Related Pages

Related topics: Quick Start Guide, High-Level Architecture

Project Introduction

AgentsID is an identity, permissions, and audit infrastructure platform designed specifically for AI agents. Positioned as "The Auth0 for the agent economy," it provides a standardized way to identify AI agents, control what actions they can perform, and maintain complete audit trails of their activities.

Overview

AI agents are increasingly accessing databases, sending emails, calling APIs, and making purchases on behalf of users. However, there has been no standard way to identify these agents, limit their capabilities, or trace their actions back to the humans who authorized them.

AgentsID solves this fundamental infrastructure gap by providing:

• Identity management for AI agents
• Permission controls to restrict tool access
• Audit logging with tamper-evident hash chains
• Security scanning for MCP (Model Context Protocol) servers

Sources: README.md:1-20

The Problem

Current AI agent deployments suffer from significant security and visibility gaps:

Sources: README.md:25-29

Why Traditional Auth Fails

Auth0 and similar identity platforms were designed for human users, not autonomous AI agents. AgentsID specifically addresses the unique requirements of agent-to-tool interactions, including:

• Machine-to-machine authentication
• Granular tool-level permissions
• Audit trails that capture the full context of agent decisions
• Integration with MCP servers without requiring developers to build custom auth

Core Concepts

Projects

A project is the fundamental organizational unit in AgentsID. Each project contains:

• Agent definitions
• Permission rules
• Audit logs
• API credentials (project key)

Projects are created via CLI with the init command or through the dashboard. Each project receives a unique project key (prefixed with aid_proj_) that servers use to communicate with the AgentsID API.

$ npx agentsid init "My Production App"
Creating project "My Production App"...
Project created successfully!

  Project ID:  proj_a1b2c3d4e5f6
  API Key:     aid_proj_xR7kM2pQ9...
  Plan:        free

Sources: web/src/pages/guides.tsx:1-15, web/src/pages/docs.tsx:1-12

Agents

An agent is an AI-powered entity registered within a project. Each agent:

• Has a unique agent ID (prefixed with agt_)
• Receives an authentication token (prefixed with aid_tok_)
• Operates on behalf of a human user
• Has specific tool permissions assigned

Agents are registered using the CLI:

$ npx agentsid register-agent --name "Email Assistant" --on-behalf-of "user_abc123" --permissions "send_email,read_contacts" --ttl 24
Agent registered!

  Agent ID:   agt_7x9k2mNpQ4rS1tUv
  Token:      aid_tok_eyJzdWIiOi...
  Expires:    2026-03-26T14:30:00Z

Sources: web/src/pages/docs.tsx:15-35

Permissions

AgentsID uses a pattern-based permission system. Permission rules are defined as tool name patterns with an allow or deny action:

Sources: web/src/pages/docs.tsx:100-115

Default behavior is deny-all — if no rule matches a tool call, the request is blocked. This fail-closed approach ensures that agents can only access tools explicitly permitted.

Audit Logs

Every tool call made through AgentsID generates an audit log entry containing:

• Timestamp
• Agent ID
• Tool name
• Action (ALLOW/DENY)
• Result (success/blocked)
• Delegating user ID
• Parameters passed
• Error messages (if any)

The audit system maintains a SHA-256 hash chain where each entry is cryptographically linked to its predecessor. The first entry uses "genesis" as its initial previous hash value.

Sources: web/src/pages/docs.tsx:120-135

Architecture

System Flow

graph TD
    A[Your Application] -->|Tool Call| B[AgentsID SDK]
    B -->|Validate + Log| C[AgentsID API]
    C -->|Check Permissions| D[Permission Engine]
    D -->|Allow/Deny| C
    C -->|Audit Entry| E[(Audit Log DB)]
    C -->|Response| B
    B -->|Result| A
    
    F[Dashboard] -->|Manage| G[Projects & Agents]
    F -->|View| E
    H[Scanner] -->|Security Audit| G

SDK Integration

AgentsID provides a lightweight SDK approach with a 200-line bash hook. The integration philosophy emphasizes:

"No SDK to learn, no language runtime to match. If your agent can run a shell script before a tool call, AgentsID works."

Sources: web/src/pages/landing.tsx:1-50

Available SDK packages:

Registry and Scanner

The platform maintains a public registry of MCP servers that have been security-scanned. Each server receives a security grade based on findings:

graph LR
    A[MCP Server] -->|Scan| B[AgentsID Scanner]
    B -->|Findings| C[Grade Calculator]
    C -->|Grade A-F| D[Public Registry]
    C -->|Recommendations| E[Dashboard]

The scanner analyzes servers for:

• Authentication mechanisms
• Dangerous patterns
• Deceptive language
• Invisible characters
• Context weighting issues

Sources: web/src/pages/research.tsx:1-30, web/src/pages/grade.tsx:1-40

Key Features

Security and Privacy

AgentsID implements privacy-first data practices:

Sources: web/src/pages/privacy.tsx:20-35

CLI Commands

Usage: npx agentsid <command>

Sources: web/src/pages/docs.tsx:1-90

Acceptable Use

AgentsID permits any lawful use but explicitly prohibits:

• Platform abuse (malformed requests, resource exhaustion)
• Security circumvention (bypassing HMAC verification, tampering with audit logs)
• Illegal agent registrations
• Unauthorized data scraping
• White-label resale without agreement
• Impersonation of AgentsID

Sources: web/src/pages/terms.tsx:1-50

Quick Start

To integrate AgentsID into your application:

# Step 1: Install the setup CLI
$ npx @agentsid/setup@latest

# Step 2: Initialize a project
$ npx agentsid init "My Protected Server"

# Step 3: Install the SDK
$ npm install @agentsid/sdk

# Step 4: Register an agent
$ npx agentsid register-agent --name "My Agent" --on-behalf-of "user_id"

# Step 5: Integrate the bash hook before tool calls

The AgentsID hook can be embedded directly into your agent's tool-calling workflow, requiring no SDK dependencies in your agent code.

Sources: web/src/pages/landing.tsx:35-55, web/src/pages/guides.tsx:20-60

Platform Components

All research and scanner tools are open source and available on GitHub.

Sources: web/src/pages/research.tsx:25-35

Data Flow Summary

sequenceDiagram
    participant User
    participant Agent
    participant SDK
    participant AgentsID
    participant Tool
    
    User->>Agent: Authorize action
    Agent->>SDK: Call tool (e.g., send_email)
    SDK->>AgentsID: Validate request
    AgentsID->>AgentsID: Check permissions
    Alt Permission granted
        AgentsID->>Tool: Forward request
        Tool->>AgentsID: Response
        AgentsID->>SDK: Allow + log
        SDK->>Agent: Success
        Agent->>User: Result
    Else Permission denied
        AgentsID->>SDK: Block
        SDK->>Agent: Blocked response
        Agent->>User: Move on
    end

Summary

AgentsID addresses a critical gap in the AI agent ecosystem by providing:

1. Standardized identity for AI agents operating across different platforms
2. Fine-grained permissions with pattern-based rules and fail-closed defaults
3. Tamper-evident audit trails using cryptographic hash chains
4. Security visibility through automated MCP server scanning
5. Privacy compliance with minimal data collection and opt-in analytics

By treating AI agents as first-class principals in your security model, AgentsID enables organizations to deploy AI agents with the same confidence and controls they have for human users.

Sources: README.md:15-25, web/src/pages/privacy.tsx:30-45

Related Pages

Related topics: Project Introduction, Multi-Language SDKs

Quick Start Guide

This guide provides everything you need to integrate AgentsID into your AI agent workflow. AgentsID is an agent identity and permission management platform that allows you to register agents, define tool permissions, and audit all agent activity through a tamper-proof chain.

Prerequisites

Before starting, ensure you have:

Sources: web/src/pages/landing.tsx:1-50

Installation

Using the Setup Command (Recommended)

The fastest way to get started is using the official setup script:

npx @agentsid/setup@latest

Sources: web/src/pages/landing.tsx:50-80

Using NPM/Yarn Directly

Alternatively, install the SDK directly into your project:

npm install @agentsid/sdk
# or
yarn add @agentsid/sdk

Sources: web/src/pages/guides.tsx:1-100

Quick Start Workflow

graph TD
    A[Create Project] --> B[Get API Key]
    B --> C[Install SDK]
    C --> D[Register Agent]
    D --> E[Define Permissions]
    E --> F[Integrate Hook]
    F --> G[Monitor via Audit Trail]

Sources: web/src/pages/guides.tsx:100-200

Step-by-Step Setup

Step 1: Create a Project

Initialize a new AgentsID project using the CLI:

npx agentsid init "My Production App"

Expected output:

Creating project "My Production App"...
Project created successfully!

  Project ID:  proj_a1b2c3d4e5f6
  API Key:     aid_proj_xR7kM2pQ9...
  Plan:        free

  Store your API key securely. It will not be shown again.

