\n Agent->>User: Result\n Else Permission denied\n AgentsID->>SDK: Block\n SDK->>Agent: Blocked response\n Agent->>User: Move on\n end\n```\n\n## Summary\n\nAgentsID addresses a critical gap in the AI agent ecosystem by providing:\n\n1. **Standardized identity** for AI agents operating across different platforms\n2. **Fine-grained permissions** with pattern-based rules and fail-closed defaults\n3. **Tamper-evident audit trails** using cryptographic hash chains\n4. **Security visibility** through automated MCP server scanning\n5. **Privacy compliance** with minimal data collection and opt-in analytics\n\nBy treating AI agents as first-class principals in your security model, AgentsID enables organizations to deploy AI agents with the same confidence and controls they have for human users.\n\n资料来源:[README.md:15-25](), [web/src/pages/privacy.tsx:30-45]()\n\n---\n\n\n\n## Quick Start Guide\n\n### 相关页面\n\n相关主题:[Project Introduction](#project-introduction), [Multi-Language SDKs](#multi-language-sdks)\n\n
\n相关源码文件\n\n以下源码文件用于生成本页说明:\n\n- [web/src/pages/guides.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/guides.tsx)\n- [web/src/pages/docs.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/docs.tsx)\n- [web/src/pages/landing.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/landing.tsx)\n- [web/src/pages/spec.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/spec.tsx)\n- [web/src/components/dashboard/AuditFeed.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/components/dashboard/AuditFeed.tsx)\n- [web/src/components/dashboard/OverviewTab.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/components/dashboard/OverviewTab.tsx)\n- [web/src/pages/privacy.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/privacy.tsx)\n\n
\n\n# Quick Start Guide\n\nThis guide provides everything you need to integrate AgentsID into your AI agent workflow. AgentsID is an agent identity and permission management platform that allows you to register agents, define tool permissions, and audit all agent activity through a tamper-proof chain.\n\n## Prerequisites\n\nBefore starting, ensure you have:\n\n| Requirement | Version/Details |\n|-------------|-----------------|\n| Node.js | v18+ (for SDK usage) |\n| npm/yarn | Latest stable |\n| Account | agentsid.dev/dashboard |\n| Project | Created via `npx agentsid init` |\n\n资料来源:[web/src/pages/landing.tsx:1-50]()\n\n## Installation\n\n### Using the Setup Command (Recommended)\n\nThe fastest way to get started is using the official setup script:\n\n```bash\nnpx @agentsid/setup@latest\n```\n\n资料来源:[web/src/pages/landing.tsx:50-80]()\n\n### Using NPM/Yarn Directly\n\nAlternatively, install the SDK directly into your project:\n\n```bash\nnpm install @agentsid/sdk\n# or\nyarn add @agentsid/sdk\n```\n\n资料来源:[web/src/pages/guides.tsx:1-100]()\n\n## Quick Start Workflow\n\n```mermaid\ngraph TD\n A[Create Project] --> B[Get API Key]\n B --> C[Install SDK]\n C --> D[Register Agent]\n D --> E[Define Permissions]\n E --> F[Integrate Hook]\n F --> G[Monitor via Audit Trail]\n```\n\n资料来源:[web/src/pages/guides.tsx:100-200]()\n\n## Step-by-Step Setup\n\n### Step 1: Create a Project\n\nInitialize a new AgentsID project using the CLI:\n\n```bash\nnpx agentsid init \"My Production App\"\n```\n\nExpected output:\n\n```\nCreating project \"My Production App\"...\nProject created successfully!\n\n Project ID: proj_a1b2c3d4e5f6\n API Key: aid_proj_xR7kM2pQ9...\n Plan: free\n\n Store your API key securely. It will not be shown again.\n```\n\n资料来源:[web/src/pages/docs.tsx:1-80]()\n\n### Step 2: Copy Your Project Key\n\nAfter project creation, retrieve your project key from the dashboard at [agentsid.dev/dashboard](https://agentsid.dev/dashboard). The key format is `aid_proj_xxx...`.\n\n资料来源:[web/src/pages/guides.tsx:200-300]()\n\n### Step 3: Install the SDK\n\n```bash\nnpm install @agentsid/sdk\n```\n\nThis lightweight library handles:\n- Communication with AgentsID API\n- Token validation\n- Event logging\n- Permission enforcement\n\n资料来源:[web/src/pages/guides.tsx:300-400]()\n\n### Step 4: Register an Agent\n\nAgents represent the AI entities in your system. Register them to receive authentication tokens:\n\n```typescript\nimport { AgentsID } from '@agentsid/sdk';\n\nconst client = new AgentsID({\n projectKey: 'aid_proj_your_key_here',\n});\n\nconst { agent, token, tokenId, expiresAt } = await client.registerAgent({\n name: 'production-claude',\n onBehalfOf: 'user_abc123',\n permissions: ['search_notes', 'save_note', 'list_notes'],\n ttlHours: 24,\n metadata: { version: '1.0.0' }\n});\n```\n\n资料来源:[web/src/pages/docs.tsx:80-150]()\n\n### Step 5: Configure MCP Server\n\nFor Claude Code or Cursor integration, create a server configuration:\n\n```javascript\n// server.mjs\nimport { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';\nimport { z } from 'zod';\nimport { AgentsID } from '@agentsid/sdk';\n\nconst client = new AgentsID({ projectKey: process.env.AGENTSID_PROJECT_KEY });\n\nconst server = new McpServer({\n name: 'my-notes-server',\n version: '1.0.0'\n});\n\nserver.tool(\n 'save_note',\n 'Create a new note',\n { content: z.string(), title: z.string() },\n async ({ content, title }) => {\n const result = await client.check({\n agentToken: process.env.AGENTSID_AGENT_TOKEN,\n tool: 'save_note',\n parameters: { content, title }\n });\n \n if (!result.allowed) {\n return { content: `Tool call blocked: ${result.reason}` };\n }\n \n // Execute tool logic here\n return { content: 'Note saved successfully' };\n }\n);\n```\n\n资料来源:[web/src/pages/guides.tsx:400-500]()\n\n### Step 6: Add to IDE Configuration\n\nFor Cursor, edit `.cursor/mcp.json`:\n\n```json\n{\n \"mcpServers\": {\n \"my-notes-server\": {\n \"command\": \"node\",\n \"args\": [\"server.mjs\"],\n \"env\": {\n \"AGENTSID_PROJECT_KEY\": \"aid_proj_your_key_here\",\n \"AGENTSID_AGENT_TOKEN\": \"at_your_token_here\"\n }\n }\n }\n}\n```\n\n资料来源:[web/src/pages/guides.tsx:500-600]()\n\n## Agent Management API\n\n### SDK Methods Reference\n\n| Method | Parameters | Returns | Description |\n|--------|------------|---------|-------------|\n| `registerAgent` | name, onBehalfOf, permissions?, ttlHours?, metadata? | `{ agent, token, tokenId, expiresAt }` | Create a new agent and issue its first token |\n| `getAgent` | agentId | Agent | Get agent details by ID |\n| `listAgents` | status?, limit? | Agent[] | List agents, optionally filtered by status |\n| `updateAgent` | agentId, name?, metadata? | Agent | Update agent name or metadata |\n| `refreshToken` | agentId, ttlHours? | `{ token, tokenId, expiresAt }` | Issue new token, revoke all previous |\n| `check` | agentToken, tool, parameters | Decision | Validate a tool call against permissions |\n\n资料来源:[web/src/pages/docs.tsx:150-200]()\n\n### CLI Commands\n\n| Command | Description |\n|---------|-------------|\n| `npx agentsid init` | Create a new project |\n| `npx agentsid register-agent` | Register a new agent |\n| `npx agentsid audit` | View audit logs |\n| `npx agentsid verify` | Verify audit chain integrity |\n\n资料来源:[web/src/pages/landing.tsx:80-120]()\n\n## Permission Configuration\n\n### Default Permission States\n\n| Tool | Default Permission | Description |\n|------|-------------------|--------------|\n| `search_notes` | Allowed | Search notes by keyword |\n| `save_note` | Allowed | Create a new note |\n| `list_notes` | Allowed | List all notes |\n| `delete_note` | Denied | Delete a note by ID |\n| `admin_reset` | Denied | Wipe all data |\n\n资料来源:[web/src/pages/guides.tsx:600-700]()\n\nThe agent has access to all five tools, but AgentsID will block any attempt to use `delete_note` or `admin_reset`. The agent doesn't even know it's being restricted—it just gets a \"blocked\" response.\n\n## Audit Trail\n\n### Viewing Audit Logs\n\nThe dashboard provides a real-time feed of all agent activity:\n\n```mermaid\ngraph LR\n A[Tool Call] --> B[AgentsID API]\n B --> C{Allowed?}\n C -->|Yes| D[Execute Tool]\n C -->|No| E[Block & Log]\n D --> F[Create Audit Entry]\n E --> F\n F --> G[Update Hash Chain]\n```\n\n资料来源:[web/src/pages/components/dashboard/AuditFeed.tsx:1-60]()\n\n### Audit Entry Structure\n\nEach entry in the audit log contains:\n\n```json\n{\n \"entryId\": \"entry_abc123\",\n \"timestamp\": \"2026-03-29T12:34:56.789Z\",\n \"agentId\": \"agent_def456\",\n \"delegationId\": \"del_xyz789\",\n \"tool\": \"github.push_files\",\n \"parameters\": { \"owner\": \"myorg\", \"repo\": \"myrepo\", \"branch\": \"main\" },\n \"decision\": \"allow\",\n \"matchedRule\": 2,\n \"constraintsEvaluated\": [\"rateLimit\", \"schedule\"],\n \"durationMs\": 3,\n \"prevEntryHash\": \"sha256:e3b0c44298fc1c149afb...\",\n \"entryHash\": \"sha256:a665a45920422f9d417e...\"\n}\n```\n\n资料来源:[web/src/pages/spec.tsx:1-80]()\n\n### Chain Verification\n\nAgentsID implements a hash chain for tamper detection:\n\n```javascript\nentryHash = SHA-256(canonicalize(entry with entryHash=null))\n// First entry uses prevEntryHash: \"genesis\"\n```\n\n资料来源:[web/src/pages/spec.tsx:80-120]()\n\n### Verification API\n\n```bash\ncurl \"https://api.agentsid.dev/api/v1/audit/verify\" \\\n -H \"Authorization: Bearer aid_proj_xR7kM2pQ9...\"\n```\n\nResponse (chain intact):\n```json\n{\n \"verified\": true,\n \"entries_checked\": 1523,\n \"message\": \"Integrity chain verified\"\n}\n```\n\nResponse (chain broken):\n```json\n{\n \"verified\": false,\n \"entries_checked\": 1523,\n \"broken_at_id\": 42,\n \"message\": \"Integrity chain broken at entry 42 -- possible tampering\"\n}\n```\n\n资料来源:[web/src/pages/docs.tsx:200-280]()\n\n## Security & Privacy\n\n### Data Handling\n\n| Data Type | Storage | Retention |\n|-----------|---------|-----------|\n| Email | Encrypted | Until account deletion |\n| Project Data | Encrypted | Until project deletion |\n| Audit Logs | Hash-chained | 90 days (free), indefinite (paid) |\n| API Keys | Hash only | Until key rotation |\n| Analytics | Opt-in | PostHog's retention policy |\n\n资料来源:[web/src/pages/privacy.tsx:1-100]()\n\n### Key Security Points\n\n- **No raw API keys stored** — Only hashed versions are retained\n- **Analytics opt-in only** — Gated behind cookie consent banner\n- **No data selling** — Explicitly prohibited in privacy policy\n- **GDPR compliance** — Full data export and deletion capabilities\n\n资料来源:[web/src/pages/privacy.tsx:100-200]()\n\n## Dashboard Overview\n\n### Main Features\n\n| Section | Description |\n|---------|-------------|\n| **Overview Tab** | Recent activity feed, agent constellation view, quick stats |\n| **Agents Tab** | Manage registered agents, view tokens, update permissions |\n| **Audit Tab** | Searchable log of all tool decisions with chain verification |\n| **Settings** | Project configuration, API keys, team management |\n\n资料来源:[web/src/components/dashboard/OverviewTab.tsx:1-100]()\n\n### Activity Feed Display\n\nThe audit feed displays:\n\n- **Tool** — Name of the tool called\n- **Decision** — `allow` or `deny`\n- **Timestamp** — Full ISO 8601 format\n- **Agent ID** — Registered agent identifier\n- **Delegation Chain** — If sub-agents are involved\n\n资料来源:[web/src/components/dashboard/AuditFeed.tsx:60-140]()\n\n## Next Steps\n\nAfter completing this guide:\n\n1. **Explore the Registry** — View security grades of popular MCP tools at `/registry`\n2. **Read the Specification** — Deep dive into the audit chain at `/spec`\n3. **Join Research** — Access security research at `/research`\n4. **Subscribe to Updates** — Get weekly security digests at `/digest`\n\n资料来源:[web/src/pages/landing.tsx:120-180]()\n\n## Troubleshooting\n\n| Issue | Solution |\n|-------|----------|\n| `401 Unauthorized` | Verify your project key is correct |\n| `403 Forbidden` | Agent token may be expired; refresh via `refreshToken()` |\n| Chain verification fails | Contact support or check recent key rotations |\n| Rate limiting | Upgrade plan or implement exponential backoff |\n\n资料来源:[web/src/pages/docs.tsx:280-350]()\n\n---\n\n\n\n## High-Level Architecture\n\n### 相关页面\n\n相关主题:[Project Introduction](#project-introduction), [Backend API Reference](#backend-api), [Deny-First Permission System](#permission-system)\n\n
\n相关源码文件\n\n以下源码文件用于生成本页说明:\n\n- [web/src/pages/spec.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/spec.tsx) - Technical specifications\n- [web/src/pages/docs.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/docs.tsx) - API and SDK documentation\n- [web/src/pages/guides.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/guides.tsx) - Integration guides\n- [web/src/pages/privacy.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/privacy.tsx) - Privacy and data handling\n- [web/src/pages/landing.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/landing.tsx) - Product overview\n- [web/src/components/dashboard/AuditFeed.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/components/dashboard/AuditFeed.tsx) - Audit feed component\n- [web/src/components/dashboard/OverviewTab.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/components/dashboard/OverviewTab.tsx) - Dashboard overview\n- [README.md](https://github.com/AgentsID-dev/agentsid/blob/main/README.md) - Project overview\n
\n\n# High-Level Architecture\n\nAgentsID is an identity, permissions, and audit infrastructure platform designed for AI agents. It functions as an authorization layer that sits between AI agents and the tools they execute, providing fine-grained access control, comprehensive audit logging, and tamper-evident verification capabilities.\n\n## System Overview\n\nAgentsID implements a centralized authorization model where every tool invocation is validated against a configurable rule engine before execution is permitted. The system maintains a cryptographic hash chain of all audit entries to detect tampering and provides real-time visibility into agent activity through a web-based dashboard.\n\n```mermaid\ngraph TD\n A[\"🤖 AI Agent\"] --> B[\"AgentsID SDK / MCP Server\"]\n B --> C[\"Validation Middleware\"]\n C --> D{\"Allowed?\"}\n D -->|Yes| E[\"Execute Tool\"]\n D -->|No| F[\"Block + Log\"]\n C --> G[\"Audit Log Service\"]\n G --> H[\"Hash Chain\"]\n G --> I[\"Dashboard\"]\n H --> J[\"Verification API\"]\n```\n\n## Core Components\n\n### 1. SDK and Client Libraries\n\nAgentsID provides multi-language SDKs for seamless integration into agent runtimes.\n\n| Package | Registry | Purpose |\n|---------|----------|---------|\n| `@agentsid/sdk` | npm | Node.js/JavaScript integration |\n| `agentsid` | PyPI | Python integration |\n| `agentsid` | RubyGems | Ruby integration |\n\n资料来源:[README.md:1-15](https://github.com/AgentsID-dev/agentsid/blob/main/README.md)\n\n### 2. Agent Management API\n\nThe SDK exposes methods for registering and managing agents within a project.\n\n| Method | Parameters | Returns | Description |\n|--------|------------|---------|-------------|\n| `registerAgent` | name, onBehalfOf, permissions?, ttlHours?, metadata? | { agent, token, tokenId, expiresAt } | Create a new agent and issue its first token |\n| `getAgent` | agentId | Agent | Get agent details by ID |\n| `listAgents` | status?, limit? | Agent[] | List agents, optionally filtered by status |\n| `updateAgent` | agentId, name?, metadata? | Agent | Update agent name or metadata |\n| `refreshToken` | agentId, ttlHours? | { token, tokenId, expiresAt } | Issue new token, revoke all previous |\n\n资料来源:[web/src/pages/docs.tsx:1-80](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/docs.tsx)\n\n### 3. Validation Middleware\n\nThe core security component intercepts tool calls and validates them against configured permissions. Every tool call goes through a validation function before execution.\n\n```mermaid\ngraph LR\n A[\"Tool Call Request\"] --> B[\"Extract agent_token\"]\n B --> C[\"Call AgentsID API\"]\n C --> D{\"Decision?\"}\n D -->|allow| E[\"Execute Tool\"]\n D -->|deny| F[\"Return blocked\"]\n```\n\n资料来源:[web/src/pages/guides.tsx:1-50](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/guides.tsx)\n\n## Audit Logging System\n\n### Entry Schema\n\nEvery tool invocation generates an immutable audit entry with the following structure:\n\n```json\n{\n \"entryId\": \"entry_abc123\",\n \"timestamp\": \"2026-03-29T12:34:56.789Z\",\n \"agentId\": \"agent_def456\",\n \"delegationId\": \"del_xyz789\",\n \"tool\": \"github.push_files\",\n \"parameters\": { \"owner\": \"myorg\", \"repo\": \"myrepo\", \"branch\": \"main\" },\n \"decision\": \"allow\",\n \"matchedRule\": 2,\n \"constraintsEvaluated\": [\"rateLimit\", \"schedule\"],\n \"durationMs\": 3,\n \"prevEntryHash\": \"sha256:e3b0c44298fc1c149afb...\",\n \"entryHash\": \"sha256:a665a45920422f9d417e...\"\n}\n```\n\n资料来源:[web/src/pages/spec.tsx:1-50](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/spec.tsx)\n\n### Hash Chain Integrity\n\nThe audit log uses a cryptographic hash chain to ensure tamper-evidence. Each entry's hash includes the previous entry's hash, creating an immutable chain.\n\n```javascript\nentryHash = SHA-256(canonicalize(entry with entryHash=null))\n// First entry uses prevEntryHash: \"genesis\"\n```\n\nVerification process iterates through entries and validates the hash chain:\n\n```javascript\nfunction verifyChain(entries: AuditEntry[]): boolean {\n for (let i = 1; i < entries.length; i++) {\n const prev = entries[i - 1]\n // Verify prevEntryHash matches previous entryHash\n }\n}\n```\n\n资料来源:[web/src/pages/spec.tsx:1-50](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/spec.tsx)\n\n### Audit Feed Component\n\nThe dashboard's AuditFeed component displays audit entries with delegation chain visualization:\n\n| Field | Display |\n|-------|---------|\n| Agent ID | Monospace font, truncated |\n| Timestamp | Full date/time format |\n| Delegation Chain | Visual arrow-separated badges |\n| Delegated By | Type and ID badges |\n\n资料来源:[web/src/components/dashboard/AuditFeed.tsx:1-60](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/components/dashboard/AuditFeed.tsx)\n\n## Permission and Constraint Engine\n\n### Supported Constraint Types\n\nThe system supports multiple constraint types for fine-grained control:\n\n| Type | Configuration | Purpose |\n|------|---------------|---------|\n| Rate Limit | `{\"type\": \"rateLimit\", \"max\": 100, \"windowSeconds\": 3600}` | Limit tool calls per time window |\n| Schedule | `{\"type\": \"schedule\", \"allow\": [\"09:00-17:00\"]}` | Restrict execution to time windows |\n| Budget | `{\"type\": \"budget\", \"currency\": \"usd\", \"max\": 10.00, \"windowSeconds\": 86400}` | Limit monetary cost |\n| Sequence | `{\"type\": \"sequence\", \"requires\": [\"filesystem.read_file\"], \"forbids\": [\"github.push_files\"]}` | Enforce operation ordering |\n| Session Limit | `{\"type\": \"sessionLimit\", \"max\": 5}` | Limit concurrent sessions |\n| Risk Score | `{\"type\": \"riskScore\", \"maxScore\": 0.7}` | Block high-risk operations |\n| IP Allowlist | `{\"type\": \"ipAllowlist\", \"cidrs\": [\"10.0.0.0/8\"]}` | Restrict by IP range |\n| Chain Depth | `{\"type\": \"chainDepth\", \"max\": 2}` | Limit delegation depth |\n| Cooldown | `{\"type\": \"cooldown\", \"seconds\": 300}` | Enforce wait periods |\n| Anomaly Detection | `{\"type\": \"anomaly\"}` | ML-based behavior analysis |\n\n资料来源:[web/src/pages/spec.tsx:1-80](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/spec.tsx)\n\n### Example Permission Matrix\n\n| Tool | Permission |\n|------|------------|\n| `search_notes` | allowed |\n| `save_note` | allowed |\n| `list_notes` | allowed |\n| `delete_note` | denied |\n| `admin_reset` | denied |\n\n资料来源:[web/src/pages/guides.tsx:50-100](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/guides.tsx)\n\n## API Endpoints\n\n### Verification Endpoint\n\n```\nGET /api/v1/audit/verify\nAuthorization: Bearer \n```\n\n**Response 200 OK (chain intact):**\n```json\n{\n \"verified\": true,\n \"entries_checked\": 1523,\n \"message\": \"Integrity chain verified\"\n}\n```\n\n**Response 200 OK (chain broken):**\n```json\n{\n \"verified\": false,\n \"entries_checked\": 1523,\n \"broken_at_id\": 42,\n \"message\": \"Integrity chain broken at entry 42 -- possible tampering\"\n}\n```\n\n### Usage Endpoint\n\n```\nGET /api/v1/audit/usage\nAuthorization: Bearer \n```\n\n**Response:**\n```json\n{\n \"events_this_month\": 1200,\n \"events_limit\": 10000,\n \"agents_active\": 5,\n \"agents_limit\": 25,\n \"plan\": \"free\"\n}\n```\n\n资料来源:[web/src/pages/docs.tsx:1-120](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/docs.tsx)\n\n## Model Context Protocol (MCP) Integration\n\nAgentsID supports integration with MCP-compatible AI tools like Claude Code and Cursor through environment variable configuration:\n\n```json\n{\n \"mcpServers\": {\n \"my-notes-server\": {\n \"command\": \"node\",\n \"args\": [\"server.mjs\"],\n \"env\": {\n \"AGENTSID_PROJECT_KEY\": \"aid_proj_your_key_here\",\n \"AGENTSID_AGENT_TOKEN\": \"at_your_token_here\"\n }\n }\n }\n}\n```\n\n资料来源:[web/src/pages/guides.tsx:100-150](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/guides.tsx)\n\n## Data Flow\n\n```mermaid\nsequenceDiagram\n participant Agent as AI Agent\n participant SDK as AgentsID SDK\n participant API as AgentsID API\n participant Rules as Rule Engine\n participant Audit as Audit Service\n participant Hash as Hash Chain\n participant Dashboard as Web Dashboard\n\n Agent->>SDK: tool_call(tool_name, params)\n SDK->>API: validate(agent_token, tool_name, params)\n API->>Rules: evaluate(tool_name, constraints)\n Rules-->>API: allow/deny decision\n API-->>SDK: decision\n SDK-->>Agent: execute or block\n API->>Audit: log_entry(decision, metadata)\n Audit->>Hash: append_hash()\n Hash-->>Audit: hash_verified\n Dashboard->>API: fetch_entries()\n API-->>Dashboard: audit_feed\n```\n\n## Dashboard Overview\n\nThe web dashboard provides real-time visibility into agent activity:\n\n| Component | Function |\n|-----------|----------|\n| Overview Tab | Activity feed, agent constellation, quick actions |\n| Audit Feed | Filterable audit log with delegation chain |\n| Agent Constellation | Visual representation of agent relationships |\n| Quick Actions | Register agent, view audit, manage permissions |\n\n资料来源:[web/src/components/dashboard/OverviewTab.tsx:1-80](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/components/dashboard/OverviewTab.tsx)\n\n## Security Model\n\n### Authentication\n\nProjects use API keys with prefix `aid_proj_` for authentication. Agent tokens use prefix `at_` for individual agent authentication.\n\n### Data Privacy\n\n| Data Type | Handling |\n|-----------|----------|\n| API Keys | Only hashed values stored |\n| User Email | Collected for account management |\n| Project Data | Stored with project isolation |\n| Agent Configurations | Stored with project isolation |\n| Audit Logs | Stored with cryptographic integrity |\n| Analytics | Opt-in only via PostHog with consent banner |\n\n资料来源:[web/src/pages/privacy.tsx:1-60](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/privacy.tsx)\n\n## Research and Scanner\n\nAgentsID maintains an open research initiative:\n\n- **137,070** MCP servers scanned\n- Findings documented and publicly available\n- Scanner available via `npx @agentsid/scanner`\n\n资料来源:[web/src/pages/research.tsx:1-30](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/research.tsx)\n\n## Deployment Architecture\n\n```mermaid\ngraph TD\n subgraph \"Client Side\"\n A[AI Agent]\n B[MCP Server]\n C[Custom Integration]\n end\n \n subgraph \"AgentsID Cloud\"\n D[API Gateway]\n E[Auth Service]\n F[Rule Engine]\n G[Audit Service]\n H[Hash Chain Service]\n end\n \n subgraph \"Data Layer\"\n I[(PostgreSQL)]\n J[(Redis Cache)]\n end\n \n A --> D\n B --> D\n C --> D\n D --> E\n E --> F\n F --> G\n G --> H\n G --> I\n H --> I\n D --> J\n```\n\n## Summary\n\nAgentsID provides a comprehensive identity and authorization layer for AI agents through:\n\n1. **Multi-language SDKs** for easy integration\n2. **Fine-grained permission engine** with 10+ constraint types\n3. **Tamper-evident audit logging** via cryptographic hash chains\n4. **Real-time dashboard** for activity monitoring\n5. **MCP protocol support** for Cursor and Claude Code\n6. **Opt-in analytics** respecting user privacy\n\nThe architecture prioritizes security through hash chain verification, least-privilege permissions, and cryptographically secure token management.\n\n---\n\n\n\n## Deny-First Permission System\n\n### 相关页面\n\n相关主题:[Token Authentication and Security](#token-authentication), [Approval Gates and Webhooks](#approval-workflows)\n\n
\nRelated Source Files\n\n以下源码文件用于生成本页说明:\n\n- [web/src/pages/spec.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/spec.tsx)\n- [web/src/pages/docs.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/docs.tsx)\n- [web/src/pages/guides.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/guides.tsx)\n- [sdk-python/README.md](https://github.com/AgentsID-dev/agentsid/blob/main/sdk-python/README.md)\n- [sdk-typescript/README.md](https://github.com/AgentsID-dev/agentsid/blob/main/sdk-typescript/README.md)\n- [sdk-ruby/README.md](https://github.com/AgentsID-dev/agentsid/blob/main/sdk-ruby/README.md)\n- [sdk-java/src/main/java/dev/agentsid/AgentsID.java](https://github.com/AgentsID-dev/agentsid/blob/main/sdk-java/src/main/java/dev/agentsid/AgentsID.java)\n- [README.md](https://github.com/AgentsID-dev/agentsid/blob/main/README.md)\n
\n\n# Deny-First Permission System\n\nThe Deny-First Permission System is the core security mechanism in AgentsID. It implements a \"deny-first\" security model where every tool call is blocked by default unless explicitly allowed through permission rules. This security paradigm ensures that AI agents have zero access to tools unless deliberately permitted, preventing unintended actions and providing granular control over agent capabilities.\n\n## Overview\n\nThe permission system provides fine-grained control over what tools an AI agent can invoke. By default, all tool access is denied, and administrators must create explicit \"allow\" rules to grant access. The system supports wildcards, conditions, priorities, schedules, rate limits, and approval gates to accommodate complex permission scenarios.\n\n```mermaid\ngraph TD\n A[Tool Call Request] --> B{Permission Check}\n B -->|No Matching Rule| C[Default Deny]\n B -->|Matching Rule Found| D{Action = Allow?}\n D -->|Yes| E[Execute Tool]\n D -->|No| F[Deny Tool]\n E --> G[Log to Audit]\n F --> G\n C --> G\n```\n\n资料来源:[web/src/pages/spec.tsx:1-50]()\n\n## Permission Rule Structure\n\nA permission policy is a structured JSON object that defines an agent's permissions. Each policy contains metadata and an array of permission rules.\n\n### Policy Format\n\n```json\n{\n \"version\": \"1.0\",\n \"agentId\": \"agent_abc123\",\n \"issuedAt\": \"2026-03-29T00:00:00Z\",\n \"expiresAt\": \"2026-04-29T00:00:00Z\",\n \"rules\": [ ...PermissionRule[] ]\n}\n```\n\n| Field | Type | Required | Description |\n|-------|------|----------|-------------|\n| `version` | string | Yes | Policy format version |\n| `agentId` | string | Yes | Unique agent identifier |\n| `issuedAt` | string | Yes | ISO 8601 timestamp when policy was created |\n| `expiresAt` | string | No | Expiration timestamp for the policy |\n| `rules` | array | Yes | Array of PermissionRule objects |\n\n资料来源:[web/src/pages/spec.tsx:50-65]()\n\n### Permission Rule Components\n\nEach rule within a policy consists of the following components:\n\n| Field | Type | Required | Description |\n|-------|------|----------|-------------|\n| `tool_pattern` | string | Yes | Tool name or glob pattern (supports `*` wildcards) |\n| `action` | string | Yes | `\"allow\"` or `\"deny\"` |\n| `conditions` | object | No | Parameter constraints (AND logic) |\n| `priority` | integer | No | Higher priority rules are evaluated first (default: 0) |\n| `requires_approval` | boolean | No | Whether this action requires human approval |\n\n资料来源:[sdk-python/README.md:1-30]()\n\n## Tool Pattern Matching\n\nThe permission system uses glob-style patterns to match tool names. This allows administrators to grant or deny access to groups of tools efficiently.\n\n### Pattern Syntax\n\n| Pattern | Matches | Doesn't Match |\n|---------|---------|---------------|\n| `*` | Any single tool name segment | Namespaced tools |\n| `**` | Any tool name, including namespaced tools | Nothing |\n| `github.*` | All tools in the github namespace | Other namespaces |\n| `filesystem.read_file` | Exactly one tool | Any variation |\n| `!filesystem.write_*` | Negation — exclude write tools | N/A |\n\n资料来源:[web/src/pages/spec.tsx:80-95]()\n\n### Pattern Examples\n\n| Pattern | Example Matches |\n|---------|-----------------|\n| `search_*` | search_docs, search_code, search_users |\n| `*_file` | read_file, write_file, delete_file |\n| `*` | Everything |\n| `read_*` | read_file, read_config, read_log |\n\n资料来源:[web/src/pages/guides.tsx:1-30]()\n\n## Constraint Types\n\nThe permission system defines 13 distinct constraint types organized into 5 categories, providing comprehensive control over agent behavior.\n\n### Constraint Categories\n\n| Category | Constraint Types |\n|----------|------------------|\n| Access | Tool Patterns, Conditions, Data Classification, IP Allowlists |\n| Time & Rate | Schedule, Rate Limits, Cooldown |\n| Behavioral | Sequence Requirements, Risk Score |\n| Resource | Budget Caps, Session Limits |\n| Governance | Approval Gates, Chain Depth Limits |\n\n资料来源:[web/src/pages/docs.tsx:1-50]()\n\n### Parameter Conditions\n\nConditions allow restricting tool access based on parameter values. Only allow a tool when specific parameters match:\n\n```json\n{\n \"tool_pattern\": \"read_customer\",\n \"action\": \"allow\",\n \"conditions\": {\n \"params\": { \"customer_id\": \"cust_123\" }\n }\n}\n```\n\nThis rule means: \"Allow `read_customer`, but only for customer `cust_123`.\"\n\n资料来源:[web/src/pages/guides.tsx:30-50]()\n\n## Evaluation Algorithm\n\nThe permission engine evaluates rules in a specific order, short-circuiting on the first match:\n\n```mermaid\ngraph LR\n A[Tool Call] --> B[Sort Rules by Priority]\n B --> C{Higher Priority First}\n C --> D{Match Tool Pattern?}\n D -->|Yes| E{All Conditions Met?}\n E -->|Yes| F[Apply Action]\n E -->|No| G[Continue to Next Rule]\n D -->|No| G\n F --> H[Allow or Deny]\n G --> C\n C -->|No More Rules| I[Default Deny]\n```\n\n### Priority System\n\nRules are evaluated in priority order (highest to lowest). When a matching rule is found with all conditions satisfied, that rule's action is applied immediately.\n\n| Priority Value | Meaning |\n|----------------|---------|\n| 1000 (max) | Evaluated first |\n| 100-999 | High priority |\n| 10-99 | Medium priority |\n| 0 (default) | Low priority |\n\nExample with priority:\n\n```python\nawait aid.set_permissions(\"agt_abc123\", [\n {\"tool_pattern\": \"search_*\", \"action\": \"allow\", \"priority\": 10},\n {\"tool_pattern\": \"delete_*\", \"action\": \"deny\", \"priority\": 20},\n])\n```\n\nIn this example, `delete_*` is evaluated first due to higher priority, ensuring delete operations are blocked before any general allow rules.\n\n资料来源:[sdk-python/README.md:10-25]()\n\n## API Endpoints\n\n### Set Permissions\n\nReplace all permission rules for an agent.\n\n```\nPUT /api/v1/agents/{agent_id}/permissions\n```\n\nAny existing rules are deleted and replaced with the provided set.\n\n| Field | Type | Required | Description |\n|-------|------|----------|-------------|\n| `tool_pattern` | string | Yes | Tool name or wildcard pattern |\n| `action` | string | No | allow or deny (defaults to allow) |\n| `conditions` | object | No | Key-value constraints on tool parameters |\n| `priority` | integer | No | Rule priority (0-1000) |\n\n资料来源:[web/src/pages/docs.tsx:50-100]()\n\n### Get Permissions\n\nRetrieve the current permission rules for an agent.\n\n```\nGET /api/v1/agents/{agent_id}/permissions\n```\n\nReturns rules ordered by priority (highest first):\n\n```json\n{\n \"agent_id\": \"agt_7x9k2mNpQ4rS1tUv\",\n \"rules\": [\n {\"tool_pattern\": \"delete_*\", \"action\": \"deny\", \"priority\": 10},\n {\"tool_pattern\": \"save_memory\", \"action\": \"allow\", \"priority\": 1},\n {\"tool_pattern\": \"search_memories\", \"action\": \"allow\", \"priority\": 0}\n ]\n}\n```\n\n资料来源:[web/src/pages/docs.tsx:100-150]()\n\n### Check Permission\n\nCheck if an agent is allowed to call a specific tool.