Sources: web/src/pages/docs.tsx:1-80

Step 2: Copy Your Project Key

After project creation, retrieve your project key from the dashboard at agentsid.dev/dashboard. The key format is aid_proj_xxx....

Sources: web/src/pages/guides.tsx:200-300

Step 3: Install the SDK

npm install @agentsid/sdk

This lightweight library handles:

• Communication with AgentsID API
• Token validation
• Event logging
• Permission enforcement

Sources: web/src/pages/guides.tsx:300-400

Step 4: Register an Agent

Agents represent the AI entities in your system. Register them to receive authentication tokens:

import { AgentsID } from '@agentsid/sdk';

const client = new AgentsID({
  projectKey: 'aid_proj_your_key_here',
});

const { agent, token, tokenId, expiresAt } = await client.registerAgent({
  name: 'production-claude',
  onBehalfOf: 'user_abc123',
  permissions: ['search_notes', 'save_note', 'list_notes'],
  ttlHours: 24,
  metadata: { version: '1.0.0' }
});

Sources: web/src/pages/docs.tsx:80-150

Step 5: Configure MCP Server

For Claude Code or Cursor integration, create a server configuration:

// server.mjs
import { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
import { z } from 'zod';
import { AgentsID } from '@agentsid/sdk';

const client = new AgentsID({ projectKey: process.env.AGENTSID_PROJECT_KEY });

const server = new McpServer({
  name: 'my-notes-server',
  version: '1.0.0'
});

server.tool(
  'save_note',
  'Create a new note',
  { content: z.string(), title: z.string() },
  async ({ content, title }) => {
    const result = await client.check({
      agentToken: process.env.AGENTSID_AGENT_TOKEN,
      tool: 'save_note',
      parameters: { content, title }
    });
    
    if (!result.allowed) {
      return { content: `Tool call blocked: ${result.reason}` };
    }
    
    // Execute tool logic here
    return { content: 'Note saved successfully' };
  }
);

Sources: web/src/pages/guides.tsx:400-500

Step 6: Add to IDE Configuration

For Cursor, edit .cursor/mcp.json:

{
  "mcpServers": {
    "my-notes-server": {
      "command": "node",
      "args": ["server.mjs"],
      "env": {
        "AGENTSID_PROJECT_KEY": "aid_proj_your_key_here",
        "AGENTSID_AGENT_TOKEN": "at_your_token_here"
      }
    }
  }
}

Sources: web/src/pages/guides.tsx:500-600

Agent Management API

SDK Methods Reference

Sources: web/src/pages/docs.tsx:150-200

CLI Commands

Sources: web/src/pages/landing.tsx:80-120

Permission Configuration

Default Permission States

Sources: web/src/pages/guides.tsx:600-700

The agent has access to all five tools, but AgentsID will block any attempt to use delete_note or admin_reset. The agent doesn't even know it's being restricted—it just gets a "blocked" response.

Audit Trail

Viewing Audit Logs

The dashboard provides a real-time feed of all agent activity:

graph LR
    A[Tool Call] --> B[AgentsID API]
    B --> C{Allowed?}
    C -->|Yes| D[Execute Tool]
    C -->|No| E[Block & Log]
    D --> F[Create Audit Entry]
    E --> F
    F --> G[Update Hash Chain]

Sources: web/src/pages/components/dashboard/AuditFeed.tsx:1-60

Audit Entry Structure

Each entry in the audit log contains:

{
  "entryId": "entry_abc123",
  "timestamp": "2026-03-29T12:34:56.789Z",
  "agentId": "agent_def456",
  "delegationId": "del_xyz789",
  "tool": "github.push_files",
  "parameters": { "owner": "myorg", "repo": "myrepo", "branch": "main" },
  "decision": "allow",
  "matchedRule": 2,
  "constraintsEvaluated": ["rateLimit", "schedule"],
  "durationMs": 3,
  "prevEntryHash": "sha256:e3b0c44298fc1c149afb...",
  "entryHash": "sha256:a665a45920422f9d417e..."
}

Sources: web/src/pages/spec.tsx:1-80

Chain Verification

AgentsID implements a hash chain for tamper detection:

entryHash = SHA-256(canonicalize(entry with entryHash=null))
// First entry uses prevEntryHash: "genesis"

Sources: web/src/pages/spec.tsx:80-120

Verification API

curl "https://api.agentsid.dev/api/v1/audit/verify" \
  -H "Authorization: Bearer aid_proj_xR7kM2pQ9..."

Response (chain intact):

{
  "verified": true,
  "entries_checked": 1523,
  "message": "Integrity chain verified"
}

Response (chain broken):

{
  "verified": false,
  "entries_checked": 1523,
  "broken_at_id": 42,
  "message": "Integrity chain broken at entry 42 -- possible tampering"
}

Sources: web/src/pages/docs.tsx:200-280

Security & Privacy

Data Handling

Sources: web/src/pages/privacy.tsx:1-100

Key Security Points

• No raw API keys stored — Only hashed versions are retained
• Analytics opt-in only — Gated behind cookie consent banner
• No data selling — Explicitly prohibited in privacy policy
• GDPR compliance — Full data export and deletion capabilities

Sources: web/src/pages/privacy.tsx:100-200

Dashboard Overview

Main Features

Sources: web/src/components/dashboard/OverviewTab.tsx:1-100

Activity Feed Display

The audit feed displays:

• Tool — Name of the tool called
• Decision — allow or deny
• Timestamp — Full ISO 8601 format
• Agent ID — Registered agent identifier
• Delegation Chain — If sub-agents are involved

Sources: web/src/components/dashboard/AuditFeed.tsx:60-140

Next Steps

After completing this guide:

1. Explore the Registry — View security grades of popular MCP tools at /registry
2. Read the Specification — Deep dive into the audit chain at /spec
3. Join Research — Access security research at /research
4. Subscribe to Updates — Get weekly security digests at /digest

Sources: web/src/pages/landing.tsx:120-180

Troubleshooting

Sources: web/src/pages/docs.tsx:280-350

Related Pages

Related topics: Project Introduction, Backend API Reference, Deny-First Permission System

High-Level Architecture

AgentsID is an identity, permissions, and audit infrastructure platform designed for AI agents. It functions as an authorization layer that sits between AI agents and the tools they execute, providing fine-grained access control, comprehensive audit logging, and tamper-evident verification capabilities.

System Overview

AgentsID implements a centralized authorization model where every tool invocation is validated against a configurable rule engine before execution is permitted. The system maintains a cryptographic hash chain of all audit entries to detect tampering and provides real-time visibility into agent activity through a web-based dashboard.

graph TD
    A["🤖 AI Agent"] --> B["AgentsID SDK / MCP Server"]
    B --> C["Validation Middleware"]
    C --> D{"Allowed?"}
    D -->|Yes| E["Execute Tool"]
    D -->|No| F["Block + Log"]
    C --> G["Audit Log Service"]
    G --> H["Hash Chain"]
    G --> I["Dashboard"]
    H --> J["Verification API"]

Core Components

1. SDK and Client Libraries

AgentsID provides multi-language SDKs for seamless integration into agent runtimes.

Sources: README.md:1-15

2. Agent Management API

The SDK exposes methods for registering and managing agents within a project.

Sources: web/src/pages/docs.tsx:1-80

3. Validation Middleware

The core security component intercepts tool calls and validates them against configured permissions. Every tool call goes through a validation function before execution.

graph LR
    A["Tool Call Request"] --> B["Extract agent_token"]
    B --> C["Call AgentsID API"]
    C --> D{"Decision?"}
    D -->|allow| E["Execute Tool"]
    D -->|deny| F["Return blocked"]

Sources: web/src/pages/guides.tsx:1-50

Audit Logging System

Entry Schema

Every tool invocation generates an immutable audit entry with the following structure:

{
  "entryId": "entry_abc123",
  "timestamp": "2026-03-29T12:34:56.789Z",
  "agentId": "agent_def456",
  "delegationId": "del_xyz789",
  "tool": "github.push_files",
  "parameters": { "owner": "myorg", "repo": "myrepo", "branch": "main" },
  "decision": "allow",
  "matchedRule": 2,
  "constraintsEvaluated": ["rateLimit", "schedule"],
  "durationMs": 3,
  "prevEntryHash": "sha256:e3b0c44298fc1c149afb...",
  "entryHash": "sha256:a665a45920422f9d417e..."
}

Sources: web/src/pages/spec.tsx:1-50

Hash Chain Integrity

The audit log uses a cryptographic hash chain to ensure tamper-evidence. Each entry's hash includes the previous entry's hash, creating an immutable chain.

entryHash = SHA-256(canonicalize(entry with entryHash=null))
// First entry uses prevEntryHash: "genesis"

Verification process iterates through entries and validates the hash chain:

function verifyChain(entries: AuditEntry[]): boolean {
  for (let i = 1; i < entries.length; i++) {
    const prev = entries[i - 1]
    // Verify prevEntryHash matches previous entryHash
  }
}