\n\n```\nPOST /api/v1/check\n```\n\n**Request Body:**\n\n| Field | Type | Required | Description |\n|-------|------|----------|-------------|\n| `agent_id` | string | Yes | Agent identifier |\n| `tool` | string | Yes | Tool name to check |\n| `params` | object | No | Tool parameters for condition evaluation |\n\n**Response (allowed):**\n\n```json\n{\n \"allowed\": true,\n \"reason\": \"Allowed by rule: save_memory\",\n \"matched_rule\": {\n \"tool_pattern\": \"save_memory\",\n \"action\": \"allow\"\n }\n}\n```\n\n**Response (denied):**\n\n```json\n{\n \"allowed\": false,\n \"reason\": \"No matching rule -- default deny\",\n \"matched_rule\": null\n}\n```\n\n资料来源:[web/src/pages/docs.tsx:150-200]()\n\n### Example curl Command\n\n```bash\ncurl -X POST https://api.agentsid.dev/api/v1/check \\\n -H \"Authorization: Bearer aid_proj_xR7kM2pQ9...\" \\\n -H \"Content-Type: application/json\" \\\n -d '{\"agent_id\": \"agt_7x9k2mNpQ4rS1tUv\", \"tool\": \"delete_memory\"}'\n```\n\n资料来源:[web/src/pages/docs.tsx:200-220]()\n\n## SDK Implementation\n\n### Python SDK\n\n```python\nfrom agentsid import AgentsID\n\naid = AgentsID(api_key=\"aid_proj_...\")\n\n# Set permissions\nawait aid.set_permissions(\"agt_abc123\", [\n {\"tool_pattern\": \"search_*\", \"action\": \"allow\", \"priority\": 10},\n {\"tool_pattern\": \"delete_*\", \"action\": \"deny\", \"priority\": 20},\n {\n \"tool_pattern\": \"send_email\",\n \"action\": \"allow\",\n \"conditions\": {\"recipient_domain\": \"company.com\"},\n },\n])\n\n# Get permissions\nrules = await aid.get_permissions(\"agt_abc123\")\n\n# Check permission\ncheck = await aid.check_permission(\"agt_abc123\", \"delete_user\", params={\"user_id\": \"u_789\"})\nif not check[\"allowed\"]:\n print(check[\"reason\"])\n```\n\n资料来源:[sdk-python/README.md:1-50]()\n\n### TypeScript SDK\n\n```typescript\nimport { AgentsID } from '@agentsid/sdk';\n\nconst aid = new AgentsID({ apiKey: 'aid_proj_...' });\n\n// Set permissions\nawait aid.setPermissions('agt_abc123', [\n { toolPattern: 'search_*', action: 'allow', priority: 10 },\n { toolPattern: 'delete_*', action: 'deny', priority: 20 },\n {\n toolPattern: 'send_email',\n action: 'allow',\n conditions: { recipient_domain: 'company.com' },\n },\n]);\n\n// Get permissions\nconst rules = await aid.getPermissions('agt_abc123');\n\n// Check permission\nconst check = await aid.checkPermission('agt_abc123', 'delete_user', { userId: 'u_789' });\n```\n\n资料来源:[sdk-typescript/README.md:1-50]()\n\n### Ruby SDK\n\n```ruby\nrequire 'agentsid'\n\nclient = AgentsID.new(api_key: 'aid_proj_...')\n\n# Set permissions\nclient.set_permissions('agt_abc123', [\n { tool_pattern: 'search_*', action: 'allow', priority: 10 },\n { tool_pattern: 'delete_*', action: 'deny', priority: 20 },\n {\n tool_pattern: 'send_email',\n action: 'allow',\n conditions: { 'recipient_domain' => 'company.com' }\n }\n])\n\n# Get permissions\nrules = client.get_permissions('agt_abc123')\n\n# Check permission\ncheck = client.check_permission('agt_abc123', 'delete_user', params: { user_id: 'u_789' })\nunless check['allowed']\n puts check['reason']\nend\n```\n\n资料来源:[sdk-ruby/README.md:1-50]()\n\n### Java SDK\n\n```java\nimport dev.agentsid.AgentsID;\n\nAgentsID aid = new AgentsID(\"aid_proj_...\");\n\n// Set permissions\nList rules = new ArrayList<>();\nJSONObject rule = new JSONObject();\nrule.put(\"tool_pattern\", \"search_*\");\nrule.put(\"action\", \"allow\");\nrules.add(rule);\n\nJSONObject response = aid.setPermissions(\"agt_abc123\", rules);\n```\n\n资料来源:[sdk-java/src/main/java/dev/agentsid/AgentsID.java:1-50]()\n\n## Common Use Cases\n\n### Code Assistant Template\n\nAn agent that can read and search code freely, but writing files requires human approval. Execution and deployment are completely blocked.\n\n```json\n[\n { \"tool_pattern\": \"read_file\", \"action\": \"allow\" },\n { \"tool_pattern\": \"search_code\", \"action\": \"allow\" },\n { \"tool_pattern\": \"list_files\", \"action\": \"allow\" },\n { \"tool_pattern\": \"write_file\", \"action\": \"allow\", \"requires_approval\": true },\n { \"tool_pattern\": \"execute_*\", \"action\": \"deny\" },\n { \"tool_pattern\": \"deploy_*\", \"action\": \"deny\" },\n { \"tool_pattern\": \"delete_*\", \"action\": \"deny\" }\n]\n```\n\n### Result Summary\n\n| Action | Status |\n|--------|--------|\n| read_file | Allowed |\n| search_code | Allowed |\n| list_files | Allowed |\n| write_file | Requires Approval |\n| execute_command, execute_script | Denied |\n| deploy_staging, deploy_production | Denied |\n| delete_file, delete_branch | Denied |\n\n资料来源:[web/src/pages/guides.tsx:50-100]()\n\n### Minimal Access Template\n\n```json\n[\n { \"tool_pattern\": \"search_*\", \"action\": \"allow\" },\n { \"tool_pattern\": \"write_*\", \"action\": \"deny\" },\n { \"tool_pattern\": \"delete_*\", \"action\": \"deny\" },\n { \"tool_pattern\": \"deploy_*\", \"action\": \"deny\" }\n]\n```\n\n资料来源:[web/src/pages/guides.tsx:100-120]()\n\n## Advanced Features\n\n### Approval Gates\n\nSensitive actions can be configured to pause for human approval. When an agent attempts to call a tool marked with `requires_approval: true`, the request is held until a human approves or denies it.\n\n```typescript\nconst pending = await aid.listApprovals();\nawait aid.approve(approvalId, { decidedBy: 'admin@example.com' });\n```\n\n### Rate Limits\n\nTools can be restricted by rate limits within permission rules:\n\n```typescript\nawait aid.setPermissions(agentId, [\n { toolPattern: 'deploy_*', action: 'allow',\n schedule: { hoursStart: 9, hoursEnd: 17, timezone: 'US/Pacific' },\n rateLimit: { max: 5, per: 'hour' } },\n]);\n```\n\n### Schedules\n\nPermission rules can include schedule constraints to limit when tools can be used:\n\n| Field | Type | Description |\n|-------|------|-------------|\n| `hoursStart` | integer | Start hour (0-23) |\n| `hoursEnd` | integer | End hour (0-23) |\n| `timezone` | string | Timezone (e.g., \"US/Pacific\") |\n\n资料来源:[README.md:1-50]()\n\n## Integration with HTTP Middleware\n\nThe TypeScript SDK provides HTTP middleware for automatic permission validation:\n\n```typescript\nimport { createHttpMiddleware } from '@agentsid/sdk';\n\nconst guard = createHttpMiddleware({ projectKey: 'aid_proj_...' });\n// Every tool call is now validated automatically.\n```\n\n资料来源:[README.md:50-80]()\n\n## Security Model Summary\n\nThe Deny-First Permission System provides several layers of security:\n\n1. **Default Deny**: All tool access is blocked unless explicitly allowed\n2. **Priority-Based Evaluation**: Rules are evaluated in priority order with short-circuiting\n3. **Parameter Conditions**: Fine-grained control over parameter values\n4. **Approval Gates**: Human oversight for sensitive operations\n5. **Rate Limits**: Protection against abuse and resource exhaustion\n6. **Schedule Constraints**: Time-based access restrictions\n\nAll 13 constraint types compose freely. A single permission rule can combine IP restrictions, budget caps, schedule windows, and approval gates—the engine evaluates them all in sequence and short-circuits on the first failure. This enables policies like \"allow fund transfers only from the VPC, during business hours, under $1000/day, with human approval\" in a single rule.\n\n资料来源:[web/src/pages/docs.tsx:50-80]()\n\n---\n\n\n\n## Token Authentication and Security\n\n### 相关页面\n\n相关主题:[Deny-First Permission System](#permission-system), [Tamper-Evident Audit System](#audit-system)\n\n
\nRelevant Source Files\n\n以下源码文件用于生成本页说明:\n\n- [web/src/pages/docs.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/docs.tsx)\n- [ARCHITECTURE.md](https://github.com/AgentsID-dev/agentsid/blob/main/ARCHITECTURE.md)\n- [web/src/pages/terms.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/terms.tsx)\n- [web/src/pages/privacy.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/privacy.tsx)\n- [web/src/pages/guides.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/guides.tsx)\n
\n\n# Token Authentication and Security\n\n## Overview\n\nAgentsID provides a comprehensive token-based authentication system for AI agents. The system enables secure identity verification, permission enforcement, and audit logging for agent-to-tool interactions. Every AI agent interacting with MCP (Model Context Protocol) servers must obtain a token through the registration process, which then serves as the authentication credential for all subsequent tool calls.\n\nThe token architecture is designed around JWT-like tokens signed with HMAC-SHA256, allowing stateless validation without database calls while maintaining the ability to revoke tokens when necessary.\n\n---\n\n## Token Format and Structure\n\nAgentsID tokens follow a structured format that encodes all necessary identity and authorization information:\n\n```\naid_tok_\n```\n\n### Token Components\n\n| Component | Description | Example Value |\n|-----------|-------------|---------------|\n| **Header** | Algorithm and token type | `{\"alg\": \"HS256\", \"typ\": \"AID\"}` |\n| **Payload** | Claims containing identity data | sub, prj, dby, iat, exp, jti |\n| **Signature** | HMAC-SHA256 of header + payload | Binary signature |\n\n### Token Payload Claims\n\n| Claim | Name | Type | Description |\n|-------|------|------|-------------|\n| `sub` | Subject | string | Agent ID (e.g., `agt_7x9k2mNpQ4rS1tUv`) |\n| `prj` | Project | string | Project ID the agent belongs to |\n| `dby` | Delegated By | string | Human user who delegated (e.g., `user_abc`) |\n| `iat` | Issued At | integer | Unix timestamp when token was created |\n| `exp` | Expires At | integer | Unix timestamp when token expires |\n| `jti` | JWT ID | string | Unique token identifier for revocation tracking |\n\n资料来源:[ARCHITECTURE.md](https://github.com/AgentsID-dev/agentsid/blob/main/ARCHITECTURE.md)\n\n### Token Lifetime\n\nTokens support configurable lifetimes between 1 and 720 hours (30 days). When registering or refreshing a token, the `ttl_hours` parameter controls the expiration window.\n\n```json\n{\n \"token\": \"aid_tok_eyJzdWIiOiJhZ3RfN3g5azJt...\",\n \"expires_at\": \"2024-03-26T12:00:00+00:00\",\n \"agent_id\": \"agt_7x9k2mNpQ4rS1tUv\"\n}\n```\n\n资料来源:[web/src/pages/docs.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/docs.tsx)\n\n---\n\n## Authentication Flow\n\nThe authentication process involves multiple steps that validate tokens before allowing tool access. The middleware intercepts requests from agents to MCP servers and performs a sequence of checks.\n\n```mermaid\nsequenceDiagram\n participant Agent\n participant Middleware\n participant Cache\n participant Database\n participant MCP_Server\n\n Agent->>Middleware: Request with Bearer token\n Middleware->>Middleware: 1. Extract token from header\n Middleware->>Middleware: 2. Validate HMAC signature\n Middleware->>Middleware: 3. Check expiry (iat/exp)\n Middleware->>Cache: 4. Check revocation (jti)\n Cache-->>Middleware: Cache miss/hit\n alt Cache miss\n Middleware->>Database: Lookup jti\n Database-->>Middleware: Revoked or valid\n end\n Middleware->>Cache: 5. Load permissions\n Cache-->>Middleware: Permission rules\n Middleware->>Middleware: 6. Match tool against rules\n Middleware->>Middleware: 7. Allow or deny\n Middleware->>Agent: Decision\n Middleware->>Audit: 8. Log async (non-blocking)\n```\n\n### Step-by-Step Validation\n\n| Step | Action | Purpose |\n|------|--------|---------|\n| 1 | Extract token | Parse `Authorization: Bearer ` header |\n| 2 | Validate signature | HMAC-SHA256 verification against project secret |\n| 3 | Check expiry | Verify `exp` claim is in the future |\n| 4 | Check revocation | Look up `jti` in revocation list (cached 60s) |\n| 5 | Load permissions | Retrieve permission rules (cached 60s) |\n| 6 | Match tool | Compare requested tool against permission patterns |\n| 7 | Allow/Deny | Return authorization decision |\n| 8 | Audit log | Record event asynchronously |\n\n资料来源:[ARCHITECTURE.md](https://github.com/AgentsID-dev/agentsid/blob/main/ARCHITECTURE.md)\n\n---\n\n## Agent Authentication Middleware\n\nThe middleware acts as a gatekeeper between AI agents and MCP servers. It enforces the authentication and authorization decisions for every tool call.\n\n### Middleware Workflow\n\n```\nAgent → MCP Server (with AgentsID middleware)\n Authorization: Bearer aid_tok_\n```\n\nThe middleware performs validation without making database calls for the critical path (signature and expiry checks). Database access is only required for revocation checks and permission loading, and these are cached for 60 seconds to minimize latency.\n\n### Caching Strategy\n\n| Data Type | Cache TTL | Purpose |\n|-----------|-----------|---------|\n| Revocation status | 60 seconds | Avoid repeated DB lookups for jti |\n| Permission rules | 60 seconds | Minimize DB load for permission loading |\n\n资料来源:[ARCHITECTURE.md](https://github.com/AgentsID-dev/agentsid/blob/main/ARCHITECTURE.md)\n\n---\n\n## Permission Engine\n\nThe permission engine determines whether an agent is authorized to call a specific tool. It uses a rule-based system with explicit allow and deny patterns.\n\n### Evaluation Order\n\nThe permission engine follows a specific evaluation order to ensure consistent security decisions:\n\n```mermaid\ngraph TD\n A[Tool Call Request] --> B{Any DENY rules match?}\n B -->|Yes| C[Deny - Explicit DENY wins]\n B -->|No| D{Any ALLOW rules match?}\n D -->|Yes| E[Allow - Explicit ALLOW]\n D -->|No| F[Deny - Default Deny]\n```\n\n| Priority | Rule Type | Behavior |\n|----------|-----------|----------|\n| 1 (highest) | Explicit DENY | Deny always wins, regardless of other rules |\n| 2 | Explicit ALLOW | Allow if a rule matches |\n| 3 (fallback) | Default | Deny if no rules match |\n\n资料来源:[ARCHITECTURE.md](https://github.com/AgentsID-dev/agentsid/blob/main/ARCHITECTURE.md)\n\n### Permission Rule Structure\n\n```json\n{\n \"permissions\": [\n {\"tool_pattern\": \"search_memories\", \"action\": \"allow\"},\n {\"tool_pattern\": \"save_memory\", \"action\": \"allow\"},\n {\"tool_pattern\": \"admin_*\", \"action\": \"deny\"}\n ]\n}\n```\n\n### Wildcard Pattern Matching\n\nThe permission engine supports wildcard patterns using `*` to match multiple tool names:\n\n| Pattern | Matches |\n|---------|---------|\n| `*` | All tools |\n| `admin_*` | Any tool starting with `admin_` |\n| `delete_*` | Any tool starting with `delete_` |\n\n资料来源:[web/src/pages/docs.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/docs.tsx)\n\n### Permission Validation Response\n\n**Allowed Response:**\n```json\n{\n \"allowed\": true,\n \"reason\": \"Allowed by rule: save_memory\",\n \"matched_rule\": {\n \"tool_pattern\": \"save_memory\",\n \"action\": \"allow\"\n }\n}\n```\n\n**Denied Response:**\n```json\n{\n \"allowed\": false,\n \"reason\": \"No matching rule -- default deny\",\n \"matched_rule\": null\n}\n```\n\n资料来源:[web/src/pages/docs.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/docs.tsx)\n\n---\n\n## Security Features\n\n### Threat Model and Mitigations\n\nAgentsID implements multiple security layers to protect against common attack vectors:\n\n| Threat | Mitigation | Implementation |\n|--------|-------------|----------------|\n| Token forgery | HMAC-SHA256 signature | Server-side secret verification |\n| Replay after revocation | jti lookup | Cache-backed revocation check |\n| Timing attacks | Constant-time comparison | `hmac.compare_digest` |\n| Cross-project token use | Token `prj` claim verification | Project ID validation against API key |\n| Permission escalation | Scope narrowing on delegation | Child permissions limited to parent scope |\n| Sensitive data in logs | Automatic redaction | Passwords, secrets, tokens, api_key, credentials, keys |\n| Error message leakage | Generic error messages | Details server-side only |\n| Project creation spam | Rate limiting | 5/minute per IP |\n\n资料来源:[web/src/pages/docs.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/docs.tsx)\n\n### Security Headers\n\nAll API responses include security headers to protect against common web vulnerabilities:\n\n| Header | Value | Purpose |\n|--------|-------|---------|\n| `Strict-Transport-Security` | `max-age=31536000; includeSubDomains` | Forces HTTPS for 1 year |\n| `X-Content-Type-Options` | `nosniff` | Prevents MIME type sniffing |\n| `X-Frame-Options` | `DENY` | Prevents clickjacking |\n| `Cache-Control` | `no-store` | Prevents caching of tokens |\n\n资料来源:[web/src/pages/docs.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/docs.tsx)\n\n### API Key Storage\n\nAgentsID never stores raw API keys. Only hashed versions are retained in the database.\n\n> AgentsID stores API key **hashes**, never raw keys. If you lose an API key, you will need to rotate it — we cannot recover it for you.\n\n资料来源:[web/src/pages/terms.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/terms.tsx)\n\n### Data Classification\n\n| Data Type | Storage Format | Purpose |\n|-----------|----------------|---------|\n| Raw API keys | Never stored | N/A |\n| API key hashes | SHA-256 hash | Verification |\n| Agent tokens | HMAC-SHA256 signed JWT | Authentication |\n| Permission rules | JSON | Authorization |\n| Audit logs | Protected by hash chain | Compliance |\n\n资料来源:[web/src/pages/privacy.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/privacy.tsx)\n\n---\n\n## Token Delegation\n\nAgentsID supports token delegation, allowing an agent to create subordinate agents with limited permissions.\n\n### Delegation Constraints\n\n| Constraint | Description |\n|------------|-------------|\n| Permission narrowing | Child permissions cannot exceed parent permissions |\n| TTL limitation | Child tokens have shorter lifetimes than parent |\n| Chain tracking | `dby` claim maintains delegation history |\n\n### Delegation API Example\n\n```bash\ncurl -X POST https://api.agentsid.dev/api/v1/agents/delegate \\\n -H \"Authorization: Bearer aid_proj_xR7kM2pQ9...\" \\\n -H \"Content-Type: application/json\" \\\n -d '{\n \"parent_agent_id\": \"agt_7x9k2mNpQ4rS1tUv\",\n \"parent_token\": \"aid_tok_eyJzdWIiOi...\",\n \"child_name\": \"sub-researcher\",\n \"child_permissions\": [\"search_memories\"],\n \"ttl_hours\": 12\n }'\n```\n\n### Delegation Error Responses\n\n| Code | Reason |\n|------|--------|\n| `401` | Invalid or missing API key |\n| `403` | Permission scope violation — child permissions exceed parent's scope |\n| `404` | Parent agent not found |\n\n资料来源:[web/src/pages/docs.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/docs.tsx)\n\n---\n\n## Audit Logging\n\nEvery tool call is logged to the audit trail for compliance and security monitoring.\n\n### Audit Log Contents\n\nAudit logs capture:\n- Tool call records\n- Allow/deny decisions\n- Timestamps\n- Agent identity\n- Request parameters (redacted sensitive fields)\n\n### Hash Chain Integrity\n\n> Audit logs are protected by a tamper-evident hash chain. This means we can detect if any log entry has been altered after the fact.\n\n```json\n{\n \"verified\": false,\n \"entries_checked\": 1523,\n \"broken_at_id\": 42,\n \"message\": \"Integrity chain broken at entry 42 -- possible tampering\"\n}\n```\n\n### Verification Endpoint\n\n```bash\ncurl \"https://api.agentsid.dev/api/v1/audit/verify\" \\\n -H \"Authorization: Bearer aid_proj_xR7kM2pQ9...\"\n```\n\n资料来源:[web/src/pages/docs.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/docs.tsx)\n\n### Data Retention by Plan\n\n| Plan | Retention |\n|------|-----------|\n| Free | 7 days |\n| Paid | Plan-specific |\n\n> If you downgrade from a paid plan to Free, your audit logs will be trimmed to the Free tier retention window (7 days) within 30 days of the plan change.\n\n资料来源:[web/src/pages/terms.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/terms.tsx)\n\n---\n\n## API Endpoints\n\n### Token Management Endpoints\n\n| Endpoint | Method | Description |\n|----------|--------|-------------|\n| `/api/v1/agents/register` | POST | Register new agent and issue token |\n| `/api/v1/agents/{agent_id}/refresh` | POST | Issue new token, revoke all previous |\n| `/api/v1/agents/{agent_id}` | DELETE | Revoke agent and all tokens |\n| `/api/v1/agents/delegate` | POST | Create delegated agent token |\n\n### Validation Endpoints\n\n| Endpoint | Method | Description |\n|----------|--------|-------------|\n| `/api/v1/validate` | POST | Validate token and check permissions |\n| `/api/v1/check` | POST | Check if tool call is allowed |\n\n### Validate Endpoint\n\n```bash\ncurl -X POST https://api.agentsid.dev/api/v1/validate \\\n -H \"Authorization: Bearer aid_proj_xR7kM2pQ9...\" \\\n -H \"Content-Type: application/json\" \\\n -d '{\n \"token\": \"aid_tok_eyJzdWIiOiJhZ3RfN3g5azJt...\",\n \"tool\": \"save_memory\",\n \"params\": {\"category\": \"note\"}\n }'\n```\n\n### Validation Response (Valid Token)\n\n```json\n{\n \"valid\": true,\n \"agent_id\": \"agt_7x9k2mNpQ4rS1tUv\",\n \"project_id\": \"proj_xR7kM2pQ9...\",\n \"expires_at\": 1711411200,\n \"permission\": {\n \"allowed\": true,\n \"reason\": \"Allowed by rule: save_memory\",\n \"matched_rule\": {\"tool_pattern\": \"save_memory\", \"action\": \"allow\"}\n }\n}\n```\n\n### Validation Response (Invalid Token)\n\n```json\n{\n \"valid\": false,\n \"reason\": \"Token validation failed\"\n}\n```\n\n> **Note:** The same error message is returned for expired tokens, invalid signatures, revoked tokens, and project mismatches to prevent information leakage.\n\n资料来源:[web/src/pages/docs.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/docs.tsx)\n\n---\n\n## Token Lifecycle Management\n\n```mermaid\nstateDiagram-v2\n [*] --> Registered: Agent Registration\n Registered --> Active: Token Issued\n Active --> Expired: TTL Reached\n Active --> Revoked: Manual Revocation\n Active --> Refreshed: Token Refresh\n Expired --> [*]: Cleanup\n Revoked --> [*]: Cleanup\n Refreshed --> Active: New Token Issued\n Refreshed --> Revoked: Old Tokens Revoked\n```\n\n### Token Refresh Behavior\n\nWhen a token is refreshed:\n1. All previous tokens for the agent are immediately revoked\n2. A new token with fresh `iat` and `exp` claims is issued\n3. The old `jti` values are added to the revocation list\n\n### Agent Update Behavior\n\nUpdating an agent's name or metadata **does not affect** tokens or permissions.\n\n| Field | Update Effect |\n|-------|---------------|\n| `name` | No effect on tokens |\n| `metadata` | No effect on tokens |\n| Permission rules | Immediately effective (cached 60s) |\n\n资料来源:[web/src/pages/docs.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/docs.tsx)\n\n---\n\n## Quick Start: Registering an Agent\n\n```bash\ncurl -X POST https://agentsid.dev/api/v1/agents/register \\\n -H \"Authorization: Bearer YOUR_PROJECT_KEY\" \\\n -H \"Content-Type: application/json\" \\\n -d '{\n \"name\": \"claude-notes-agent\",\n \"permissions\": [\n {\"tool_pattern\": \"search_notes\", \"action\": \"allow\"},\n {\"tool_pattern\": \"save_note\", \"action\": \"allow\"},\n {\"tool_pattern\": \"list_notes\", \"action\": \"allow\"},\n {\"tool_pattern\": \"delete_note\", \"action\": \"deny\"},\n {\"tool_pattern\": \"admin_*\", \"action\": \"deny\"}\n ]\n }'\n```\n\nThe response includes an `agent_token` which serves as the authentication credential for the agent.\n\n资料来源:[web/src/pages/guides.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/guides.tsx)\n\n---\n\n## Summary\n\nAgentsID provides a robust token authentication system with the following key characteristics:\n\n- **Stateless Validation**: HMAC-SHA256 signatures enable verification without database calls\n- **Flexible Permissions**: Pattern-based rules with wildcard support and explicit deny precedence\n- **Revocation Support**: Unique token IDs (jti) enable revocation tracking with cached lookups\n- **Audit Trail**: Hash-chain protected logs for compliance and security monitoring\n- **Delegation**: Hierarchical agent relationships with permission narrowing\n- **Security Hardening**: Timing-safe comparisons, sensitive data redaction, and comprehensive security headers\n\n---\n\n\n\n## Tamper-Evident Audit System\n\n### 相关页面\n\n相关主题:[Token Authentication and Security](#token-authentication), [Approval Gates and Webhooks](#approval-workflows)\n\n
\nRelevant Source Files\n\n以下源码文件用于生成本页说明:\n\n- [web/src/pages/spec.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/spec.tsx)\n- [web/src/pages/docs.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/docs.tsx)\n- [web/src/pages/privacy.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/privacy.tsx)\n- [web/src/pages/guides.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/guides.tsx)\n- [web/src/components/dashboard/AuditFeed.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/components/dashboard/AuditFeed.tsx)\n- [web/src/components/dashboard/AgentDetail.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/components/dashboard/AgentDetail.tsx)\n- [PRODUCT.md](https://github.com/AgentsID-dev/agentsid/blob/main/PRODUCT.md)\n
\n\n# Tamper-Evident Audit System\n\nThe Tamper-Evident Audit System is a core security feature of AgentsID that provides cryptographically-linked, append-only logging of all agent tool calls. Every evaluation decision—whether allowed or denied—is permanently recorded with integrity guarantees that make tampering mathematically detectable.\n\n## Overview\n\nThe audit system operates as a **hash-chained append-only ledger**. Each log entry is cryptographically linked to the previous entry via SHA-256 hashing, creating an immutable chain that proves exactly what happened, when, and under whose authority. 资料来源:[web/src/pages/spec.tsx:1-50]()\n\n### Design Principles\n\n| Principle | Description |\n|-----------|-------------|\n| **Deny-first** | Absent a matching allow rule, all tool calls are denied |\n| **Tamper-evident** | Hash chain makes any modification mathematically detectable |\n| **Auditable** | Every evaluation decision is logged with cryptographic integrity |\n| **Portable** | The spec is a JSON schema, not a platform dependency |\n\n资料来源:[web/src/pages/spec.tsx:50-70]()\n\n## Audit Entry Schema\n\nEach audit log entry captures a complete record of a tool call evaluation. The schema follows a standardized format that ensures consistency across all logged events.\n\n```json\n{\n \"entryId\": \"entry_abc123\",\n \"timestamp\": \"2026-03-29T12:34:56.789Z\",\n \"agentId\": \"agent_def456\",\n \"delegationId\": \"del_xyz789\",\n \"tool\": \"github.push_files\",\n \"parameters\": { \"owner\": \"myorg\", \"repo\": \"myrepo\", \"branch\": \"main\" },\n \"decision\": \"allow\",\n \"matchedRule\": 2,\n \"constraintsEvaluated\": [\"rateLimit\", \"schedule\"],\n \"durationMs\": 3,\n \"prevEntryHash\": \"sha256:e3b0c44298fc1c149afb...\",\n \"entryHash\": \"sha256:a665a45920422f9d417e...\"\n}\n```\n\n资料来源:[web/src/pages/spec.tsx:70-90]()\n\n### Field Descriptions\n\n| Field | Type | Description |\n|-------|------|-------------|\n| `entryId` | string | Unique identifier for the audit entry |\n| `timestamp` | ISO 8601 | When the evaluation occurred |\n| `agentId` | string | Which agent made the tool call |\n| `delegationId` | string | Delegation chain reference |\n| `tool` | string | The tool being evaluated (e.g., `github.push_files`) |\n| `parameters` | object | What data was sent to the tool |\n| `decision` | string | `allow` or `deny` |\n| `matchedRule` | number | Index of the policy rule that matched |\n| `constraintsEvaluated` | array | List of constraints checked (rateLimit, schedule) |\n| `durationMs` | number | Evaluation time in milliseconds |\n| `prevEntryHash` | string | SHA-256 hash of the previous entry |\n| `entryHash` | string | SHA-256 hash of this entry (with entryHash set to null) |\n\n资料来源:[web/src/pages/guides.tsx:100-130]()\n\n## Hash Chain Integrity\n\nThe foundation of tamper-evidence is the cryptographic hash chain that links all audit entries together. This mechanism ensures data integrity without requiring a centralized trusted authority.\n\n### Hash Calculation\n\n```javascript\nentryHash = SHA-256(canonicalize(entry with entryHash=null))\n// First entry uses prevEntryHash: \"genesis\"\n```\n\n资料来源:[web/src/pages/spec.tsx:90-95]()\n\n### Verification Algorithm\n\n```javascript\nfunction verifyChain(entries: AuditEntry[]): boolean {\n for (let i = 1; i < entries.length; i++) {\n const prev = entries[i - 1]\n // Verify prevEntryHash matches previous entry's entryHash\n // Verify canonicalized hash matches stored entryHash\n }\n}\n```\n\n资料来源:[web/src/pages/spec.tsx:95-105]()\n\n### Integrity Verification Response\n\n**Chain Intact (200 OK):**\n```json\n{\n \"verified\": true,\n \"entries_checked\": 1523,\n \"message\": \"All entries verified -- chain intact\"\n}\n```\n\n**Chain Broken (200 OK):**\n```json\n{\n \"verified\": false,\n \"entries_checked\": 1523,\n \"broken_at_id\": 42,\n \"message\": \"Integrity chain broken at entry 42 -- possible tampering\"\n}\n```\n\n资料来源:[web/src/pages/docs.tsx:1-50]()\n\n## Architecture\n\n```mermaid\ngraph TD\n A[Agent Tool Call] --> B[Policy Evaluator]\n B --> C{Audit Entry Created}\n C --> D[SHA-256 Hash Calculation]\n D --> E[Append to Chain]\n E --> F[prevEntryHash set to previous entryHash]\n F --> G[Audit Log Stored]\n G --> H[Dashboard Display]\n \n I[Verification Request] --> J[Traverse Chain]\n J --> K{Hash Match?}\n K -->|Yes| L[Continue]\n K -->|No| M[Flag Tampering]\n \n style M fill:#ffcccc\n style G fill:#ccffcc\n```\n\n## Audit API Methods\n\nThe AgentsID SDK provides three primary methods for interacting with the audit system.\n\n### Method Reference\n\n| Method | Parameters | Returns | Description |\n|--------|------------|---------|-------------|\n| `getAuditLog` | `agentId?`, `tool?`, `action?`, `since?`, `limit?`, `offset?` | `{ entries[], total, limit, offset }` | Query audit log with filters |\n| `getAuditStats` | `days?` | `{ totalEvents, byAction, byTool, denyRatePct }` | Aggregate statistics |\n| `verifyAuditChain` | `(none)` | `{ verified, entriesChecked, message }` | Verify hash chain integrity |\n\n资料来源:[web/src/pages/docs.tsx:50-80]()\n\n### Statistics Response Format\n\n```json\n{\n \"total_events\": 1423,\n \"events_by_action\": {\n \"allow\": 1308,\n \"deny\": 115\n },\n \"events_by_tool\": {\n \"save_memory\": 800,\n \"search_memories\": 500,\n \"delete_memory\": 123,\n \"list_categories\": 100\n },\n \"deny_rate_pct\": 8.1\n}\n```\n\n资料来源:[web/src/pages/docs.tsx:80-120]()\n\n## Audit Feed Dashboard\n\nThe dashboard provides a real-time audit feed that displays events as they happen. The interface includes filtering capabilities and visual indicators for allowed versus denied actions.\n\n### Visual Design\n\nThe audit feed uses color coding to distinguish between allowed and denied events:\n\n- **Allowed actions**: Green background tint (`bg-green-500/5` → `bg-green-500/10` on hover)\n- **Denied actions**: Red background tint (`bg-red-500/5` → `bg-red-500/10` on hover)\n\n```typescript\nclassName={`cursor-pointer border-b border-border transition-colors ${\n isAllow\n ? \"bg-green-500/5 hover:bg-green-500/10\"\n : \"bg-red-500/5 hover:bg-red-500/10\"\n} ${isNew ? \"animate-in slide-in-from-top-2 fade-in duration-400\" : \"\"}`}\n```\n\n资料来源:[web/src/components/dashboard/AuditFeed.tsx:1-50]()\n\n### Filtering Capabilities\n\nThe dashboard supports filtering by:\n- **Agent**: Filter by specific agent ID\n- **Tool**: Filter by specific tool name\n- **Result**: Filter by allowed or denied status\n- **Time range**: Filter by date/time window\n\n### Activity Timeline Component\n\nThe agent detail page includes an Activity Timeline component that displays the audit entries for a specific agent:\n\n```tsx\n
\n \n