Sources: web/src/pages/spec.tsx:1-50

Audit Feed Component

The dashboard's AuditFeed component displays audit entries with delegation chain visualization:

Sources: web/src/components/dashboard/AuditFeed.tsx:1-60

Permission and Constraint Engine

Supported Constraint Types

The system supports multiple constraint types for fine-grained control:

Sources: web/src/pages/spec.tsx:1-80

Example Permission Matrix

Sources: web/src/pages/guides.tsx:50-100

API Endpoints

Verification Endpoint

GET /api/v1/audit/verify
Authorization: Bearer <project_key>

Response 200 OK (chain intact):

{
  "verified": true,
  "entries_checked": 1523,
  "message": "Integrity chain verified"
}

Response 200 OK (chain broken):

{
  "verified": false,
  "entries_checked": 1523,
  "broken_at_id": 42,
  "message": "Integrity chain broken at entry 42 -- possible tampering"
}

Usage Endpoint

GET /api/v1/audit/usage
Authorization: Bearer <project_key>

Response:

{
  "events_this_month": 1200,
  "events_limit": 10000,
  "agents_active": 5,
  "agents_limit": 25,
  "plan": "free"
}

Sources: web/src/pages/docs.tsx:1-120

Model Context Protocol (MCP) Integration

AgentsID supports integration with MCP-compatible AI tools like Claude Code and Cursor through environment variable configuration:

{
  "mcpServers": {
    "my-notes-server": {
      "command": "node",
      "args": ["server.mjs"],
      "env": {
        "AGENTSID_PROJECT_KEY": "aid_proj_your_key_here",
        "AGENTSID_AGENT_TOKEN": "at_your_token_here"
      }
    }
  }
}

Sources: web/src/pages/guides.tsx:100-150

Data Flow

sequenceDiagram
    participant Agent as AI Agent
    participant SDK as AgentsID SDK
    participant API as AgentsID API
    participant Rules as Rule Engine
    participant Audit as Audit Service
    participant Hash as Hash Chain
    participant Dashboard as Web Dashboard

    Agent->>SDK: tool_call(tool_name, params)
    SDK->>API: validate(agent_token, tool_name, params)
    API->>Rules: evaluate(tool_name, constraints)
    Rules-->>API: allow/deny decision
    API-->>SDK: decision
    SDK-->>Agent: execute or block
    API->>Audit: log_entry(decision, metadata)
    Audit->>Hash: append_hash()
    Hash-->>Audit: hash_verified
    Dashboard->>API: fetch_entries()
    API-->>Dashboard: audit_feed

Dashboard Overview

The web dashboard provides real-time visibility into agent activity:

Sources: web/src/components/dashboard/OverviewTab.tsx:1-80

Security Model

Authentication

Projects use API keys with prefix aid_proj_ for authentication. Agent tokens use prefix at_ for individual agent authentication.

Data Privacy

Sources: web/src/pages/privacy.tsx:1-60

Research and Scanner

AgentsID maintains an open research initiative:

• 137,070 MCP servers scanned
• Findings documented and publicly available
• Scanner available via npx @agentsid/scanner

Sources: web/src/pages/research.tsx:1-30

Deployment Architecture

graph TD
    subgraph "Client Side"
        A[AI Agent]
        B[MCP Server]
        C[Custom Integration]
    end
    
    subgraph "AgentsID Cloud"
        D[API Gateway]
        E[Auth Service]
        F[Rule Engine]
        G[Audit Service]
        H[Hash Chain Service]
    end
    
    subgraph "Data Layer"
        I[(PostgreSQL)]
        J[(Redis Cache)]
    end
    
    A --> D
    B --> D
    C --> D
    D --> E
    E --> F
    F --> G
    G --> H
    G --> I
    H --> I
    D --> J

Summary

AgentsID provides a comprehensive identity and authorization layer for AI agents through:

1. Multi-language SDKs for easy integration
2. Fine-grained permission engine with 10+ constraint types
3. Tamper-evident audit logging via cryptographic hash chains
4. Real-time dashboard for activity monitoring
5. MCP protocol support for Cursor and Claude Code
6. Opt-in analytics respecting user privacy

The architecture prioritizes security through hash chain verification, least-privilege permissions, and cryptographically secure token management.

Related Pages

Related topics: Token Authentication and Security, Approval Gates and Webhooks

Deny-First Permission System

The Deny-First Permission System is the core security mechanism in AgentsID. It implements a "deny-first" security model where every tool call is blocked by default unless explicitly allowed through permission rules. This security paradigm ensures that AI agents have zero access to tools unless deliberately permitted, preventing unintended actions and providing granular control over agent capabilities.

Overview

The permission system provides fine-grained control over what tools an AI agent can invoke. By default, all tool access is denied, and administrators must create explicit "allow" rules to grant access. The system supports wildcards, conditions, priorities, schedules, rate limits, and approval gates to accommodate complex permission scenarios.

graph TD
    A[Tool Call Request] --> B{Permission Check}
    B -->|No Matching Rule| C[Default Deny]
    B -->|Matching Rule Found| D{Action = Allow?}
    D -->|Yes| E[Execute Tool]
    D -->|No| F[Deny Tool]
    E --> G[Log to Audit]
    F --> G
    C --> G

Sources: web/src/pages/spec.tsx:1-50

Permission Rule Structure

A permission policy is a structured JSON object that defines an agent's permissions. Each policy contains metadata and an array of permission rules.

Policy Format

{
  "version": "1.0",
  "agentId": "agent_abc123",
  "issuedAt": "2026-03-29T00:00:00Z",
  "expiresAt": "2026-04-29T00:00:00Z",
  "rules": [ ...PermissionRule[] ]
}

Sources: web/src/pages/spec.tsx:50-65

Permission Rule Components

Each rule within a policy consists of the following components:

Sources: sdk-python/README.md:1-30

Tool Pattern Matching

The permission system uses glob-style patterns to match tool names. This allows administrators to grant or deny access to groups of tools efficiently.

Pattern Syntax

Sources: web/src/pages/spec.tsx:80-95

Pattern Examples

Sources: web/src/pages/guides.tsx:1-30

Constraint Types

The permission system defines 13 distinct constraint types organized into 5 categories, providing comprehensive control over agent behavior.

Constraint Categories

Sources: web/src/pages/docs.tsx:1-50

Parameter Conditions

Conditions allow restricting tool access based on parameter values. Only allow a tool when specific parameters match:

{
  "tool_pattern": "read_customer",
  "action": "allow",
  "conditions": {
    "params": { "customer_id": "cust_123" }
  }
}

This rule means: "Allow read_customer, but only for customer cust_123."

Sources: web/src/pages/guides.tsx:30-50

Evaluation Algorithm

The permission engine evaluates rules in a specific order, short-circuiting on the first match:

graph LR
    A[Tool Call] --> B[Sort Rules by Priority]
    B --> C{Higher Priority First}
    C --> D{Match Tool Pattern?}
    D -->|Yes| E{All Conditions Met?}
    E -->|Yes| F[Apply Action]
    E -->|No| G[Continue to Next Rule]
    D -->|No| G
    F --> H[Allow or Deny]
    G --> C
    C -->|No More Rules| I[Default Deny]

Priority System

Rules are evaluated in priority order (highest to lowest). When a matching rule is found with all conditions satisfied, that rule's action is applied immediately.

Example with priority:

await aid.set_permissions("agt_abc123", [
    {"tool_pattern": "search_*", "action": "allow", "priority": 10},
    {"tool_pattern": "delete_*", "action": "deny", "priority": 20},
])

In this example, delete_* is evaluated first due to higher priority, ensuring delete operations are blocked before any general allow rules.

Sources: sdk-python/README.md:10-25

API Endpoints

Set Permissions

Replace all permission rules for an agent.

PUT /api/v1/agents/{agent_id}/permissions

Any existing rules are deleted and replaced with the provided set.

Sources: web/src/pages/docs.tsx:50-100

Get Permissions

Retrieve the current permission rules for an agent.

GET /api/v1/agents/{agent_id}/permissions

Returns rules ordered by priority (highest first):

{
  "agent_id": "agt_7x9k2mNpQ4rS1tUv",
  "rules": [
    {"tool_pattern": "delete_*", "action": "deny", "priority": 10},
    {"tool_pattern": "save_memory", "action": "allow", "priority": 1},
    {"tool_pattern": "search_memories", "action": "allow", "priority": 0}
  ]
}

Sources: web/src/pages/docs.tsx:100-150

Check Permission

Check if an agent is allowed to call a specific tool.

POST /api/v1/check

Request Body:

Response (allowed):

{
  "allowed": true,
  "reason": "Allowed by rule: save_memory",
  "matched_rule": {
    "tool_pattern": "save_memory",
    "action": "allow"
  }
}

Response (denied):

{
  "allowed": false,
  "reason": "No matching rule -- default deny",
  "matched_rule": null
}

Sources: web/src/pages/docs.tsx:150-200

Example curl Command

curl -X POST https://api.agentsid.dev/api/v1/check \
  -H "Authorization: Bearer aid_proj_xR7kM2pQ9..." \
  -H "Content-Type: application/json" \
  -d '{"agent_id": "agt_7x9k2mNpQ4rS1tUv", "tool": "delete_memory"}'

Sources: web/src/pages/docs.tsx:200-220

SDK Implementation

Python SDK

from agentsid import AgentsID

aid = AgentsID(api_key="aid_proj_...")

# Set permissions
await aid.set_permissions("agt_abc123", [
    {"tool_pattern": "search_*", "action": "allow", "priority": 10},
    {"tool_pattern": "delete_*", "action": "deny", "priority": 20},
    {
        "tool_pattern": "send_email",
        "action": "allow",
        "conditions": {"recipient_domain": "company.com"},
    },
])

# Get permissions
rules = await aid.get_permissions("agt_abc123")

# Check permission
check = await aid.check_permission("agt_abc123", "delete_user", params={"user_id": "u_789"})
if not check["allowed"]:
    print(check["reason"])

Sources: sdk-python/README.md:1-50

TypeScript SDK

import { AgentsID } from '@agentsid/sdk';

const aid = new AgentsID({ apiKey: 'aid_proj_...' });

// Set permissions
await aid.setPermissions('agt_abc123', [
  { toolPattern: 'search_*', action: 'allow', priority: 10 },
  { toolPattern: 'delete_*', action: 'deny', priority: 20 },
  {
    toolPattern: 'send_email',
    action: 'allow',
    conditions: { recipient_domain: 'company.com' },
  },
]);

// Get permissions
const rules = await aid.getPermissions('agt_abc123');

// Check permission
const check = await aid.checkPermission('agt_abc123', 'delete_user', { userId: 'u_789' });

Sources: sdk-typescript/README.md:1-50

Ruby SDK

require 'agentsid'

client = AgentsID.new(api_key: 'aid_proj_...')

# Set permissions
client.set_permissions('agt_abc123', [
  { tool_pattern: 'search_*', action: 'allow', priority: 10 },
  { tool_pattern: 'delete_*', action: 'deny', priority: 20 },
  {
    tool_pattern: 'send_email',
    action: 'allow',
    conditions: { 'recipient_domain' => 'company.com' }
  }
])

# Get permissions
rules = client.get_permissions('agt_abc123')

# Check permission
check = client.check_permission('agt_abc123', 'delete_user', params: { user_id: 'u_789' })
unless check['allowed']
  puts check['reason']
end

Sources: sdk-ruby/README.md:1-50

Java SDK

import dev.agentsid.AgentsID;

AgentsID aid = new AgentsID("aid_proj_...");

// Set permissions
List<JSONObject> rules = new ArrayList<>();
JSONObject rule = new JSONObject();
rule.put("tool_pattern", "search_*");
rule.put("action", "allow");
rules.add(rule);

JSONObject response = aid.setPermissions("agt_abc123", rules);

Sources: sdk-java/src/main/java/dev/agentsid/AgentsID.java:1-50

Common Use Cases

Code Assistant Template

An agent that can read and search code freely, but writing files requires human approval. Execution and deployment are completely blocked.

[
  { "tool_pattern": "read_file",    "action": "allow" },
  { "tool_pattern": "search_code",  "action": "allow" },
  { "tool_pattern": "list_files",   "action": "allow" },
  { "tool_pattern": "write_file",   "action": "allow", "requires_approval": true },
  { "tool_pattern": "execute_*",   "action": "deny" },
  { "tool_pattern": "deploy_*",    "action": "deny" },
  { "tool_pattern": "delete_*",    "action": "deny" }
]

Result Summary

Sources: web/src/pages/guides.tsx:50-100

Minimal Access Template

[
  { "tool_pattern": "search_*", "action": "allow" },
  { "tool_pattern": "write_*",  "action": "deny" },
  { "tool_pattern": "delete_*", "action": "deny" },
  { "tool_pattern": "deploy_*", "action": "deny" }
]

Sources: web/src/pages/guides.tsx:100-120

Advanced Features

Approval Gates

Sensitive actions can be configured to pause for human approval. When an agent attempts to call a tool marked with requires_approval: true, the request is held until a human approves or denies it.

const pending = await aid.listApprovals();
await aid.approve(approvalId, { decidedBy: '[email protected]' });

Rate Limits

Tools can be restricted by rate limits within permission rules:

await aid.setPermissions(agentId, [
  { toolPattern: 'deploy_*', action: 'allow',
    schedule: { hoursStart: 9, hoursEnd: 17, timezone: 'US/Pacific' },
    rateLimit: { max: 5, per: 'hour' } },
]);

Schedules

Permission rules can include schedule constraints to limit when tools can be used:

Sources: README.md:1-50

Integration with HTTP Middleware

The TypeScript SDK provides HTTP middleware for automatic permission validation:

import { createHttpMiddleware } from '@agentsid/sdk';

const guard = createHttpMiddleware({ projectKey: 'aid_proj_...' });
// Every tool call is now validated automatically.

Sources: README.md:50-80

Security Model Summary

The Deny-First Permission System provides several layers of security:

1. Default Deny: All tool access is blocked unless explicitly allowed
2. Priority-Based Evaluation: Rules are evaluated in priority order with short-circuiting
3. Parameter Conditions: Fine-grained control over parameter values
4. Approval Gates: Human oversight for sensitive operations
5. Rate Limits: Protection against abuse and resource exhaustion
6. Schedule Constraints: Time-based access restrictions

All 13 constraint types compose freely. A single permission rule can combine IP restrictions, budget caps, schedule windows, and approval gates—the engine evaluates them all in sequence and short-circuits on the first failure. This enables policies like "allow fund transfers only from the VPC, during business hours, under $1000/day, with human approval" in a single rule.

Sources: web/src/pages/docs.tsx:50-80

Related Pages

Related topics: Deny-First Permission System, Tamper-Evident Audit System

Token Authentication and Security

Overview

AgentsID provides a comprehensive token-based authentication system for AI agents. The system enables secure identity verification, permission enforcement, and audit logging for agent-to-tool interactions. Every AI agent interacting with MCP (Model Context Protocol) servers must obtain a token through the registration process, which then serves as the authentication credential for all subsequent tool calls.

The token architecture is designed around JWT-like tokens signed with HMAC-SHA256, allowing stateless validation without database calls while maintaining the ability to revoke tokens when necessary.

Related Pages

Related topics: Token Authentication and Security, Approval Gates and Webhooks

Tamper-Evident Audit System

The Tamper-Evident Audit System is a core security feature of AgentsID that provides cryptographically-linked, append-only logging of all agent tool calls. Every evaluation decision—whether allowed or denied—is permanently recorded with integrity guarantees that make tampering mathematically detectable.

Overview

The audit system operates as a hash-chained append-only ledger. Each log entry is cryptographically linked to the previous entry via SHA-256 hashing, creating an immutable chain that proves exactly what happened, when, and under whose authority. Sources: web/src/pages/spec.tsx:1-50

Design Principles

Sources: web/src/pages/spec.tsx:50-70

Audit Entry Schema

Each audit log entry captures a complete record of a tool call evaluation. The schema follows a standardized format that ensures consistency across all logged events.

{
  "entryId": "entry_abc123",
  "timestamp": "2026-03-29T12:34:56.789Z",
  "agentId": "agent_def456",
  "delegationId": "del_xyz789",
  "tool": "github.push_files",
  "parameters": { "owner": "myorg", "repo": "myrepo", "branch": "main" },
  "decision": "allow",
  "matchedRule": 2,
  "constraintsEvaluated": ["rateLimit", "schedule"],
  "durationMs": 3,
  "prevEntryHash": "sha256:e3b0c44298fc1c149afb...",
  "entryHash": "sha256:a665a45920422f9d417e..."
}

Sources: web/src/pages/spec.tsx:70-90

Field Descriptions

Sources: web/src/pages/guides.tsx:100-130

Hash Chain Integrity

The foundation of tamper-evidence is the cryptographic hash chain that links all audit entries together. This mechanism ensures data integrity without requiring a centralized trusted authority.