\n```\n\n资料来源:[web/src/components/dashboard/AgentDetail.tsx:1-50]()\n\n## Security Properties\n\nThe tamper-evident audit system provides several security guarantees:\n\n### Encryption in Transit\nAll communication between clients and the AgentsID API uses TLS 1.2 or higher.\n\n### HMAC Token Signing\nAgent tokens are signed with HMAC-SHA256. The signing secret never leaves the server. Raw API keys are never stored—only their hashes.\n\n### Tamper-Evident Logs\nEach log entry is chained to the previous via a hash, making unauthorized modifications mathematically detectable.\n\n资料来源:[web/src/pages/privacy.tsx:100-130]()\n\n## Use Cases\n\n### Debugging\n> \"The agent did something weird at 3pm.\" Go to the audit trail, find the 3pm entries, see exactly what tools were called and with what parameters.\n\n### Compliance\nNeed to prove that your AI agent never accessed customer data it shouldn't have? The audit trail is your evidence.\n\n### Security Review\nAfter an incident, review all denied calls. Multiple denied calls for the same dangerous tool might indicate a prompt injection attack.\n\n### Performance Monitoring\nSee which tools are called most often and how they're being used.\n\n资料来源:[web/src/pages/guides.tsx:50-80]()\n\n## Data Retention\n\n| Plan | Retention Period | Notes |\n|------|------------------|-------|\n| Free | 7 days | Audit logs trimmed after plan downgrade |\n| Pro | 30 days | Standard retention |\n| Enterprise | Custom | Configurable retention policies |\n\nWhen downgrading from Pro to Free, audit logs are trimmed to the 7-day window within 30 days. Users should export logs before downgrading if preservation is needed.\n\n资料来源:[web/src/pages/privacy.tsx:1-30]()\n\n## Reference Implementation\n\n| Component | Package | Description |\n|-----------|---------|-------------|\n| Policy evaluator | `@agentsid/sdk` | Core evaluation engine (TypeScript) |\n| MCP middleware | `@agentsid/sdk` | MCP protocol integration |\n| Audit API | `api.agentsid.dev` | REST API for audit operations |\n\n资料来源:[web/src/pages/spec.tsx:200-220]()\n\n## AuditEntry Data Model\n\nFrom the product specification, the core data model for audit entries:\n\n```\nAuditEntry {\n id: \"aud_...\"\n timestamp: ISO 8601\n agent_id: \"agt_...\"\n delegated_by: \"user_...\" // human in the chain\n tool: \"save_memory\"\n action: \"allow\" | \"deny\"\n params: { ... } // what was passed to the tool\n result: \"success\" | \"error\"\n delegation_chain: [user_abc → agt_xyz]\n}\n```\n\nQueryable by: agent, user, tool, time range, action.\nExportable as JSON or CSV for compliance.\n\n资料来源:[PRODUCT.md:1-50]()\n\n---\n\n\n\n## Backend API Reference\n\n### 相关页面\n\n相关主题:[High-Level Architecture](#high-level-architecture)\n\n
\n相关源码文件\n\n以下源码文件用于生成本页说明:\n\n- [web/src/pages/docs.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/docs.tsx)\n- [web/src/pages/spec.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/spec.tsx)\n- [web/src/pages/guides.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/guides.tsx)\n- [README.md](https://github.com/AgentsID-dev/agentsid/blob/main/README.md)\n- [web/src/pages/privacy.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/privacy.tsx)\n- [web/src/pages/research.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/research.tsx)\n
\n\n# Backend API Reference\n\n## Overview\n\nThe AgentsID Backend API provides a comprehensive identity, permissions, and audit system for AI agents. The API serves as the central control plane for managing agent identities, enforcing permission rules, and maintaining tamper-proof audit logs.\n\n**Base URL:** `https://api.agentsid.dev/api/v1`\n\nAll endpoints (except project creation and health checks) require a project API key in the `Authorization` header:\n\n```\nAuthorization: Bearer aid_proj_\n```\n\n## Authentication\n\n### Project API Key\n\nEvery project is assigned a unique API key during initialization. This key authenticates the project owner and grants access to all project resources including agents, permissions, and audit logs.\n\n**Key Format:** `aid_proj_` prefix followed by a 16+ character alphanumeric string\n\n**Example:**\n```bash\ncurl https://api.agentsid.dev/api/v1/audit/usage \\\n -H \"Authorization: Bearer aid_proj_xR7kM2pQ9...\"\n```\n\n### Agent Tokens\n\nAgent tokens are short-lived credentials issued to individual agents. Each agent receives a token upon registration with an optional TTL (time-to-live):\n\n```json\n{\n \"agent\": \"agt_7x9k2mNpQ4rS1tUv\",\n \"token\": \"aid_tok_...\",\n \"tokenId\": \"tok_abc123\",\n \"expiresAt\": \"2026-03-26 14:30:00+00:00\"\n}\n```\n\n资料来源:[web/src/pages/guides.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/guides.tsx)\n\n## API Endpoints\n\n### Projects\n\n| Endpoint | Method | Description |\n|----------|--------|-------------|\n| `/api/v1/projects` | POST | Create a new project |\n| `/api/v1/projects/{project_id}` | GET | Get project details |\n| `/api/v1/projects/{project_id}` | PATCH | Update project settings |\n\n资料来源:[web/src/pages/docs.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/docs.tsx)\n\n### Agents\n\n#### Register Agent\n\n```\nPOST /api/v1/agents/register\n```\n\nCreates a new agent and issues its first authentication token.\n\n**Request Body:**\n```json\n{\n \"name\": \"research-assistant\",\n \"onBehalfOf\": \"user_abc\",\n \"permissions\": [\"search_memories\", \"save_memory\"],\n \"ttlHours\": 24,\n \"metadata\": {\n \"framework\": \"langchain\"\n }\n}\n```\n\n**Response:**\n```json\n{\n \"id\": \"agt_7x9k2mNpQ4rS1tUv\",\n \"name\": \"research-assistant\",\n \"project_id\": \"proj_a1b2c3d4e5f6\",\n \"created_by\": \"user_abc\",\n \"status\": \"active\",\n \"expires_at\": \"2026-03-26 14:30:00+00:00\",\n \"metadata\": {\"framework\": \"langchain\"},\n \"created_at\": \"2026-03-25 14:30:00+00:00\",\n \"revoked_at\": null\n}\n```\n\n#### List Agents\n\n```\nGET /api/v1/agents/?status=active&limit=10\n```\n\nReturns a paginated list of agents within the project.\n\n**Query Parameters:**\n| Parameter | Type | Description |\n|-----------|------|-------------|\n| `status` | string | Filter by status: `active`, `revoked` |\n| `limit` | integer | Maximum results (default: 10) |\n\n#### Get Agent\n\n```\nGET /api/v1/agents/{agent_id}\n```\n\nRetrieves details for a specific agent.\n\n**Response Codes:**\n| Code | Reason |\n|------|--------|\n| `200 OK` | Agent found |\n| `401 Unauthorized` | Invalid or missing API key |\n| `404 Not Found` | Agent not found or does not belong to this project |\n\n#### Update Agent\n\n```\nPATCH /api/v1/agents/{agent_id}\n```\n\nUpdates an agent's name or metadata. Does not affect tokens or permissions.\n\n**Request Body:**\n```json\n{\n \"name\": \"new-agent-name\",\n \"metadata\": {\n \"version\": \"2.0\"\n }\n}\n```\n\n资料来源:[web/src/pages/docs.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/docs.tsx)\n\n### Permissions\n\n#### Check Permission\n\n```\nPOST /api/v1/check\n```\n\nValidates whether an agent is permitted to execute a specific tool. This is the core enforcement endpoint.\n\n**Request Body:**\n```json\n{\n \"agent_id\": \"agt_7x9k2mNpQ4rS1tUv\",\n \"tool\": \"delete_memory\"\n}\n```\n\n**Response (Allowed):**\n```json\n{\n \"allowed\": true,\n \"reason\": \"Allowed by rule: save_memory\",\n \"matched_rule\": {\n \"tool_pattern\": \"save_memory\",\n \"action\": \"allow\"\n }\n}\n```\n\n**Response (Denied):**\n```json\n{\n \"allowed\": false,\n \"reason\": \"No matching rule -- default deny\",\n \"matched_rule\": null\n}\n```\n\n**curl Example:**\n```bash\ncurl -X POST https://api.agentsid.dev/api/v1/check \\\n -H \"Authorization: Bearer aid_proj_xR7kM2pQ9...\" \\\n -H \"Content-Type: application/json\" \\\n -d '{\"agent_id\": \"agt_7x9k2mNpQ4rS1tUv\", \"tool\": \"delete_memory\"}'\n```\n\n#### Permission Rule Structure\n\n```json\n{\n \"tool_pattern\": \"github.push_files\",\n \"action\": \"allow\",\n \"constraints\": [\n { \"type\": \"rateLimit\", \"max\": 10, \"windowSeconds\": 3600 }\n ]\n}\n```\n\n**Tool Pattern Matching:**\n| Pattern | Description |\n|---------|-------------|\n| `*` | Match all tools |\n| `github.*` | Match all GitHub-related tools |\n| `save_memory` | Exact match |\n\n资料来源:[web/src/pages/spec.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/spec.tsx)\n\n### Validation\n\n#### Validate Tool Parameters\n\n```\nPOST /api/v1/validate\n```\n\nValidates parameters for a specific tool against defined schemas.\n\n### Audit\n\n#### Verify Integrity Chain\n\n```\nGET /api/v1/audit/verify\n```\n\nVerifies the cryptographic integrity of the audit log chain. Each entry contains a SHA-256 hash linking to the previous entry, creating a tamper-evident chain.\n\n**Response (Chain Valid):**\n```json\n{\n \"verified\": true,\n \"entries_checked\": 1523,\n \"message\": \"Integrity chain verified\"\n}\n```\n\n**Response (Chain Broken):**\n```json\n{\n \"verified\": false,\n \"entries_checked\": 1523,\n \"broken_at_id\": 42,\n \"message\": \"Integrity chain broken at entry 42 -- possible tampering\"\n}\n```\n\n#### Get Usage Statistics\n\n```\nGET /api/v1/audit/usage\n```\n\nReturns current usage statistics and plan limits for the authenticated project.\n\n**Response:**\n```json\n{\n \"events_this_month\": 1200,\n \"events_limit\": 10000,\n \"agents_active\": 5,\n \"agents_limit\": 25,\n \"plan\": \"free\"\n}\n```\n\n## Audit Log Format\n\n### Entry Schema\n\n```json\n{\n \"entryId\": \"entry_abc123\",\n \"timestamp\": \"2026-03-29T12:34:56.789Z\",\n \"agentId\": \"agent_def456\",\n \"delegationId\": \"del_xyz789\",\n \"tool\": \"github.push_files\",\n \"parameters\": {\n \"owner\": \"myorg\",\n \"repo\": \"myrepo\",\n \"branch\": \"main\"\n },\n \"decision\": \"allow\",\n \"matchedRule\": 2,\n \"constraintsEvaluated\": [\"rateLimit\", \"schedule\"],\n \"durationMs\": 3,\n \"prevEntryHash\": \"sha256:e3b0c44298fc1c149afb...\",\n \"entryHash\": \"sha256:a665a45920422f9d417e...\"\n}\n```\n\n### Hash Chain Integrity\n\nThe system uses SHA-256 cryptographic hashing to create a tamper-evident audit trail:\n\n```javascript\nentryHash = SHA-256(canonicalize(entry with entryHash=null))\n// First entry uses prevEntryHash: \"genesis\"\n```\n\n**Verification Algorithm:**\n```javascript\nfunction verifyChain(entries: AuditEntry[]): boolean {\n for (let i = 1; i < entries.length; i++) {\n const prev = entries[i - 1]\n const expected = SHA-256(canonicalize(entries[i].with(prevEntryHash = prev.entryHash)))\n if (entries[i].entryHash !== expected) {\n return false\n }\n }\n return true\n}\n```\n\n资料来源:[web/src/pages/spec.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/spec.tsx)\n\n## Constraint Types\n\nConstraints attach runtime conditions to rules beyond simple parameter validation.\n\n| Constraint | Purpose |\n|------------|---------|\n| `schedule` | Restrict execution to specific days/hours |\n| `rateLimit` | Limit requests within a time window |\n| `budget` | Cap monetary spend |\n| `sequence` | Require or forbid tool sequences |\n| `sessionLimit` | Limit concurrent sessions |\n| `riskScore` | Block high-risk operations |\n| `ipAllowlist` | Restrict to specific IP ranges |\n| `chainDepth` | Limit agent delegation depth |\n| `cooldown` | Enforce minimum time between calls |\n| `anomaly` | Detect unusual behavior patterns |\n\n### Schedule Constraint\n\n```json\n{\n \"type\": \"schedule\",\n \"daysOfWeek\": [1, 2, 3, 4, 5],\n \"hoursUTC\": [8, 17],\n \"timezone\": \"America/New_York\"\n}\n```\n\n### Rate Limit Constraint\n\n```json\n{\n \"type\": \"rateLimit\",\n \"max\": 100,\n \"windowSeconds\": 3600,\n \"scope\": \"agent\"\n}\n```\n\n| Scope | Description |\n|-------|-------------|\n| `agent` | Counter is per agent instance |\n| `principal` | Counter shared across all agents |\n\n### Budget Constraint\n\n```json\n{\n \"type\": \"budget\",\n \"currency\": \"usd\",\n \"max\": 10.00,\n \"windowSeconds\": 86400\n}\n```\n\n### Sequence Constraint\n\n```json\n{\n \"type\": \"sequence\",\n \"requires\": [\"filesystem.read_file\"],\n \"forbids\": [\"github.push_files\"]\n}\n```\n\n### Session Limit Constraint\n\n```json\n{\n \"type\": \"sessionLimit\",\n \"max\": 5\n}\n```\n\n### Risk Score Constraint\n\n```json\n{\n \"type\": \"riskScore\",\n \"maxScore\": 0.7\n}\n```\n\n### IP Allowlist Constraint\n\n```json\n{\n \"type\": \"ipAllowlist\",\n \"cidrs\": [\"10.0.0.0/8\", \"192.168.1.0/24\"]\n}\n```\n\n### Chain Depth Constraint\n\n```json\n{\n \"type\": \"chainDepth\",\n \"max\": 2\n}\n```\n\n### Cooldown Constraint\n\n```json\n{\n \"type\": \"cooldown\",\n \"seconds\": 300\n}\n```\n\n资料来源:[web/src/pages/spec.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/spec.tsx)\n\n## SDK Reference\n\nThe AgentsID SDK provides programmatic access to the API in multiple languages.\n\n### Available SDKs\n\n| Package | Registry | Command |\n|---------|----------|---------|\n| JavaScript/TypeScript | npm | `npm install @agentsid/sdk` |\n| Python | PyPI | `pip install agentsid` |\n| Ruby | RubyGems | `gem install agentsid` |\n\n### Agent Methods\n\n| Method | Parameters | Returns | Description |\n|--------|------------|---------|-------------|\n| `registerAgent` | `name, onBehalfOf, permissions?, ttlHours?, metadata?` | `{ agent, token, tokenId, expiresAt }` | Create a new agent and issue its first token |\n| `getAgent` | `agentId` | `Agent` | Get agent details by ID |\n| `listAgents` | `status?, limit?` | `Agent[]` | List agents, optionally filtered by status |\n| `updateAgent` | `agentId, name?, metadata?` | `Agent` | Update agent name or metadata |\n| `refreshToken` | `agentId, ttlHours?` | `{ token, tokenId, expiresAt }` | Issue new token, revoke all previous |\n\n### SDK Initialization\n\n```javascript\nimport AgentsID from '@agentsid/sdk'\n\nconst client = new AgentsID({\n projectKey: 'aid_proj_xR7kM2pQ9...',\n agentToken: 'aid_tok_...'\n})\n```\n\n资料来源:[web/src/pages/docs.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/docs.tsx)\n\n## CLI Reference\n\n### Initialization\n\n```bash\nnpx agentsid init \"My Production App\"\n```\n\nCreates a new project and receives the API key.\n\n**Output:**\n```\nCreating project \"My Production App\"...\nProject created successfully!\n\n Project ID: proj_a1b2c3d4e5f6\n API Key: aid_proj_xR7kM2pQ9...\n Plan: free\n\n Store your API key securely. It will not be shown again.\n```\n\n### Register Agent\n\n```bash\nnpx agentsid register-agent \\\n --name \"research-assistant\" \\\n --on-behalf-of \"user_abc\" \\\n --permissions \"search_memories,save_memory\" \\\n --ttl 24\n```\n\n**Output:**\n```\nAgent registered!\n\n Agent ID: agt_7x9k2mNpQ4rS1tUv\n Token: aid_tok_...\n Expires: 2026-03-26 14:30:00+00:00\n```\n\n## Architecture Overview\n\n```mermaid\ngraph TD\n A[AI Agent] -->|1. Request Tool Call| B[AgentsID SDK]\n B -->|2. Check Permission| C[AgentsID API]\n C -->|3. Evaluate Rules| D[Permission Engine]\n D -->|4. Query| E[(Database)]\n E -->|5. Rule Match| D\n D -->|6. Decision| C\n C -->|7. Allow/Deny| B\n B -->|8. Execute or Block| A\n C -->|9. Log Event| F[Audit Log]\n F -->|10. Hash Chain| G[Integrity Verification]\n```\n\n## Rate Limits and Quotas\n\n| Plan | Events/Month | Agents | Features |\n|------|--------------|--------|----------|\n| Free | 10,000 | 25 | Core permissions, basic audit |\n| Pro | 100,000 | 100 | Advanced constraints, SSO |\n| Enterprise | Unlimited | Unlimited | Custom SLAs, dedicated support |\n\n资料来源:[web/src/pages/privacy.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/privacy.tsx)\n\n## Error Handling\n\n| HTTP Code | Meaning | Common Causes |\n|-----------|---------|---------------|\n| `400 Bad Request` | Invalid request body | Missing required fields, malformed JSON |\n| `401 Unauthorized` | Authentication failed | Invalid or expired API key |\n| `403 Forbidden` | Permission denied | Agent lacks required permissions |\n| `404 Not Found` | Resource not found | Invalid agent ID or project ID |\n| `429 Too Many Requests` | Rate limit exceeded | Too many requests within time window |\n| `500 Internal Server Error` | Server error | System maintenance or outage |\n\n## Security Considerations\n\n### API Key Storage\n\n- API keys are hashed before storage; raw keys are never persisted\n- Project keys should be stored in environment variables\n- Agent tokens should be rotated periodically using `refreshToken`\n\n### Data Handling\n\n- Raw exports of project data, agent configurations, and audit logs are available in JSON format\n- PostHog analytics is opt-in only, gated behind cookie consent\n- The system does not sell user data\n\n### Audit Log Immutability\n\nThe hash chain mechanism ensures:\n\n1. Any tampering with historical entries breaks the chain\n2. Verification can be performed at any time via `/api/v1/audit/verify`\n3. Genesis entry uses a fixed seed value: `\"genesis\"`\n\n资料来源:[web/src/pages/privacy.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/privacy.tsx)\n\n## Related Documentation\n\n- [Guides and Tutorials](https://agentsid.dev/guides)\n- [Full API Documentation](https://agentsid.dev/docs#api-reference)\n- [Privacy Policy](https://agentsid.dev/privacy)\n- [Research Papers](https://agentsid.dev/research)\n\n---\n\n\n\n## Approval Gates and Webhooks\n\n### 相关页面\n\n相关主题:[Deny-First Permission System](#permission-system), [Tamper-Evident Audit System](#audit-system)\n\n