Hash Calculation

entryHash = SHA-256(canonicalize(entry with entryHash=null))
// First entry uses prevEntryHash: "genesis"

Sources: web/src/pages/spec.tsx:90-95

Verification Algorithm

function verifyChain(entries: AuditEntry[]): boolean {
  for (let i = 1; i < entries.length; i++) {
    const prev = entries[i - 1]
    // Verify prevEntryHash matches previous entry's entryHash
    // Verify canonicalized hash matches stored entryHash
  }
}

Sources: web/src/pages/spec.tsx:95-105

Integrity Verification Response

Chain Intact (200 OK):

{
  "verified": true,
  "entries_checked": 1523,
  "message": "All entries verified -- chain intact"
}

Chain Broken (200 OK):

{
  "verified": false,
  "entries_checked": 1523,
  "broken_at_id": 42,
  "message": "Integrity chain broken at entry 42 -- possible tampering"
}

Sources: web/src/pages/docs.tsx:1-50

Architecture

graph TD
    A[Agent Tool Call] --> B[Policy Evaluator]
    B --> C{Audit Entry Created}
    C --> D[SHA-256 Hash Calculation]
    D --> E[Append to Chain]
    E --> F[prevEntryHash set to previous entryHash]
    F --> G[Audit Log Stored]
    G --> H[Dashboard Display]
    
    I[Verification Request] --> J[Traverse Chain]
    J --> K{Hash Match?}
    K -->|Yes| L[Continue]
    K -->|No| M[Flag Tampering]
    
    style M fill:#ffcccc
    style G fill:#ccffcc

Audit API Methods

The AgentsID SDK provides three primary methods for interacting with the audit system.

Method Reference

Sources: web/src/pages/docs.tsx:50-80

Statistics Response Format

{
  "total_events": 1423,
  "events_by_action": {
    "allow": 1308,
    "deny": 115
  },
  "events_by_tool": {
    "save_memory": 800,
    "search_memories": 500,
    "delete_memory": 123,
    "list_categories": 100
  },
  "deny_rate_pct": 8.1
}

Sources: web/src/pages/docs.tsx:80-120

Audit Feed Dashboard

The dashboard provides a real-time audit feed that displays events as they happen. The interface includes filtering capabilities and visual indicators for allowed versus denied actions.

Visual Design

The audit feed uses color coding to distinguish between allowed and denied events:

• Allowed actions: Green background tint (bg-green-500/5 → bg-green-500/10 on hover)
• Denied actions: Red background tint (bg-red-500/5 → bg-red-500/10 on hover)

className={`cursor-pointer border-b border-border transition-colors ${
  isAllow
    ? "bg-green-500/5 hover:bg-green-500/10"
    : "bg-red-500/5 hover:bg-red-500/10"
} ${isNew ? "animate-in slide-in-from-top-2 fade-in duration-400" : ""}`}

Sources: web/src/components/dashboard/AuditFeed.tsx:1-50

Filtering Capabilities

The dashboard supports filtering by:

• Agent: Filter by specific agent ID
• Tool: Filter by specific tool name
• Result: Filter by allowed or denied status
• Time range: Filter by date/time window

Activity Timeline Component

The agent detail page includes an Activity Timeline component that displays the audit entries for a specific agent:

<div className="bg-card border border-border rounded-2xl p-5">
  <ActivityTimeline entries={data?.audit ?? []} loading={!data} />
</div>

Sources: web/src/components/dashboard/AgentDetail.tsx:1-50

Security Properties

The tamper-evident audit system provides several security guarantees:

Encryption in Transit

All communication between clients and the AgentsID API uses TLS 1.2 or higher.

HMAC Token Signing

Agent tokens are signed with HMAC-SHA256. The signing secret never leaves the server. Raw API keys are never stored—only their hashes.

Tamper-Evident Logs

Each log entry is chained to the previous via a hash, making unauthorized modifications mathematically detectable.

Sources: web/src/pages/privacy.tsx:100-130

Use Cases

Debugging

"The agent did something weird at 3pm." Go to the audit trail, find the 3pm entries, see exactly what tools were called and with what parameters.

Compliance

Need to prove that your AI agent never accessed customer data it shouldn't have? The audit trail is your evidence.

Security Review

After an incident, review all denied calls. Multiple denied calls for the same dangerous tool might indicate a prompt injection attack.

Performance Monitoring

See which tools are called most often and how they're being used.

Sources: web/src/pages/guides.tsx:50-80

Data Retention

When downgrading from Pro to Free, audit logs are trimmed to the 7-day window within 30 days. Users should export logs before downgrading if preservation is needed.

Sources: web/src/pages/privacy.tsx:1-30

Reference Implementation

Sources: web/src/pages/spec.tsx:200-220

AuditEntry Data Model

From the product specification, the core data model for audit entries:

AuditEntry {
  id: "aud_..."
  timestamp: ISO 8601
  agent_id: "agt_..."
  delegated_by: "user_..."      // human in the chain
  tool: "save_memory"
  action: "allow" | "deny"
  params: { ... }               // what was passed to the tool
  result: "success" | "error"
  delegation_chain: [user_abc → agt_xyz]
}

Queryable by: agent, user, tool, time range, action. Exportable as JSON or CSV for compliance.

Sources: PRODUCT.md:1-50

Related Pages

Related topics: High-Level Architecture

Backend API Reference

Overview

The AgentsID Backend API provides a comprehensive identity, permissions, and audit system for AI agents. The API serves as the central control plane for managing agent identities, enforcing permission rules, and maintaining tamper-proof audit logs.

Base URL: https://api.agentsid.dev/api/v1

All endpoints (except project creation and health checks) require a project API key in the Authorization header:

Authorization: Bearer aid_proj_<your_project_key>

Authentication

Project API Key

Every project is assigned a unique API key during initialization. This key authenticates the project owner and grants access to all project resources including agents, permissions, and audit logs.

Key Format: aid_proj_ prefix followed by a 16+ character alphanumeric string

Example:

curl https://api.agentsid.dev/api/v1/audit/usage \
  -H "Authorization: Bearer aid_proj_xR7kM2pQ9..."

Agent Tokens

Agent tokens are short-lived credentials issued to individual agents. Each agent receives a token upon registration with an optional TTL (time-to-live):

{
  "agent": "agt_7x9k2mNpQ4rS1tUv",
  "token": "aid_tok_...",
  "tokenId": "tok_abc123",
  "expiresAt": "2026-03-26 14:30:00+00:00"
}

Sources: web/src/pages/guides.tsx

API Endpoints

Projects

Sources: web/src/pages/docs.tsx

Agents

#### Register Agent

POST /api/v1/agents/register

Creates a new agent and issues its first authentication token.

Request Body:

{
  "name": "research-assistant",
  "onBehalfOf": "user_abc",
  "permissions": ["search_memories", "save_memory"],
  "ttlHours": 24,
  "metadata": {
    "framework": "langchain"
  }
}

Response:

{
  "id": "agt_7x9k2mNpQ4rS1tUv",
  "name": "research-assistant",
  "project_id": "proj_a1b2c3d4e5f6",
  "created_by": "user_abc",
  "status": "active",
  "expires_at": "2026-03-26 14:30:00+00:00",
  "metadata": {"framework": "langchain"},
  "created_at": "2026-03-25 14:30:00+00:00",
  "revoked_at": null
}

#### List Agents

GET /api/v1/agents/?status=active&limit=10

Returns a paginated list of agents within the project.

Query Parameters:

#### Get Agent

GET /api/v1/agents/{agent_id}

Retrieves details for a specific agent.

Response Codes:

#### Update Agent

PATCH /api/v1/agents/{agent_id}

Updates an agent's name or metadata. Does not affect tokens or permissions.

Request Body:

{
  "name": "new-agent-name",
  "metadata": {
    "version": "2.0"
  }
}

Sources: web/src/pages/docs.tsx

Permissions

#### Check Permission

POST /api/v1/check

Validates whether an agent is permitted to execute a specific tool. This is the core enforcement endpoint.

Request Body:

{
  "agent_id": "agt_7x9k2mNpQ4rS1tUv",
  "tool": "delete_memory"
}

Response (Allowed):

{
  "allowed": true,
  "reason": "Allowed by rule: save_memory",
  "matched_rule": {
    "tool_pattern": "save_memory",
    "action": "allow"
  }
}

Response (Denied):

{
  "allowed": false,
  "reason": "No matching rule -- default deny",
  "matched_rule": null
}

curl Example:

curl -X POST https://api.agentsid.dev/api/v1/check \
  -H "Authorization: Bearer aid_proj_xR7kM2pQ9..." \
  -H "Content-Type: application/json" \
  -d '{"agent_id": "agt_7x9k2mNpQ4rS1tUv", "tool": "delete_memory"}'

#### Permission Rule Structure

{
  "tool_pattern": "github.push_files",
  "action": "allow",
  "constraints": [
    { "type": "rateLimit", "max": 10, "windowSeconds": 3600 }
  ]
}

Tool Pattern Matching:

Sources: web/src/pages/spec.tsx

Validation

#### Validate Tool Parameters

POST /api/v1/validate

Validates parameters for a specific tool against defined schemas.

Audit

#### Verify Integrity Chain

GET /api/v1/audit/verify

Verifies the cryptographic integrity of the audit log chain. Each entry contains a SHA-256 hash linking to the previous entry, creating a tamper-evident chain.

Response (Chain Valid):

{
  "verified": true,
  "entries_checked": 1523,
  "message": "Integrity chain verified"
}

Response (Chain Broken):

{
  "verified": false,
  "entries_checked": 1523,
  "broken_at_id": 42,
  "message": "Integrity chain broken at entry 42 -- possible tampering"
}

#### Get Usage Statistics

GET /api/v1/audit/usage

Returns current usage statistics and plan limits for the authenticated project.

Response:

{
  "events_this_month": 1200,
  "events_limit": 10000,
  "agents_active": 5,
  "agents_limit": 25,
  "plan": "free"
}

Audit Log Format

Entry Schema

{
  "entryId": "entry_abc123",
  "timestamp": "2026-03-29T12:34:56.789Z",
  "agentId": "agent_def456",
  "delegationId": "del_xyz789",
  "tool": "github.push_files",
  "parameters": {
    "owner": "myorg",
    "repo": "myrepo",
    "branch": "main"
  },
  "decision": "allow",
  "matchedRule": 2,
  "constraintsEvaluated": ["rateLimit", "schedule"],
  "durationMs": 3,
  "prevEntryHash": "sha256:e3b0c44298fc1c149afb...",
  "entryHash": "sha256:a665a45920422f9d417e..."
}

Hash Chain Integrity

The system uses SHA-256 cryptographic hashing to create a tamper-evident audit trail:

entryHash = SHA-256(canonicalize(entry with entryHash=null))
// First entry uses prevEntryHash: "genesis"

Verification Algorithm:

function verifyChain(entries: AuditEntry[]): boolean {
  for (let i = 1; i < entries.length; i++) {
    const prev = entries[i - 1]
    const expected = SHA-256(canonicalize(entries[i].with(prevEntryHash = prev.entryHash)))
    if (entries[i].entryHash !== expected) {
      return false
    }
  }
  return true
}

Sources: web/src/pages/spec.tsx

Constraint Types

Constraints attach runtime conditions to rules beyond simple parameter validation.

Schedule Constraint

{
  "type": "schedule",
  "daysOfWeek": [1, 2, 3, 4, 5],
  "hoursUTC": [8, 17],
  "timezone": "America/New_York"
}

Rate Limit Constraint

{
  "type": "rateLimit",
  "max": 100,
  "windowSeconds": 3600,
  "scope": "agent"
}

Budget Constraint

{
  "type": "budget",
  "currency": "usd",
  "max": 10.00,
  "windowSeconds": 86400
}

Sequence Constraint

{
  "type": "sequence",
  "requires": ["filesystem.read_file"],
  "forbids": ["github.push_files"]
}

Session Limit Constraint

{
  "type": "sessionLimit",
  "max": 5
}

Risk Score Constraint

{
  "type": "riskScore",
  "maxScore": 0.7
}

IP Allowlist Constraint

{
  "type": "ipAllowlist",
  "cidrs": ["10.0.0.0/8", "192.168.1.0/24"]
}

Chain Depth Constraint

{
  "type": "chainDepth",
  "max": 2
}

Cooldown Constraint

{
  "type": "cooldown",
  "seconds": 300
}

Sources: web/src/pages/spec.tsx

SDK Reference

The AgentsID SDK provides programmatic access to the API in multiple languages.

Available SDKs

Agent Methods

SDK Initialization

import AgentsID from '@agentsid/sdk'

const client = new AgentsID({
  projectKey: 'aid_proj_xR7kM2pQ9...',
  agentToken: 'aid_tok_...'
})

Sources: web/src/pages/docs.tsx

CLI Reference

Initialization

npx agentsid init "My Production App"

Creates a new project and receives the API key.

Output:

Creating project "My Production App"...
Project created successfully!

  Project ID:  proj_a1b2c3d4e5f6
  API Key:     aid_proj_xR7kM2pQ9...
  Plan:        free

  Store your API key securely. It will not be shown again.

Register Agent

npx agentsid register-agent \
  --name "research-assistant" \
  --on-behalf-of "user_abc" \
  --permissions "search_memories,save_memory" \
  --ttl 24

Output:

Agent registered!

  Agent ID:   agt_7x9k2mNpQ4rS1tUv
  Token:      aid_tok_...
  Expires:    2026-03-26 14:30:00+00:00

Architecture Overview

graph TD
    A[AI Agent] -->|1. Request Tool Call| B[AgentsID SDK]
    B -->|2. Check Permission| C[AgentsID API]
    C -->|3. Evaluate Rules| D[Permission Engine]
    D -->|4. Query| E[(Database)]
    E -->|5. Rule Match| D
    D -->|6. Decision| C
    C -->|7. Allow/Deny| B
    B -->|8. Execute or Block| A
    C -->|9. Log Event| F[Audit Log]
    F -->|10. Hash Chain| G[Integrity Verification]

Rate Limits and Quotas

Sources: web/src/pages/privacy.tsx

Error Handling

Security Considerations

API Key Storage

• API keys are hashed before storage; raw keys are never persisted
• Project keys should be stored in environment variables
• Agent tokens should be rotated periodically using refreshToken

Data Handling

• Raw exports of project data, agent configurations, and audit logs are available in JSON format
• PostHog analytics is opt-in only, gated behind cookie consent
• The system does not sell user data

Audit Log Immutability

The hash chain mechanism ensures:

1. Any tampering with historical entries breaks the chain
2. Verification can be performed at any time via /api/v1/audit/verify
3. Genesis entry uses a fixed seed value: "genesis"

Sources: web/src/pages/privacy.tsx

Related Documentation

• Guides and Tutorials
• Full API Documentation
• Privacy Policy
• Research Papers

Related Pages

Related topics: Deny-First Permission System, Tamper-Evident Audit System

Approval Gates and Webhooks

AgentsID provides two complementary mechanisms for controlling and monitoring AI agent behavior: Approval Gates and Webhooks. Together, they enable organizations to implement human-in-the-loop oversight for sensitive operations while maintaining real-time visibility into agent activities through event-driven notifications.

Overview

Approval Gates pause agent tool executions and require explicit human authorization before proceeding. This creates a checkpoint system where certain actions cannot complete without human review.

Webhooks deliver real-time event notifications to your systems when significant events occur—including when approvals are requested, when decisions are made, and when policy violations or rate limits are encountered.

Sources: web/src/pages/docs.tsx:1-100

Approval Gates

Purpose and Scope

Approval Gates provide human-in-the-loop control over agent actions. When an agent attempts to execute a tool that matches a permission rule with requires_approval: true, the system halts execution and creates a pending approval record.

The approval mechanism supports:

• Tool-specific gating: Require approval only for specific dangerous operations (file writes, deletions, deployments)
• Universal gating: Require approval for all tool calls (maximum oversight)
• Conditional gating: Combine with other permission constraints (schedule, rate limits, risk scores)
• Time-boxed decisions: Approvers receive notifications and must decide within acceptable timeframes

Sources: web/src/pages/guides.tsx:1-50

How Approval Gates Work

sequenceDiagram
    participant Agent
    participant AgentsID_API
    participant ApprovalService
    participant NotificationService
    participant Human
    participant Dashboard

    Agent->>AgentsID_API: Tool call (e.g., delete_file)
    AgentsID_API->>ApprovalService: Validate against permission rules
    ApprovalService-->>AgentsID_API: requires_approval: true
    AgentsID_API->>ApprovalService: Create pending approval
    ApprovalService-->>AgentsID_API: approval_id
    AgentsID_API-->>Agent: 202 Accepted (pending)
    NotificationService->>Human: Email/webhook notification
    Human->>Dashboard: Review approval request
    Human->>Dashboard: Approve or reject
    Dashboard->>ApprovalService: Process decision
    ApprovalService-->>Agent: Decision (allow/deny)

Configuring Approval Gates

Approval gates are configured within permission rules using the requires_approval field:

{
  "tool_pattern": "deploy_production",
  "action": "allow",
  "requires_approval": true
}

#### Cautious Agent Template

For maximum oversight, all tool calls can require approval:

[
  { "tool_pattern": "*", "action": "allow", "requires_approval": true }
]

This configuration pauses every agent action and requires human authorization before execution proceeds. The system waits indefinitely for a decision.

Sources: web/src/pages/guides.tsx:1-50

#### Selective Approval Requirements

Configure approval requirements for specific high-risk operations while allowing routine operations to proceed automatically:

[
  { "tool_pattern": "read_file", "action": "allow" },
  { "tool_pattern": "search_code", "action": "allow" },
  { "tool_pattern": "list_files", "action": "allow" },
  { "tool_pattern": "write_file", "action": "allow", "requires_approval": true },
  { "tool_pattern": "execute_*", "action": "deny" },
  { "tool_pattern": "deploy_*", "action": "deny" },
  { "tool_pattern": "delete_*", "action": "deny" }
]

Sources: web/src/pages/guides.tsx:50-100

Approval API Endpoints

#### List Pending Approvals

Retrieves all pending approval requests for the authenticated project.