\nRelated Source Files\n\n以下源码文件用于生成本页说明:\n\n- [server/src/services/approval.py](https://github.com/AgentsID-dev/agentsid/blob/main/server/src/services/approval.py)\n- [server/src/api/approvals.py](https://github.com/AgentsID-dev/agentsid/blob/main/server/src/api/approvals.py)\n- [server/src/api/webhooks.py](https://github.com/AgentsID-dev/agentsid/blob/main/server/src/api/webhooks.py)\n- [server/src/services/webhook.py](https://github.com/AgentsID-dev/agentsid/blob/main/server/src/services/webhook.py)\n- [server/src/services/notifications.py](https://github.com/AgentsID-dev/agentsid/blob/main/server/src/services/notifications.py)\n
\n\n# Approval Gates and Webhooks\n\nAgentsID provides two complementary mechanisms for controlling and monitoring AI agent behavior: **Approval Gates** and **Webhooks**. Together, they enable organizations to implement human-in-the-loop oversight for sensitive operations while maintaining real-time visibility into agent activities through event-driven notifications.\n\n## Overview\n\nApproval Gates pause agent tool executions and require explicit human authorization before proceeding. This creates a checkpoint system where certain actions cannot complete without human review.\n\nWebhooks deliver real-time event notifications to your systems when significant events occur—including when approvals are requested, when decisions are made, and when policy violations or rate limits are encountered.\n\n资料来源:[web/src/pages/docs.tsx:1-100]()\n\n## Approval Gates\n\n### Purpose and Scope\n\nApproval Gates provide human-in-the-loop control over agent actions. When an agent attempts to execute a tool that matches a permission rule with `requires_approval: true`, the system halts execution and creates a pending approval record.\n\nThe approval mechanism supports:\n\n- **Tool-specific gating**: Require approval only for specific dangerous operations (file writes, deletions, deployments)\n- **Universal gating**: Require approval for all tool calls (maximum oversight)\n- **Conditional gating**: Combine with other permission constraints (schedule, rate limits, risk scores)\n- **Time-boxed decisions**: Approvers receive notifications and must decide within acceptable timeframes\n\n资料来源:[web/src/pages/guides.tsx:1-50]()\n\n### How Approval Gates Work\n\n```mermaid\nsequenceDiagram\n participant Agent\n participant AgentsID_API\n participant ApprovalService\n participant NotificationService\n participant Human\n participant Dashboard\n\n Agent->>AgentsID_API: Tool call (e.g., delete_file)\n AgentsID_API->>ApprovalService: Validate against permission rules\n ApprovalService-->>AgentsID_API: requires_approval: true\n AgentsID_API->>ApprovalService: Create pending approval\n ApprovalService-->>AgentsID_API: approval_id\n AgentsID_API-->>Agent: 202 Accepted (pending)\n NotificationService->>Human: Email/webhook notification\n Human->>Dashboard: Review approval request\n Human->>Dashboard: Approve or reject\n Dashboard->>ApprovalService: Process decision\n ApprovalService-->>Agent: Decision (allow/deny)\n```\n\n### Configuring Approval Gates\n\nApproval gates are configured within permission rules using the `requires_approval` field:\n\n```json\n{\n \"tool_pattern\": \"deploy_production\",\n \"action\": \"allow\",\n \"requires_approval\": true\n}\n```\n\n#### Cautious Agent Template\n\nFor maximum oversight, all tool calls can require approval:\n\n```json\n[\n { \"tool_pattern\": \"*\", \"action\": \"allow\", \"requires_approval\": true }\n]\n```\n\nThis configuration pauses every agent action and requires human authorization before execution proceeds. The system waits indefinitely for a decision.\n\n资料来源:[web/src/pages/guides.tsx:1-50]()\n\n#### Selective Approval Requirements\n\nConfigure approval requirements for specific high-risk operations while allowing routine operations to proceed automatically:\n\n```json\n[\n { \"tool_pattern\": \"read_file\", \"action\": \"allow\" },\n { \"tool_pattern\": \"search_code\", \"action\": \"allow\" },\n { \"tool_pattern\": \"list_files\", \"action\": \"allow\" },\n { \"tool_pattern\": \"write_file\", \"action\": \"allow\", \"requires_approval\": true },\n { \"tool_pattern\": \"execute_*\", \"action\": \"deny\" },\n { \"tool_pattern\": \"deploy_*\", \"action\": \"deny\" },\n { \"tool_pattern\": \"delete_*\", \"action\": \"deny\" }\n]\n```\n\n资料来源:[web/src/pages/guides.tsx:50-100]()\n\n### Approval API Endpoints\n\n#### List Pending Approvals\n\nRetrieves all pending approval requests for the authenticated project.\n\n| Property | Value |\n|----------|-------|\n| Method | `GET` |\n| Path | `/api/v1/approvals/` |\n\n**Response:**\n\n```json\n[\n {\n \"id\": 1,\n \"agent_id\": \"agt_7x9k2mNpQ4rS1tUv\",\n \"tool\": \"delete_user\",\n \"params\": { \"user_id\": \"usr_123\" },\n \"status\": \"pending\",\n \"requested_at\": \"2026-03-25 14:30:00+00:00\"\n }\n]\n```\n\n**curl Example:**\n\n```bash\ncurl \"https://api.agentsid.dev/api/v1/approvals/\" \\\n -H \"Authorization: Bearer aid_proj_xR7kM2pQ9...\"\n```\n\n资料来源:[web/src/pages/docs.tsx:1-100]()\n\n#### Get Pending Approval Count\n\nReturns the count of pending approvals, useful for dashboard badges and polling applications.\n\n| Property | Value |\n|----------|-------|\n| Method | `GET` |\n| Path | `/api/v1/approvals/count` |\n\n**Response:**\n\n```json\n{\n \"pending_count\": 3\n}\n```\n\n**curl Example:**\n\n```bash\ncurl \"https://api.agentsid.dev/api/v1/approvals/count\" \\\n -H \"Authorization: Bearer aid_proj_xR7kM2pQ9...\"\n```\n\n资料来源:[web/src/pages/docs.tsx:100-200]()\n\n#### Approve a Pending Action\n\nGrants authorization for a previously pending tool call.\n\n| Property | Value |\n|----------|-------|\n| Method | `POST` |\n| Path | `/api/v1/approvals/{id}/approve` |\n\n**Request Body:**\n\n| Field | Type | Required | Description |\n|-------|------|----------|-------------|\n| `decided_by` | string | Yes | Identifier of the human approver |\n| `reason` | string | No | Optional reason for the decision |\n\n**Example Request Body:**\n\n```json\n{\n \"decided_by\": \"admin@example.com\",\n \"reason\": \"Verified with user\"\n}\n```\n\n**curl Example:**\n\n```bash\ncurl -X POST \"https://api.agentsid.dev/api/v1/approvals/1/approve\" \\\n -H \"Authorization: Bearer aid_proj_xR7kM2pQ9...\" \\\n -H \"Content-Type: application/json\" \\\n -d '{\"decided_by\": \"admin@example.com\"}'\n```\n\n资料来源:[web/src/pages/docs.tsx:200-300]()\n\n#### Reject a Pending Action\n\nDenies authorization for a pending tool call.\n\n| Property | Value |\n|----------|-------|\n| Method | `POST` |\n| Path | `/api/v1/approvals/{id}/reject` |\n\n**Request Body:**\n\n| Field | Type | Required | Description |\n|-------|------|----------|-------------|\n| `decided_by` | string | Yes | Identifier of the human rejecting |\n| `reason` | string | No | Reason for rejection |\n\n**curl Example:**\n\n```bash\ncurl -X POST \"https://api.agentsid.dev/api/v1/approvals/1/reject\" \\\n -H \"Authorization: Bearer aid_proj_xR7kM2pQ9...\" \\\n -H \"Content-Type: application/json\" \\\n -d '{\"decided_by\": \"admin@example.com\", \"reason\": \"Not authorized\"}'\n```\n\n资料来源:[web/src/pages/docs.tsx:300-400]()\n\n### SDK Usage\n\nThe TypeScript/Python SDKs provide convenient methods for working with approvals:\n\n```typescript\nimport { AgentsID } from \"@agentsid/sdk\"\n\nconst client = new AgentsID({ apiKey: process.env.AGENTSID_API_KEY })\n\n// List pending approvals\nconst pending = await client.approvals.list();\n\n// Approve an action\nawait client.approvals.approve(approvalId, { decidedBy: 'admin@example.com' });\n\n// Reject an action\nawait client.approvals.reject(approvalId, { decidedBy: 'admin@example.com', reason: 'Security policy violation' });\n```\n\n资料来源:[README.md:1-100]()\n\n## Webhooks\n\n### Purpose and Scope\n\nWebhooks enable real-time event notifications sent to your configured endpoints. When significant events occur within the AgentsID system, HTTP POST requests are delivered to your registered URLs with event payloads.\n\nAgentsID supports **8 webhook event types**:\n\n| Event Type | Trigger |\n|------------|---------|\n| `agent.created` | New agent registered |\n| `agent.revoked` | Agent token revoked |\n| `agent.denied` | Agent denied (permission violation) |\n| `limit.approaching` | Usage approaching plan limits |\n| `limit.reached` | Plan limits reached |\n| `approval.requested` | New approval requested |\n| `approval.decided` | Approval resolved (approved or rejected) |\n| `chain.broken` | Audit chain integrity broken |\n\n资料来源:[README.md:100-200]()\n\n### Webhook Architecture\n\n```mermaid\ngraph TD\n subgraph Events\n A[Agent Created] --> W[Webhook Service]\n B[Approval Requested] --> W\n C[Limit Reached] --> W\n D[Chain Broken] --> W\n end\n \n subgraph Delivery\n W --> S[Signature Verification]\n S --> R[Retry Queue]\n R --> E[Endpoint Delivery]\n end\n \n subgraph Consumer\n E --> P[Your Application]\n end\n```\n\n### Creating Webhook Subscriptions\n\n| Property | Value |\n|----------|-------|\n| Method | `POST` |\n| Path | `/api/v1/webhooks/` |\n\n**Request Body:**\n\n| Field | Type | Required | Description |\n|-------|------|----------|-------------|\n| `name` | string | Yes | Webhook name (1-255 characters) |\n| `url` | string | Yes | Destination URL (1-2000 characters) |\n| `events` | string[] | Yes | Array of event types to subscribe to |\n| `secret` | string | No | Shared secret for signature verification |\n\n资料来源:[web/src/pages/docs.tsx:400-500]()\n\n### Webhook Payload Structure\n\nEach webhook delivery includes a JSON payload with event details:\n\n```json\n{\n \"event\": \"approval.requested\",\n \"timestamp\": \"2026-03-25T14:30:00Z\",\n \"data\": {\n \"approval_id\": 1,\n \"agent_id\": \"agt_7x9k2mNpQ4rS1tUv\",\n \"tool\": \"deploy_production\",\n \"params\": { \"environment\": \"production\" }\n }\n}\n```\n\n### Webhook Security\n\nWebhook requests include signature headers for verification:\n\n| Header | Description |\n|--------|-------------|\n| `X-AgentsID-Signature` | HMAC-SHA256 signature of the payload |\n| `X-AgentsID-Timestamp` | Unix timestamp of the request |\n\nVerify signatures by computing the HMAC-SHA256 of the payload using your webhook secret and comparing it to the provided signature.\n\n### Retry Policy\n\nFailed webhook deliveries (non-2xx responses or timeouts) are retried with exponential backoff:\n\n- First retry: 1 minute\n- Second retry: 5 minutes\n- Third retry: 30 minutes\n- Final retry: 2 hours\n\nAfter all retry attempts, the webhook delivery is marked as failed and no further retries occur.\n\n## Dashboard Integration\n\nThe AgentsID dashboard provides a visual interface for managing approvals and viewing webhook configurations.\n\n### Approvals Dashboard\n\nFrom the dashboard at `agentsid.dev/dashboard`, administrators can:\n\n- View all pending approval requests\n- See tool parameters and context\n- Approve or reject requests\n- View approval history\n\n资料来源:[web/src/pages/guides.tsx:1-50]()\n\n### Permission Editor\n\nThe dashboard includes a visual permission editor that allows configuring `requires_approval` flags:\n\n```typescript\ninterface PermissionRule {\n tool_pattern: string;\n action: \"allow\" | \"deny\";\n requires_approval?: boolean;\n priority?: number;\n schedule?: ScheduleConfig;\n rate_limit?: RateLimitConfig;\n}\n```\n\nThe editor displays active rules with their approval requirements and other constraint indicators.\n\n资料来源:[web/src/components/dashboard/PoliciesTab.tsx:1-100]()\n\n## Audit Trail Integration\n\nAll approval-related events are recorded in the audit trail:\n\n| Audit Entry Field | Description |\n|-------------------|-------------|\n| `entryId` | Unique identifier |\n| `timestamp` | ISO 8601 timestamp |\n| `agentId` | Agent that triggered the event |\n| `tool` | Tool that was called |\n| `parameters` | Tool parameters |\n| `decision` | allow, deny, or pending |\n| `matchedRule` | Index of matched permission rule |\n| `constraintsEvaluated` | List of constraints checked |\n\nThe audit trail maintains hash-chain integrity for compliance verification. Each entry's hash includes the previous entry's hash, creating an immutable chain.\n\n资料来源:[web/src/pages/spec.tsx:1-100]()\n\n## Use Cases\n\n### Development Environment Approval\n\nConfigure automatic deployments to staging while requiring approval for production:\n\n```json\n[\n { \"tool_pattern\": \"deploy_staging\", \"action\": \"allow\" },\n { \"tool_pattern\": \"deploy_production\", \"action\": \"allow\", \"requires_approval\": true }\n]\n```\n\n### Data Protection Workflow\n\nRequire approval for operations accessing confidential data:\n\n```json\n[\n { \"tool_pattern\": \"read_data\", \"action\": \"allow\", \"data_level\": [\"internal\"] },\n { \"tool_pattern\": \"read_data\", \"action\": \"allow\", \"data_level\": [\"confidential\", \"restricted\"], \"requires_approval\": true }\n]\n```\n\n### Training Wheels Mode\n\nFor new agents or testing, require approval for everything:\n\n```json\n[\n { \"tool_pattern\": \"*\", \"action\": \"allow\", \"requires_approval\": true }\n]\n```\n\nThis allows observing agent behavior before granting full autonomy.\n\n资料来源:[web/src/pages/guides.tsx:50-100]()\n\n## Summary\n\n| Feature | Description |\n|---------|-------------|\n| **Approval Gates** | Pause tool execution for human review before allowing or denying |\n| **Webhooks** | Real-time event notifications to external systems |\n| **Approval API** | Programmatic access to pending approvals and decision-making |\n| **Dashboard** | Visual interface for managing approvals and viewing audit logs |\n| **Integration** | SDK support for TypeScript, Python, Ruby, and Java |\n\n---\n\n\n\n## Web Dashboard\n\n### 相关页面\n\n相关主题:[Backend API Reference](#backend-api)\n\n
\nRelevant Source Files\n\n以下源码文件用于生成本页说明:\n\n- [web/src/pages/dashboard.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/dashboard.tsx)\n- [web/src/components/dashboard](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/components/dashboard)\n- [web/src/components/dashboard/Skeletons.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/components/dashboard/Skeletons.tsx)\n- [web/src/components/dashboard/AgentCards.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/components/dashboard/AgentCards.tsx)\n- [web/src/components/dashboard/PermissionEditor.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/components/dashboard/PermissionEditor.tsx)\n- [web/src/components/dashboard/AuditFeed.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/components/dashboard/AuditFeed.tsx)\n- [web/src/pages/guides.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/guides.tsx)\n- [web/src/pages/terms.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/terms.tsx)\n- [web/src/pages/privacy.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/privacy.tsx)\n
\n\n# Web Dashboard\n\nThe Web Dashboard is the central management interface for AgentsID, providing real-time monitoring, agent configuration, and audit trail visualization for AI agent security controls.\n\n## Overview\n\nThe dashboard serves as the command center where users:\n\n- **Monitor agent activity** in real-time through the audit feed\n- **Manage agent permissions** using pattern-based tool allow/deny rules\n- **Register and configure new agents** with unique tokens\n- **View security statistics** and compliance metrics\n- **Access audit logs** for forensic analysis and compliance reporting\n\n资料来源:[web/src/pages/dashboard.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/dashboard.tsx)\n\n## Architecture\n\n```mermaid\ngraph TD\n A[Browser Client] --> B[Dashboard App]\n B --> C[Supabase Backend]\n C --> D[AgentsID API]\n D --> E[Protected MCP Servers]\n \n B --> F[Sidebar Navigation]\n B --> G[Main Content Area]\n B --> H[Register Agent Modal]\n \n G --> I[Overview Tab]\n G --> J[Agents Tab]\n G --> K[Audit Feed Tab]\n \n I --> L[AuditStats]\n J --> M[AgentCards]\n J --> N[PermissionEditor]\n K --> O[AuditFeed]\n```\n\n## Dashboard Layout Structure\n\nThe dashboard uses a responsive sidebar layout with the following regions:\n\n| Region | Description | File Reference |\n|--------|-------------|----------------|\n| **Sidebar** | Persistent navigation with tab switching | `web/src/pages/dashboard.tsx` |\n| **Mobile Header** | Hamburger menu for mobile navigation | `web/src/pages/dashboard.tsx` |\n| **Main Content** | Tab-based content area | `web/src/pages/dashboard.tsx` |\n| **Error Banner** | Error display with retry capability | `web/src/pages/dashboard.tsx` |\n\n### Responsive Behavior\n\n- **Desktop (md+)**: Fixed 240px sidebar on the left, content area with `md:ml-60` offset\n- **Mobile**: Collapsible sidebar with hamburger toggle, full-width content\n- **Max Content Width**: 1400px centered with `max-w-[1400px] mx-auto`\n\n资料来源:[web/src/pages/dashboard.tsx:1-50](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/dashboard.tsx)\n\n## Tab Navigation\n\nThe dashboard supports the following navigation tabs:\n\n```mermaid\nstateDiagram-v2\n [*] --> Overview\n Overview --> Agents\n Agents --> AuditFeed\n AuditFeed --> Overview\n \n Overview: OverviewTab
apiKey, agents, auditStats\n Agents: AgentCards + PermissionEditor\n AuditFeed: AuditFeed Component\n```\n\n### Tab States\n\n| Tab | Component | Key Props |\n|-----|-----------|-----------|\n| `overview` | OverviewTab | apiKey, agents, auditStats, onTabChange, onRegisterAgent |\n| `agents` | Agent management view | AgentCards, PermissionEditor |\n| Audit Feed | Real-time event stream | AuditFeed with filtering |\n\n资料来源:[web/src/pages/dashboard.tsx:100-150](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/dashboard.tsx)\n\n## Core Components\n\n### AgentCards\n\nDisplays registered agents with status indicators and activity metrics.\n\n**Key Features:**\n- Agent name and status display\n- Activity counters (allow/deny events)\n- Quick action buttons for agent management\n\n资料来源:[web/src/components/dashboard/AgentCards.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/components/dashboard/AgentCards.tsx)\n\n### PermissionEditor\n\nConfigures tool permission rules for each agent using pattern matching.\n\n**Permission Rule Structure:**\n\n```typescript\ninterface PermissionRule {\n tool_pattern: string; // Glob pattern for tool names\n action: \"allow\" | \"deny\";\n}\n```\n\n**Example Configuration:**\n\n```json\n[\n { \"tool_pattern\": \"search_*\", \"action\": \"allow\" },\n { \"tool_pattern\": \"read_*\", \"action\": \"allow\" },\n { \"tool_pattern\": \"write_*\", \"action\": \"deny\" },\n { \"tool_pattern\": \"delete_*\", \"action\": \"deny\" }\n]\n```\n\n资料来源:[web/src/components/dashboard/PermissionEditor.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/components/dashboard/PermissionEditor.tsx)\n\n### AuditFeed\n\nProvides real-time visibility into agent tool calls with allow/deny decisions.\n\n**Audit Event Properties:**\n- Agent name and identifier\n- Tool call name and parameters\n- Decision status (allowed/denied)\n- Timestamp\n- Traces back to the rule commit that authorized the decision\n\n资料来源:[web/src/components/dashboard/AuditFeed.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/components/dashboard/AuditFeed.tsx)\n资料来源:[web/src/pages/landing.tsx:50-60](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/landing.tsx)\n\n## Data Models\n\n### AuditStats\n\nCollected from the dashboard for real-time monitoring:\n\n| Field | Type | Description |\n|-------|------|-------------|\n| totalEvents | number | Total audit events |\n| allowedCount | number | Allowed tool calls |\n| deniedCount | number | Denied tool calls |\n| recentActivity | Event[] | Last N events for display |\n\n资料来源:[web/src/pages/dashboard.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/dashboard.tsx)\n\n### Agent Data\n\n| Field | Description |\n|-------|-------------|\n| agentId | Unique identifier |\n| name | Human-readable agent name |\n| token | Agent authentication token |\n| tokenId | Token reference ID |\n| expiresAt | Token expiration timestamp |\n| permissions | Array of PermissionRule objects |\n| status | \"active\" \\| \"inactive\" \\| \"expired\" |\n| metadata | Optional additional data |\n\n资料来源:[web/src/pages/docs.tsx:SDK_INIT_TABS](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/docs.tsx)\n\n## Agent Registration Flow\n\n```mermaid\nsequenceDiagram\n participant User\n participant Dashboard\n participant Modal as RegisterAgentModal\n participant API as AgentsID API\n \n User->>Dashboard: Click \"Register Agent\"\n Dashboard->>Modal: Open registration modal\n User->>Modal: Enter agent details\n Modal->>API: registerAgent(name, permissions)\n API->>API: Generate token + tokenId\n API->>Modal: Return {agent, token, tokenId, expiresAt}\n Modal->>User: Display credentials\n User->>Dashboard: Configure MCP server with token\n```\n\n### Registration Modal\n\nAccessible from both the Overview tab and Agents tab via the `onRegisterAgent` callback.\n\n资料来源:[web/src/pages/dashboard.tsx:Footer](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/dashboard.tsx)\n\n## Error Handling\n\n### Error Banner Component\n\nWhen dashboard data loading fails:\n\n```tsx\n{loadError && (\n
\n {loadError}\n \n
\n)}\n```\n\n**Features:**\n- Auto-dismiss on successful retry\n- Manual retry button\n- Responsive margin/padding\n\n资料来源:[web/src/pages/dashboard.tsx:100-115](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/dashboard.tsx)\n\n## Loading States\n\n### DashboardSkeleton\n\nDisplayed during initial page load for better UX:\n\n| Skeleton Region | Description |\n|-----------------|-------------|\n| Sidebar skeleton | 240px width, logo + navigation items |\n| Main content skeleton | Header + tab content placeholders |\n| Chart skeleton | 200px height area chart placeholder |\n\n```tsx\nfunction DashboardSkeleton() {\n return (\n
\n {/* Sidebar skeleton */}\n
\n \n
\n \n \n \n \n
\n
\n {/* Main content skeleton */}\n
\n \n
\n
\n );\n}\n```\n\n资料来源:[web/src/components/dashboard/Skeletons.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/components/dashboard/Skeletons.tsx)\n\n## Privacy and Data Practices\n\nThe dashboard handles the following user data:\n\n| Data Type | Storage | Purpose |\n|-----------|---------|---------|\n| Email address | Supabase Auth | Account identification |\n| Project names | Dashboard DB | Project organization |\n| Agent names/permissions | Dashboard DB | Agent configuration |\n| API key hashes | Dashboard DB | Credential verification (never raw) |\n| Audit log entries | Dashboard DB | Compliance and monitoring |\n| Token metadata | Dashboard DB | HMAC verification |\n\n资料来源:[web/src/pages/privacy.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/privacy.tsx)\n资料来源:[web/src/pages/terms.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/terms.tsx)\n\n## Navigation Links\n\nThe dashboard footer provides links to related pages:\n\n| Link | Path | Purpose |\n|------|------|---------|\n| Docs | `/docs` | SDK documentation |\n| Guides | `/guides` | Setup tutorials |\n| Dashboard | `/dashboard` | Current page |\n| GitHub | External | Source code repository |\n| Terms | `/terms` | Terms of service |\n| Privacy | `/privacy` | Privacy policy |\n\n资料来源:[web/src/pages/dashboard.tsx:Footer](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/dashboard.tsx)\n\n## Usage with AI Coding Tools\n\nThe dashboard integrates with AI coding assistants through MCP (Model Context Protocol) servers:\n\n| Platform | Setup Command | Configuration |\n|----------|---------------|---------------|\n| Claude Code | `claude mcp add` | Environment variables for project key and agent token |\n| Codex CLI | `codex mcp add` | Similar MCP server registration |\n\n### Testing Workflow\n\n1. **Register agent** → Get project key and agent token\n2. **Configure MCP server** → Set environment variables\n3. **Test allowed calls** → Verify successful tool executions\n4. **Test denied calls** → Verify blocked operations\n5. **Check dashboard** → Review audit feed for all events\n\n资料来源:[web/src/pages/guides.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/guides.tsx)\n\n## Security Model\n\n```mermaid\ngraph LR\n A[AI Agent] -->|tool_call| B[AgentsID Scanner]\n B -->|allow/deny| C[Dashboard Audit Feed]\n C -->|visualize| D[User Dashboard]\n \n B -->|block| A[AI Agent]\n B -->|allow| E[Protected MCP Server]\n```\n\n**Key Security Properties:**\n- API keys are hashed before storage (never stored raw)\n- Token-based authentication with configurable TTL\n- Pattern-based permission rules\n- Complete audit trail for all tool calls\n- Compliance with data export and opt-out requirements\n\n资料来源:[web/src/pages/privacy.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/privacy.tsx)\n\n---\n\n\n\n## Multi-Language SDKs\n\n### 相关页面\n\n相关主题:[Quick Start Guide](#quick-start-guide), [Backend API Reference](#backend-api)\n\n
\n相关源码文件\n\n以下源码文件用于生成本页说明:\n\n- [sdk-typescript/src/client.ts](https://github.com/AgentsID-dev/agentsid/blob/main/sdk-typescript/src/client.ts)\n- [sdk-typescript/src/middleware.ts](https://github.com/AgentsID-dev/agentsid/blob/main/sdk-typescript/src/middleware.ts)\n- [sdk-python/agentsid/client.py](https://github.com/AgentsID-dev/agentsid/blob/main/sdk-python/agentsid/client.py)\n- [sdk-python/agentsid/middleware.py](https://github.com/AgentsID-dev/agentsid/blob/main/sdk-python/agentsid/middleware.py)\n- [sdk-ruby/lib/agentsid/client.rb](https://github.com/AgentsID-dev/agentsid/blob/main/sdk-ruby/lib/agentsid/client.rb)\n- [sdk-java/src/main/java/dev/agentsid/AgentsID.java](https://github.com/AgentsID-dev/agentsid/blob/main/sdk-java/src/main/java/dev/agentsid/AgentsID.java)\n- [sdk-java/src/main/java/dev/agentsid/MCPMiddleware.java](https://github.com/AgentsID-dev/agentsid/blob/main/sdk-java/src/main/java/dev/agentsid/MCPMiddleware.java)\n
\n\n# Multi-Language SDKs\n\nAgentsID provides official Software Development Kits (SDKs) for multiple programming languages, enabling developers to integrate agent permission management, tool validation, and audit logging into their applications regardless of their preferred technology stack. Each SDK exposes a unified API surface while adapting to language-specific conventions and idioms.\n\n## Overview\n\nThe AgentsID SDK ecosystem covers four primary languages:\n\n| Language | Package/Registry | Primary Module |\n|----------|------------------|----------------|\n| TypeScript/JavaScript | `@agentsid/sdk` | `client.ts`, `middleware.ts` |\n| Python | `agentsid` (PyPI) | `client.py`, `middleware.py` |\n| Ruby | `agentsid` (RubyGems) | `client.rb` |\n| Java | Maven Central | `AgentsID.java`, `MCPMiddleware.java` |\n\n资料来源:[web/src/pages/docs.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/docs.tsx)\n\n## SDK Architecture\n\nAll SDKs follow a consistent layered architecture consisting of:\n\n1. **Client Layer** - Core API wrapper handling authentication, request serialization, and HTTP communication\n2. **Middleware Layer** - Integration adapters for frameworks like MCP (Model Context Protocol) and HTTP servers\n3. **Model Layer** - Typed data structures for requests, responses, and domain objects (agents, tokens, permissions)\n\n```mermaid\ngraph TD\n A[Application Code] --> B[SDK Client]\n B --> C[HTTP/REST API]\n C --> D[AgentsID Backend]\n \n E[Framework Integration] --> B\n F[MCP Server] --> E\n G[HTTP Server] --> E\n \n B --> H[Response Models]\n H --> A\n```\n\n资料来源:[sdk-typescript/src/client.ts](https://github.com/AgentsID-dev/agentsid/blob/main/sdk-typescript/src/client.ts), [sdk-python/agentsid/client.py](https://github.com/AgentsID-dev/agentsid/blob/main/sdk-python/agentsid/client.py)\n\n## Initialization\n\n### TypeScript/JavaScript\n\n```typescript\nimport { AgentsID } from '@agentsid/sdk';\n\nconst aid = new AgentsID({ \n projectKey: 'aid_proj_YOUR_KEY' \n});\n```\n\n资料来源:[web/src/pages/guides.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/guides.tsx)\n\n### Python\n\n```python\nfrom agentsid import AgentsID\n\naid = AgentsID(project_key=\"aid_proj_YOUR_KEY\")\n```\n\n资料来源:[web/src/pages/guides.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/guides.tsx)\n\n### Ruby\n\n```ruby\nrequire 'agentsid'\n\naid = AgentsID.new(project_key: 'aid_proj_YOUR_KEY')\n```\n\n资料来源:[sdk-ruby/lib/agentsid/client.rb](https://github.com/AgentsID-dev/agentsid/blob/main/sdk-ruby/lib/agentsid/client.rb)\n\n### Java\n\n```java\nimport dev.agentsid.AgentsID;\n\nAgentsID aid = new AgentsID(\"aid_proj_YOUR_KEY\");\n```\n\n资料来源:[sdk-java/src/main/java/dev/agentsid/AgentsID.java](https://github.com/AgentsID-dev/agentsid/blob/main/sdk-java/src/main/java/dev/agentsid/AgentsID.java)\n\n## Agent Management\n\n### Registering an Agent\n\nThe `registerAgent` method creates a new agent with scoped permissions and issues its first authentication token.\n\n```mermaid\nsequenceDiagram\n participant App as Application\n participant SDK as SDK Client\n participant API as AgentsID API\n \n App->>SDK: registerAgent(name, onBehalfOf, permissions)\n SDK->>API: POST /api/v1/agents\n API->>API: Create agent record\n API->>API: Generate token with JWT\n API-->>SDK: { agent, token, tokenId, expiresAt }\n SDK-->>App: Agent credentials\n```\n\n资料来源:[sdk-typescript/src/client.ts](https://github.com/AgentsID-dev/agentsid/blob/main/sdk-typescript/src/client.ts)\n\n**Method Signature (TypeScript):**\n\n```typescript\nconst { agent, token, tokenId, expiresAt } = await aid.registerAgent({\n name: 'research-bot',\n onBehalfOf: 'user_123',\n permissions: ['search_*', 'save_memory'],\n});\n```\n\n**Parameters:**\n\n| Parameter | Type | Required | Description |\n|-----------|------|----------|-------------|\n| `name` | string | Yes | Human-readable agent identifier |\n| `onBehalfOf` | string | Yes | Principal ID (user or system) the agent acts for |\n| `permissions` | string[] | No | Permission patterns to grant (e.g., `save_memory`, `search_*`) |\n| `ttlHours` | number | No | Token lifetime in hours (default varies by plan) |\n| `metadata` | object | No | Arbitrary key-value pairs for organization |\n\n资料来源:[web/src/pages/docs.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/docs.tsx)\n\n### Agent Methods Reference\n\n| Method | Description | Returns |\n|--------|-------------|---------|\n| `registerAgent()` | Create a new agent with initial token | `{ agent, token, tokenId, expiresAt }` |\n| `getAgent(agentId)` | Retrieve agent details | `Agent` object |\n| `listAgents(status?, limit?)` | List agents with optional filtering | `Agent[]` |\n| `updateAgent(agentId, updates)` | Update agent name or metadata | `Agent` object |\n| `refreshToken(agentId, ttlHours?)` | Revoke existing tokens and issue new one | `{ token, tokenId, expiresAt }` |\n| `revokeAgent(agentId)` | Permanently deactivate an agent | `void` |\n\n资料来源:[web/src/pages/docs.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/docs.tsx), [sdk-python/agentsid/client.py](https://github.com/AgentsID-dev/agentsid/blob/main/sdk-python/agentsid/client.py)\n\n## Permission Validation\n\n### Checking Tool Access\n\nThe `validate` method checks whether an agent's token permits execution of a specific tool.\n\n```typescript\nconst result = await aid.validate(token, 'save_memory');\nconsole.log(result.permission.allowed); // → true\n```\n\n**Response Schema:**\n\n```json\n{\n \"valid\": true,\n \"agent_id\": \"agt_7x9k2mNpQ4rS1tUv\",\n \"timestamp\": \"2026-03-25T14:30:00Z\",\n \"permission\": {\n \"allowed\": true,\n \"reason\": \"Allowed by rule: save_memory\",\n \"matched_rule\": {\n \"tool_pattern\": \"save_memory\",\n \"action\": \"allow\"\n }\n }\n}\n```\n\n资料来源:[web/src/pages/docs.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/docs.tsx)\n\n### Deny-First Default Behavior\n\nAgentsID employs a deny-first security model. If a tool is not explicitly listed in the agent's permission set, access is denied by default:\n\n```json\n{\n \"allowed\": false,\n \"reason\": \"No matching rule -- default deny\",\n \"matched_rule\": null\n}\n```\n\n资料来源:[web/src/pages/docs.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/docs.tsx)\n\n## Middleware Integration\n\n### HTTP Middleware\n\nThe HTTP middleware adapter enables seamless integration with existing web frameworks.