Response:

[
  {
    "id": 1,
    "agent_id": "agt_7x9k2mNpQ4rS1tUv",
    "tool": "delete_user",
    "params": { "user_id": "usr_123" },
    "status": "pending",
    "requested_at": "2026-03-25 14:30:00+00:00"
  }
]

curl Example:

curl "https://api.agentsid.dev/api/v1/approvals/" \
  -H "Authorization: Bearer aid_proj_xR7kM2pQ9..."

Sources: web/src/pages/docs.tsx:1-100

#### Get Pending Approval Count

Returns the count of pending approvals, useful for dashboard badges and polling applications.

Response:

{
  "pending_count": 3
}

curl Example:

curl "https://api.agentsid.dev/api/v1/approvals/count" \
  -H "Authorization: Bearer aid_proj_xR7kM2pQ9..."

Sources: web/src/pages/docs.tsx:100-200

#### Approve a Pending Action

Grants authorization for a previously pending tool call.

Request Body:

Example Request Body:

{
  "decided_by": "[email protected]",
  "reason": "Verified with user"
}

curl Example:

curl -X POST "https://api.agentsid.dev/api/v1/approvals/1/approve" \
  -H "Authorization: Bearer aid_proj_xR7kM2pQ9..." \
  -H "Content-Type: application/json" \
  -d '{"decided_by": "[email protected]"}'

Sources: web/src/pages/docs.tsx:200-300

#### Reject a Pending Action

Denies authorization for a pending tool call.

Request Body:

curl Example:

curl -X POST "https://api.agentsid.dev/api/v1/approvals/1/reject" \
  -H "Authorization: Bearer aid_proj_xR7kM2pQ9..." \
  -H "Content-Type: application/json" \
  -d '{"decided_by": "[email protected]", "reason": "Not authorized"}'

Sources: web/src/pages/docs.tsx:300-400

SDK Usage

The TypeScript/Python SDKs provide convenient methods for working with approvals:

import { AgentsID } from "@agentsid/sdk"

const client = new AgentsID({ apiKey: process.env.AGENTSID_API_KEY })

// List pending approvals
const pending = await client.approvals.list();

// Approve an action
await client.approvals.approve(approvalId, { decidedBy: '[email protected]' });

// Reject an action
await client.approvals.reject(approvalId, { decidedBy: '[email protected]', reason: 'Security policy violation' });

Sources: README.md:1-100

Webhooks

Purpose and Scope

Webhooks enable real-time event notifications sent to your configured endpoints. When significant events occur within the AgentsID system, HTTP POST requests are delivered to your registered URLs with event payloads.

AgentsID supports 8 webhook event types:

Sources: README.md:100-200

Webhook Architecture

graph TD
    subgraph Events
        A[Agent Created] --> W[Webhook Service]
        B[Approval Requested] --> W
        C[Limit Reached] --> W
        D[Chain Broken] --> W
    end
    
    subgraph Delivery
        W --> S[Signature Verification]
        S --> R[Retry Queue]
        R --> E[Endpoint Delivery]
    end
    
    subgraph Consumer
        E --> P[Your Application]
    end

Creating Webhook Subscriptions

Request Body:

Sources: web/src/pages/docs.tsx:400-500

Webhook Payload Structure

Each webhook delivery includes a JSON payload with event details:

{
  "event": "approval.requested",
  "timestamp": "2026-03-25T14:30:00Z",
  "data": {
    "approval_id": 1,
    "agent_id": "agt_7x9k2mNpQ4rS1tUv",
    "tool": "deploy_production",
    "params": { "environment": "production" }
  }
}

Webhook Security

Webhook requests include signature headers for verification:

Verify signatures by computing the HMAC-SHA256 of the payload using your webhook secret and comparing it to the provided signature.

Retry Policy

Failed webhook deliveries (non-2xx responses or timeouts) are retried with exponential backoff:

• First retry: 1 minute
• Second retry: 5 minutes
• Third retry: 30 minutes
• Final retry: 2 hours

After all retry attempts, the webhook delivery is marked as failed and no further retries occur.

Dashboard Integration

The AgentsID dashboard provides a visual interface for managing approvals and viewing webhook configurations.

Approvals Dashboard

From the dashboard at agentsid.dev/dashboard, administrators can:

• View all pending approval requests
• See tool parameters and context
• Approve or reject requests
• View approval history

Sources: web/src/pages/guides.tsx:1-50

Permission Editor

The dashboard includes a visual permission editor that allows configuring requires_approval flags:

interface PermissionRule {
  tool_pattern: string;
  action: "allow" | "deny";
  requires_approval?: boolean;
  priority?: number;
  schedule?: ScheduleConfig;
  rate_limit?: RateLimitConfig;
}

The editor displays active rules with their approval requirements and other constraint indicators.

Sources: web/src/components/dashboard/PoliciesTab.tsx:1-100

Audit Trail Integration

All approval-related events are recorded in the audit trail:

The audit trail maintains hash-chain integrity for compliance verification. Each entry's hash includes the previous entry's hash, creating an immutable chain.

Sources: web/src/pages/spec.tsx:1-100

Use Cases

Development Environment Approval

Configure automatic deployments to staging while requiring approval for production:

[
  { "tool_pattern": "deploy_staging", "action": "allow" },
  { "tool_pattern": "deploy_production", "action": "allow", "requires_approval": true }
]

Data Protection Workflow

Require approval for operations accessing confidential data:

[
  { "tool_pattern": "read_data", "action": "allow", "data_level": ["internal"] },
  { "tool_pattern": "read_data", "action": "allow", "data_level": ["confidential", "restricted"], "requires_approval": true }
]

Training Wheels Mode

For new agents or testing, require approval for everything:

[
  { "tool_pattern": "*", "action": "allow", "requires_approval": true }
]

This allows observing agent behavior before granting full autonomy.

Sources: web/src/pages/guides.tsx:50-100

Summary

Related Pages

Related topics: Backend API Reference

Web Dashboard

The Web Dashboard is the central management interface for AgentsID, providing real-time monitoring, agent configuration, and audit trail visualization for AI agent security controls.

Overview

The dashboard serves as the command center where users:

• Monitor agent activity in real-time through the audit feed
• Manage agent permissions using pattern-based tool allow/deny rules
• Register and configure new agents with unique tokens
• View security statistics and compliance metrics
• Access audit logs for forensic analysis and compliance reporting

Sources: web/src/pages/dashboard.tsx

Architecture

graph TD
    A[Browser Client] --> B[Dashboard App]
    B --> C[Supabase Backend]
    C --> D[AgentsID API]
    D --> E[Protected MCP Servers]
    
    B --> F[Sidebar Navigation]
    B --> G[Main Content Area]
    B --> H[Register Agent Modal]
    
    G --> I[Overview Tab]
    G --> J[Agents Tab]
    G --> K[Audit Feed Tab]
    
    I --> L[AuditStats]
    J --> M[AgentCards]
    J --> N[PermissionEditor]
    K --> O[AuditFeed]

Dashboard Layout Structure

The dashboard uses a responsive sidebar layout with the following regions:

Responsive Behavior

• Desktop (md+): Fixed 240px sidebar on the left, content area with md:ml-60 offset
• Mobile: Collapsible sidebar with hamburger toggle, full-width content
• Max Content Width: 1400px centered with max-w-[1400px] mx-auto

Sources: web/src/pages/dashboard.tsx:1-50

Tab Navigation

The dashboard supports the following navigation tabs:

stateDiagram-v2
    [*] --> Overview
    Overview --> Agents
    Agents --> AuditFeed
    AuditFeed --> Overview
    
    Overview: OverviewTab<br/>apiKey, agents, auditStats
    Agents: AgentCards + PermissionEditor
    AuditFeed: AuditFeed Component

Tab States

Sources: web/src/pages/dashboard.tsx:100-150

Core Components

AgentCards

Displays registered agents with status indicators and activity metrics.

Key Features:

• Agent name and status display
• Activity counters (allow/deny events)
• Quick action buttons for agent management

Sources: web/src/components/dashboard/AgentCards.tsx

PermissionEditor

Configures tool permission rules for each agent using pattern matching.

Permission Rule Structure:

interface PermissionRule {
  tool_pattern: string;  // Glob pattern for tool names
  action: "allow" | "deny";
}

Example Configuration:

[
  { "tool_pattern": "search_*",  "action": "allow" },
  { "tool_pattern": "read_*",    "action": "allow" },
  { "tool_pattern": "write_*",   "action": "deny" },
  { "tool_pattern": "delete_*",  "action": "deny" }
]

Sources: web/src/components/dashboard/PermissionEditor.tsx

AuditFeed

Provides real-time visibility into agent tool calls with allow/deny decisions.