\n\n```typescript\nimport { createHttpMiddleware } from '@agentsid/sdk';\n\nconst middleware = createHttpMiddleware({\n projectKey: 'aid_proj_YOUR_KEY',\n onUnauthorized: (req, res) => {\n res.status(401).json({ error: 'Invalid agent token' });\n }\n});\n```\n\n资料来源:[sdk-typescript/src/middleware.ts](https://github.com/AgentsID-dev/agentsid/blob/main/sdk-typescript/src/middleware.ts)\n\n### MCP Server Middleware\n\nFor Model Context Protocol servers, the SDK provides specialized middleware that intercepts tool calls before execution.\n\n```mermaid\ngraph LR\n A[AI Tool] -->|Tool Call| B[MCP Middleware]\n B --> C{Validate with AgentsID}\n C -->|Allowed| D[Tool Handler]\n C -->|Denied| E[Error Response]\n D --> F[Execute Tool]\n```\n\n资料来源:[sdk-java/src/main/java/dev/agentsid/MCPMiddleware.java](https://github.com/AgentsID-dev/agentsid/blob/main/sdk-java/src/main/java/dev/agentsid/MCPMiddleware.java), [sdk-python/agentsid/middleware.py](https://github.com/AgentsID-dev/agentsid/blob/main/sdk-python/agentsid/middleware.py)\n\n**Python MCP Middleware Pattern:**\n\n```python\nfrom agentsid.middleware import MCPMiddleware\n\nclass ProtectedNotesServer:\n def __init__(self, agentsid_client):\n self.middleware = MCPMiddleware(agentsid_client)\n \n async def handle_tool_call(self, tool_name: str, params: dict):\n # Validate before execution\n result = await self.middleware.validate(tool_name, params)\n if not result.allowed:\n raise PermissionError(f\"Tool '{tool_name}' is not permitted\")\n \n # Proceed with tool execution\n return await self.execute_tool(tool_name, params)\n```\n\n资料来源:[sdk-python/agentsid/middleware.py](https://github.com/AgentsID-dev/agentsid/blob/main/sdk-python/agentsid/middleware.py)\n\n## Audit Logging\n\n### Retrieving Audit Logs\n\nThe SDK provides access to the complete audit trail for agent activities:\n\n```typescript\nconst log = await aid.getAuditLog();\nconsole.log('Audit events:', log.entries.length);\n```\n\n**Response Schema:**\n\n```json\n{\n \"entries\": [\n {\n \"id\": 42,\n \"agent_id\": \"agt_7x9k2mNpQ4rS1tUv\",\n \"action\": \"tool_call\",\n \"tool\": \"save_memory\",\n \"params\": { \"category\": \"note\" },\n \"decision\": \"allowed\",\n \"ip_address\": \"203.0.113.42\",\n \"user_agent\": \"MyApp/1.0\",\n \"created_at\": \"2026-03-25T14:30:00+00:00\"\n }\n ],\n \"pagination\": {\n \"cursor\": \"eyJpZCI6NDJ9\",\n \"has_more\": true\n }\n}\n```\n\n资料来源:[web/src/pages/guides.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/guides.tsx), [web/src/pages/docs.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/docs.tsx)\n\n### Verifying Audit Integrity\n\nThe audit system supports cryptographic verification to detect tampering:\n\n```typescript\nconst verification = await aid.verifyAuditLog();\nif (!verification.verified) {\n console.error('Chain broken at entry:', verification.broken_at_id);\n}\n```\n\n**Verification Response (intact chain):**\n\n```json\n{\n \"verified\": true,\n \"entries_checked\": 1523,\n \"message\": \"Integrity chain verified -- all entries match their Merkle proofs\"\n}\n```\n\n**Verification Response (tampering detected):**\n\n```json\n{\n \"verified\": false,\n \"entries_checked\": 1523,\n \"broken_at_id\": 42,\n \"message\": \"Integrity chain broken at entry 42 -- possible tampering\"\n}\n```\n\n资料来源:[web/src/pages/docs.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/docs.tsx)\n\n## Delegation\n\nAgentsID supports hierarchical agent delegation, where one agent can create sub-agents with constrained permissions:\n\n```typescript\nconst delegate = await aid.delegate({\n parentAgentId: 'agt_parent',\n parentToken: 'aid_tok_...',\n childName: 'sub-researcher',\n childPermissions: ['search_memories'],\n ttlHours: 12\n});\n```\n\n**Constraints:**\n\n| Constraint Type | Parameters | Description |\n|-----------------|------------|-------------|\n| `rateLimit` | `max`, `windowSeconds`, `scope` | Maximum calls per time window |\n| `schedule` | `daysOfWeek`, `hoursUTC`, `timezone` | Time-based access windows |\n\n资料来源:[web/src/pages/docs.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/docs.tsx), [web/src/pages/spec.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/spec.tsx)\n\n## Usage Limits\n\nThe SDK exposes methods to monitor API usage against plan limits:\n\n```typescript\nconst usage = await aid.getUsage();\nconsole.log(`Events: ${usage.events_this_month}/${usage.events_limit}`);\nconsole.log(`Agents: ${usage.agents_active}/${usage.agents_limit}`);\nconsole.log(`Plan: ${usage.plan}`);\n```\n\n**Response Schema:**\n\n```json\n{\n \"events_this_month\": 1200,\n \"events_limit\": 10000,\n \"agents_active\": 5,\n \"agents_limit\": 25,\n \"plan\": \"free\"\n}\n```\n\n资料来源:[web/src/pages/docs.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/docs.tsx)\n\n## Error Handling\n\nThe SDK provides consistent error handling across all languages:\n\n| HTTP Code | Condition |\n|-----------|-----------|\n| `401` | Invalid or missing API key |\n| `403` | Permission scope violation or delegation constraint breach |\n| `404` | Resource not found (agent, token, etc.) |\n| `429` | Rate limit exceeded |\n\n**Token Validation Errors:**\n\nAll token validation failures return intentionally generic messages to prevent information leakage:\n\n```json\n{\n \"valid\": false,\n \"reason\": \"Token validation failed\"\n}\n```\n\n资料来源:[web/src/pages/docs.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/docs.tsx)\n\n## Quick Reference\n\n### Installation Commands\n\n| Language | Command |\n|----------|---------|\n| TypeScript | `npm install @agentsid/sdk` |\n| Python | `pip install agentsid` |\n| Ruby | `gem install agentsid` |\n| Java | Add to Maven or Gradle dependencies |\n\n资料来源:[web/src/pages/landing.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/landing.tsx)\n\n### Environment Variables\n\n| Variable | Description |\n|----------|-------------|\n| `AGENTSID_PROJECT_KEY` | Your project API key (`aid_proj_...`) |\n| `AGENTSID_AGENT_TOKEN` | Agent authentication token (`aid_tok_...`) |\n| `AGENTSID_URL` | API endpoint (defaults to `https://agentsid.dev`) |\n\n资料来源:[web/src/pages/guides.tsx](https://github.com/AgentsID-dev/agentsid/blob/main/web/src/pages/guides.tsx)\n\n---\n\n---\n\n## Doramagic 踩坑日志\n\n项目:AgentsID-dev/agentsid\n\n摘要:发现 7 个潜在踩坑项,其中 0 个为 high/blocking;最高优先级:身份坑 - 仓库名和安装名不一致。\n\n## 1. 身份坑 · 仓库名和安装名不一致\n\n- 严重度:medium\n- 证据强度:runtime_trace\n- 发现:仓库名 `agentsid` 与安装入口 `@agentsid/sdk` 不完全一致。\n- 对用户的影响:用户照着仓库名搜索包或照着包名找仓库时容易走错入口。\n- 建议检查:在 npm/PyPI/GitHub 上确认包名映射和官方 README 说明。\n- 复现命令:`npm install @agentsid/sdk`\n- 防护动作:页面必须同时展示 repo 名和真实安装入口,避免用户搜索错包。\n- 证据:identity.distribution | github_repo:1192733106 | https://github.com/AgentsID-dev/agentsid | repo=agentsid; install=@agentsid/sdk\n\n## 2. 能力坑 · 能力判断依赖假设\n\n- 严重度:medium\n- 证据强度:source_linked\n- 发现:README/documentation is current enough for a first validation pass.\n- 对用户的影响:假设不成立时,用户拿不到承诺的能力。\n- 建议检查:将假设转成下游验证清单。\n- 防护动作:假设必须转成验证项;没有验证结果前不能写成事实。\n- 证据:capability.assumptions | github_repo:1192733106 | https://github.com/AgentsID-dev/agentsid | README/documentation is current enough for a first validation pass.\n\n## 3. 维护坑 · 维护活跃度未知\n\n- 严重度:medium\n- 证据强度:source_linked\n- 发现:未记录 last_activity_observed。\n- 对用户的影响:新项目、停更项目和活跃项目会被混在一起,推荐信任度下降。\n- 建议检查:补 GitHub 最近 commit、release、issue/PR 响应信号。\n- 防护动作:维护活跃度未知时,推荐强度不能标为高信任。\n- 证据:evidence.maintainer_signals | github_repo:1192733106 | https://github.com/AgentsID-dev/agentsid | last_activity_observed missing\n\n## 4. 安全/权限坑 · 下游验证发现风险项\n\n- 严重度:medium\n- 证据强度:source_linked\n- 发现:no_demo\n- 对用户的影响:下游已经要求复核,不能在页面中弱化。\n- 建议检查:进入安全/权限治理复核队列。\n- 防护动作:下游风险存在时必须保持 review/recommendation 降级。\n- 证据:downstream_validation.risk_items | github_repo:1192733106 | https://github.com/AgentsID-dev/agentsid | no_demo; severity=medium\n\n## 5. 安全/权限坑 · 存在评分风险\n\n- 严重度:medium\n- 证据强度:source_linked\n- 发现:no_demo\n- 对用户的影响:风险会影响是否适合普通用户安装。\n- 建议检查:把风险写入边界卡,并确认是否需要人工复核。\n- 防护动作:评分风险必须进入边界卡,不能只作为内部分数。\n- 证据:risks.scoring_risks | github_repo:1192733106 | https://github.com/AgentsID-dev/agentsid | no_demo; severity=medium\n\n## 6. 维护坑 · issue/PR 响应质量未知\n\n- 严重度:low\n- 证据强度:source_linked\n- 发现:issue_or_pr_quality=unknown。\n- 对用户的影响:用户无法判断遇到问题后是否有人维护。\n- 建议检查:抽样最近 issue/PR,判断是否长期无人处理。\n- 防护动作:issue/PR 响应未知时,必须提示维护风险。\n- 证据:evidence.maintainer_signals | github_repo:1192733106 | https://github.com/AgentsID-dev/agentsid | issue_or_pr_quality=unknown\n\n## 7. 维护坑 · 发布节奏不明确\n\n- 严重度:low\n- 证据强度:source_linked\n- 发现:release_recency=unknown。\n- 对用户的影响:安装命令和文档可能落后于代码,用户踩坑概率升高。\n- 建议检查:确认最近 release/tag 和 README 安装命令是否一致。\n- 防护动作:发布节奏未知或过期时,安装说明必须标注可能漂移。\n- 证据:evidence.maintainer_signals | github_repo:1192733106 | https://github.com/AgentsID-dev/agentsid | release_recency=unknown\n\n\n", "summary": "DeepWiki/Human Wiki 完整输出,末尾追加 Discovery Agent 踩坑日志。", "title": "Human Manual / 人类版说明书" }, "pitfall_log": { "asset_id": "pitfall_log", "filename": "PITFALL_LOG.md", "markdown": "# Pitfall Log / 踩坑日志\n\n项目:AgentsID-dev/agentsid\n\n摘要:发现 7 个潜在踩坑项,其中 0 个为 high/blocking;最高优先级:身份坑 - 仓库名和安装名不一致。\n\n## 1. 身份坑 · 仓库名和安装名不一致\n\n- 严重度:medium\n- 证据强度:runtime_trace\n- 发现:仓库名 `agentsid` 与安装入口 `@agentsid/sdk` 不完全一致。\n- 对用户的影响:用户照着仓库名搜索包或照着包名找仓库时容易走错入口。\n- 建议检查:在 npm/PyPI/GitHub 上确认包名映射和官方 README 说明。\n- 复现命令:`npm install @agentsid/sdk`\n- 防护动作:页面必须同时展示 repo 名和真实安装入口,避免用户搜索错包。\n- 证据:identity.distribution | github_repo:1192733106 | https://github.com/AgentsID-dev/agentsid | repo=agentsid; install=@agentsid/sdk\n\n## 2. 能力坑 · 能力判断依赖假设\n\n- 严重度:medium\n- 证据强度:source_linked\n- 发现:README/documentation is current enough for a first validation pass.\n- 对用户的影响:假设不成立时,用户拿不到承诺的能力。\n- 建议检查:将假设转成下游验证清单。\n- 防护动作:假设必须转成验证项;没有验证结果前不能写成事实。\n- 证据:capability.assumptions | github_repo:1192733106 | https://github.com/AgentsID-dev/agentsid | README/documentation is current enough for a first validation pass.\n\n## 3. 维护坑 · 维护活跃度未知\n\n- 严重度:medium\n- 证据强度:source_linked\n- 发现:未记录 last_activity_observed。\n- 对用户的影响:新项目、停更项目和活跃项目会被混在一起,推荐信任度下降。\n- 建议检查:补 GitHub 最近 commit、release、issue/PR 响应信号。\n- 防护动作:维护活跃度未知时,推荐强度不能标为高信任。\n- 证据:evidence.maintainer_signals | github_repo:1192733106 | https://github.com/AgentsID-dev/agentsid | last_activity_observed missing\n\n## 4. 安全/权限坑 · 下游验证发现风险项\n\n- 严重度:medium\n- 证据强度:source_linked\n- 发现:no_demo\n- 对用户的影响:下游已经要求复核,不能在页面中弱化。\n- 建议检查:进入安全/权限治理复核队列。\n- 防护动作:下游风险存在时必须保持 review/recommendation 降级。\n- 证据:downstream_validation.risk_items | github_repo:1192733106 | https://github.com/AgentsID-dev/agentsid | no_demo; severity=medium\n\n## 5. 安全/权限坑 · 存在评分风险\n\n- 严重度:medium\n- 证据强度:source_linked\n- 发现:no_demo\n- 对用户的影响:风险会影响是否适合普通用户安装。\n- 建议检查:把风险写入边界卡,并确认是否需要人工复核。\n- 防护动作:评分风险必须进入边界卡,不能只作为内部分数。\n- 证据:risks.scoring_risks | github_repo:1192733106 | https://github.com/AgentsID-dev/agentsid | no_demo; severity=medium\n\n## 6. 维护坑 · issue/PR 响应质量未知\n\n- 严重度:low\n- 证据强度:source_linked\n- 发现:issue_or_pr_quality=unknown。\n- 对用户的影响:用户无法判断遇到问题后是否有人维护。\n- 建议检查:抽样最近 issue/PR,判断是否长期无人处理。\n- 防护动作:issue/PR 响应未知时,必须提示维护风险。\n- 证据:evidence.maintainer_signals | github_repo:1192733106 | https://github.com/AgentsID-dev/agentsid | issue_or_pr_quality=unknown\n\n## 7. 维护坑 · 发布节奏不明确\n\n- 严重度:low\n- 证据强度:source_linked\n- 发现:release_recency=unknown。\n- 对用户的影响:安装命令和文档可能落后于代码,用户踩坑概率升高。\n- 建议检查:确认最近 release/tag 和 README 安装命令是否一致。\n- 防护动作:发布节奏未知或过期时,安装说明必须标注可能漂移。\n- 证据:evidence.maintainer_signals | github_repo:1192733106 | https://github.com/AgentsID-dev/agentsid | release_recency=unknown\n", "summary": "用户实践前最可能遇到的身份、安装、配置、运行和安全坑。", "title": "Pitfall Log / 踩坑日志" }, "prompt_preview": { "asset_id": "prompt_preview", "filename": "PROMPT_PREVIEW.md", "markdown": "# agentsid - Prompt Preview\n\n> 复制下面这段 Prompt 到你常用的 AI,先试一次,不需要安装。\n> 它的目标是让你直接体验这个项目的服务方式,而不是阅读项目介绍。\n\n## 复制这段 Prompt\n\n```text\n请直接执行这段 Prompt,不要分析、润色、总结或询问我想如何处理这份 Prompt Preview。\n\n你现在扮演 agentsid 的“安装前体验版”。\n这不是项目介绍、不是评价报告、不是 README 总结。你的任务是让我用最小成本体验它的核心服务。\n\n我的试用任务:我想检查一个 AI 工具或 Agent 工作流在权限、提示注入和数据泄露上的风险。\n我常用的宿主 AI:MCP Client\n\n【体验目标】\n围绕我的真实任务,现场演示这个项目如何把输入转成 示例引导, 判断线索。重点是让我感受到工作方式,而不是给我项目背景。\n\n【业务流约束】\n- 你必须像一个正在提供服务的项目能力包,而不是像一个讲解员。\n- 每一轮只推进一个步骤;提出问题后必须停下来等我回答。\n- 每一步都必须让我感受到一个具体服务动作:澄清、整理、规划、检查、判断或收尾。\n- 每一步都要说明:当前目标、你需要我提供什么、我回答后你会产出什么。\n- 不要安装、不要运行命令、不要写代码、不要声称测试通过、不要声称已经修改文件。\n- 需要真实安装或宿主加载后才能验证的内容,必须明确说“这一步需要安装后验证”。\n- 如果我说“用示例继续”,你可以用虚构示例推进,但仍然不能声称真实执行。\n\n【可体验服务能力】\n- 安装前能力预览: Identity, permissions, and audit for AI agents. The Auth0 for the agent economy. 输入:用户任务, 当前 AI 对话上下文;输出:示例引导, 判断线索。\n\n【必须安装后才可验证的能力】\n- 命令行启动或安装流程: 项目文档中存在可执行命令,真实使用需要在本地或宿主环境中运行这些命令。 输入:终端环境, 包管理器, 项目依赖;输出:安装结果, 列表/更新/运行结果。\n\n【核心服务流】\n请严格按这个顺序带我体验。不要一次性输出完整流程:\n1. project-introduction:Project Introduction。围绕“Project Introduction”模拟一次用户任务,不展示安装或运行结果。\n2. quick-start-guide:Quick Start Guide。围绕“Quick Start Guide”模拟一次用户任务,不展示安装或运行结果。\n3. high-level-architecture:High-Level Architecture。围绕“High-Level Architecture”模拟一次用户任务,不展示安装或运行结果。\n4. permission-system:Deny-First Permission System。围绕“Deny-First Permission System”模拟一次用户任务,不展示安装或运行结果。\n5. token-authentication:Token Authentication and Security。围绕“Token Authentication and Security”模拟一次用户任务,不展示安装或运行结果。\n\n【核心能力体验剧本】\n每一步都必须按“输入 -> 服务动作 -> 中间产物”执行。不要只说流程名:\n1. project-introduction\n输入:用户提供的“Project Introduction”相关信息。\n服务动作:模拟项目在这一步的核心判断和整理方式。\n中间产物:一个可检查的小结果。\n\n2. quick-start-guide\n输入:用户提供的“Quick Start Guide”相关信息。\n服务动作:模拟项目在这一步的核心判断和整理方式。\n中间产物:一个可检查的小结果。\n\n3. high-level-architecture\n输入:用户提供的“High-Level Architecture”相关信息。\n服务动作:模拟项目在这一步的核心判断和整理方式。\n中间产物:一个可检查的小结果。\n\n4. permission-system\n输入:用户提供的“Deny-First Permission System”相关信息。\n服务动作:模拟项目在这一步的核心判断和整理方式。\n中间产物:一个可检查的小结果。\n\n5. token-authentication\n输入:用户提供的“Token Authentication and Security”相关信息。\n服务动作:模拟项目在这一步的核心判断和整理方式。\n中间产物:一个可检查的小结果。\n\n【项目服务规则】\n这些规则决定你如何服务用户。不要解释规则本身,而要在每一步执行时遵守:\n- 先确认用户任务、输入材料和成功标准,再模拟项目能力。\n- 每一步都必须形成可检查的小产物,并等待用户确认后再继续。\n- 凡是需要安装、调用工具或访问外部服务的能力,都必须标记为安装后验证。\n\n【每一步的服务约束】\n- Step 1 / project-introduction:Step 1 必须围绕“Project Introduction”形成一个小中间产物,并等待用户确认。\n- Step 2 / quick-start-guide:Step 2 必须围绕“Quick Start Guide”形成一个小中间产物,并等待用户确认。\n- Step 3 / high-level-architecture:Step 3 必须围绕“High-Level Architecture”形成一个小中间产物,并等待用户确认。\n- Step 4 / permission-system:Step 4 必须围绕“Deny-First Permission System”形成一个小中间产物,并等待用户确认。\n- Step 5 / token-authentication:Step 5 必须围绕“Token Authentication and Security”形成一个小中间产物,并等待用户确认。\n\n【边界与风险】\n- 不要声称已经安装、运行、调用 API、读写本地文件或完成真实任务。\n- 安装前预览只能展示工作方式,不能证明兼容性、性能或输出质量。\n- 涉及安装、插件加载、工具调用或外部服务的能力必须安装后验证。\n\n【可追溯依据】\n这些路径只用于你内部校验或在我追问“依据是什么”时简要引用。不要在首次回复主动展开:\n- https://github.com/AgentsID-dev/agentsid\n- https://github.com/AgentsID-dev/agentsid#readme\n- README.md\n- PRODUCT.md\n- sdk-typescript/src/index.ts\n- sdk-python/agentsid/__init__.py\n- ARCHITECTURE.md\n- server/src/app.py\n- server/src/api\n- server/src/services/permission.py\n- server/src/api/permissions.py\n- server/src/core/validators.py\n\n【首次问题规则】\n- 首次三问必须先确认用户目标、成功标准和边界,不要提前进入工具、安装或实现细节。\n- 如果后续需要技术条件、文件路径或运行环境,必须等用户确认目标后再追问。\n\n首次回复必须只输出下面 4 个部分:\n1. 体验开始:用 1 句话说明你将带我体验 agentsid 的核心服务。\n2. 当前步骤:明确进入 Step 1,并说明这一步要解决什么。\n3. 你会如何服务我:说明你会先改变我完成任务的哪个动作。\n4. 只问我 3 个问题,然后停下等待回答。\n\n首次回复禁止输出:后续完整流程、证据清单、安装命令、项目评价、营销文案、已经安装或运行的说法。\n\nStep 1 / brainstorming 的二轮协议:\n- 我回答首次三问后,你仍然停留在 Step 1 / brainstorming,不要进入 Step 2。\n- 第二次回复必须产出 6 个部分:澄清后的任务定义、成功标准、边界条件、\n 2-3 个可选方案、每个方案的权衡、推荐方案。\n- 第二次回复最后必须问我是否确认推荐方案;只有我明确确认后,才能进入下一步。\n- 第二次回复禁止输出 git worktree、代码计划、测试文件、命令或真实执行结果。\n\n后续对话规则:\n- 我回答后,你先完成当前步骤的中间产物并等待确认;只有我确认后,才能进入下一步。\n- 每一步都要生成一个小的中间产物,例如澄清后的目标、计划草案、测试意图、验证清单或继续/停止判断。\n- 所有演示都写成“我会建议/我会引导/这一步会形成”,不要写成已经真实执行。\n- 不要声称已经测试通过、文件已修改、命令已运行或结果已产生。\n- 如果某个能力必须安装后验证,请直接说“这一步需要安装后验证”。\n- 如果证据不足,请明确说“证据不足”,不要补事实。\n```\n", "summary": "不安装项目也能感受能力节奏的安全试用 Prompt。", "title": "Prompt Preview / 安装前试用 Prompt" }, "quick_start": { "asset_id": "quick_start", "filename": "QUICK_START.md", "markdown": "# Quick Start / 官方入口\n\n项目:AgentsID-dev/agentsid\n\n## 官方安装入口\n\n### Node.js / npm · 官方安装入口\n\n```bash\nnpm install @agentsid/sdk\n```\n\n来源:https://github.com/AgentsID-dev/agentsid#readme\n\n## 来源\n\n- repo: https://github.com/AgentsID-dev/agentsid\n- docs: https://github.com/AgentsID-dev/agentsid#readme\n", "summary": "从项目官方 README 或安装文档提取的开工入口。", "title": "Quick Start / 官方入口" } }, "validation_id": "dval_a6b12782ee8948708b9ee92af309b07d" }