Audit Event Properties:

• Agent name and identifier
• Tool call name and parameters
• Decision status (allowed/denied)
• Timestamp
• Traces back to the rule commit that authorized the decision

Sources: web/src/components/dashboard/AuditFeed.tsx Sources: web/src/pages/landing.tsx:50-60

Data Models

AuditStats

Collected from the dashboard for real-time monitoring:

Sources: web/src/pages/dashboard.tsx

Agent Data

Sources: web/src/pages/docs.tsx:SDK_INIT_TABS

Agent Registration Flow

sequenceDiagram
    participant User
    participant Dashboard
    participant Modal as RegisterAgentModal
    participant API as AgentsID API
    
    User->>Dashboard: Click "Register Agent"
    Dashboard->>Modal: Open registration modal
    User->>Modal: Enter agent details
    Modal->>API: registerAgent(name, permissions)
    API->>API: Generate token + tokenId
    API->>Modal: Return {agent, token, tokenId, expiresAt}
    Modal->>User: Display credentials
    User->>Dashboard: Configure MCP server with token

Registration Modal

Accessible from both the Overview tab and Agents tab via the onRegisterAgent callback.

Sources: web/src/pages/dashboard.tsx:Footer

Error Handling

Error Banner Component

When dashboard data loading fails:

{loadError && (
  <div className="mx-4 mt-4 md:mx-8 bg-red-500/5 border border-red-500/20 rounded-lg px-4 py-3 flex items-center justify-between">
    <span className="text-xs text-red-500">{loadError}</span>
    <button onClick={loadDashboardData} className="text-xs text-red-500 underline">
      Retry
    </button>
  </div>
)}

Features:

• Auto-dismiss on successful retry
• Manual retry button
• Responsive margin/padding

Sources: web/src/pages/dashboard.tsx:100-115

Loading States

DashboardSkeleton

Displayed during initial page load for better UX:

function DashboardSkeleton() {
  return (
    <div className="flex min-h-screen bg-background">
      {/* Sidebar skeleton */}
      <div className="hidden md:flex flex-col w-60 border-r border-border p-4 gap-6">
        <Bone className="h-8 w-28 rounded-md" />
        <div className="flex flex-col gap-3 mt-4">
          <Bone className="h-8 w-full rounded-lg" />
          <Bone className="h-8 w-full rounded-lg" />
          <Bone className="h-8 w-full rounded-lg" />
          <Bone className="h-8 w-full rounded-lg" />
        </div>
      </div>
      {/* Main content skeleton */}
      <div className="flex-1 p-4 md:px-8 md:py-4">
        <Bone className="h-[200px] w-full rounded-lg" />
      </div>
    </div>
  );
}

Sources: web/src/components/dashboard/Skeletons.tsx

Privacy and Data Practices

The dashboard handles the following user data:

Sources: web/src/pages/privacy.tsx Sources: web/src/pages/terms.tsx

Navigation Links

The dashboard footer provides links to related pages:

Sources: web/src/pages/dashboard.tsx:Footer

Usage with AI Coding Tools

The dashboard integrates with AI coding assistants through MCP (Model Context Protocol) servers:

Testing Workflow

1. Register agent → Get project key and agent token
2. Configure MCP server → Set environment variables
3. Test allowed calls → Verify successful tool executions
4. Test denied calls → Verify blocked operations
5. Check dashboard → Review audit feed for all events

Sources: web/src/pages/guides.tsx

Security Model

graph LR
    A[AI Agent] -->|tool_call| B[AgentsID Scanner]
    B -->|allow/deny| C[Dashboard Audit Feed]
    C -->|visualize| D[User Dashboard]
    
    B -->|block| A[AI Agent]
    B -->|allow| E[Protected MCP Server]

Key Security Properties:

• API keys are hashed before storage (never stored raw)
• Token-based authentication with configurable TTL
• Pattern-based permission rules
• Complete audit trail for all tool calls
• Compliance with data export and opt-out requirements

Sources: web/src/pages/privacy.tsx

Related Pages

Related topics: Quick Start Guide, Backend API Reference

Multi-Language SDKs

AgentsID provides official Software Development Kits (SDKs) for multiple programming languages, enabling developers to integrate agent permission management, tool validation, and audit logging into their applications regardless of their preferred technology stack. Each SDK exposes a unified API surface while adapting to language-specific conventions and idioms.

Overview

The AgentsID SDK ecosystem covers four primary languages:

Sources: web/src/pages/docs.tsx

SDK Architecture

All SDKs follow a consistent layered architecture consisting of:

1. Client Layer - Core API wrapper handling authentication, request serialization, and HTTP communication
2. Middleware Layer - Integration adapters for frameworks like MCP (Model Context Protocol) and HTTP servers
3. Model Layer - Typed data structures for requests, responses, and domain objects (agents, tokens, permissions)

graph TD
    A[Application Code] --> B[SDK Client]
    B --> C[HTTP/REST API]
    C --> D[AgentsID Backend]
    
    E[Framework Integration] --> B
    F[MCP Server] --> E
    G[HTTP Server] --> E
    
    B --> H[Response Models]
    H --> A

Sources: sdk-typescript/src/client.ts, sdk-python/agentsid/client.py

Initialization

TypeScript/JavaScript

import { AgentsID } from '@agentsid/sdk';

const aid = new AgentsID({ 
  projectKey: 'aid_proj_YOUR_KEY' 
});

Sources: web/src/pages/guides.tsx

Python

from agentsid import AgentsID

aid = AgentsID(project_key="aid_proj_YOUR_KEY")

Sources: web/src/pages/guides.tsx

Ruby

require 'agentsid'

aid = AgentsID.new(project_key: 'aid_proj_YOUR_KEY')

Sources: sdk-ruby/lib/agentsid/client.rb

Java

import dev.agentsid.AgentsID;

AgentsID aid = new AgentsID("aid_proj_YOUR_KEY");

Sources: sdk-java/src/main/java/dev/agentsid/AgentsID.java

Agent Management

Registering an Agent

The registerAgent method creates a new agent with scoped permissions and issues its first authentication token.

sequenceDiagram
    participant App as Application
    participant SDK as SDK Client
    participant API as AgentsID API
    
    App->>SDK: registerAgent(name, onBehalfOf, permissions)
    SDK->>API: POST /api/v1/agents
    API->>API: Create agent record
    API->>API: Generate token with JWT
    API-->>SDK: { agent, token, tokenId, expiresAt }
    SDK-->>App: Agent credentials

Sources: sdk-typescript/src/client.ts

Method Signature (TypeScript):

const { agent, token, tokenId, expiresAt } = await aid.registerAgent({
  name: 'research-bot',
  onBehalfOf: 'user_123',
  permissions: ['search_*', 'save_memory'],
});

Parameters:

Sources: web/src/pages/docs.tsx

Agent Methods Reference

Sources: web/src/pages/docs.tsx, sdk-python/agentsid/client.py

Permission Validation

Checking Tool Access

The validate method checks whether an agent's token permits execution of a specific tool.

const result = await aid.validate(token, 'save_memory');
console.log(result.permission.allowed); // → true

Response Schema:

{
  "valid": true,
  "agent_id": "agt_7x9k2mNpQ4rS1tUv",
  "timestamp": "2026-03-25T14:30:00Z",
  "permission": {
    "allowed": true,
    "reason": "Allowed by rule: save_memory",
    "matched_rule": {
      "tool_pattern": "save_memory",
      "action": "allow"
    }
  }
}

Sources: web/src/pages/docs.tsx

Deny-First Default Behavior

AgentsID employs a deny-first security model. If a tool is not explicitly listed in the agent's permission set, access is denied by default:

{
  "allowed": false,
  "reason": "No matching rule -- default deny",
  "matched_rule": null
}

Sources: web/src/pages/docs.tsx

Middleware Integration

HTTP Middleware

The HTTP middleware adapter enables seamless integration with existing web frameworks.

import { createHttpMiddleware } from '@agentsid/sdk';

const middleware = createHttpMiddleware({
  projectKey: 'aid_proj_YOUR_KEY',
  onUnauthorized: (req, res) => {
    res.status(401).json({ error: 'Invalid agent token' });
  }
});

Sources: sdk-typescript/src/middleware.ts

MCP Server Middleware

For Model Context Protocol servers, the SDK provides specialized middleware that intercepts tool calls before execution.

graph LR
    A[AI Tool] -->|Tool Call| B[MCP Middleware]
    B --> C{Validate with AgentsID}
    C -->|Allowed| D[Tool Handler]
    C -->|Denied| E[Error Response]
    D --> F[Execute Tool]

Sources: sdk-java/src/main/java/dev/agentsid/MCPMiddleware.java, sdk-python/agentsid/middleware.py

Python MCP Middleware Pattern:

from agentsid.middleware import MCPMiddleware

class ProtectedNotesServer:
    def __init__(self, agentsid_client):
        self.middleware = MCPMiddleware(agentsid_client)
    
    async def handle_tool_call(self, tool_name: str, params: dict):
        # Validate before execution
        result = await self.middleware.validate(tool_name, params)
        if not result.allowed:
            raise PermissionError(f"Tool '{tool_name}' is not permitted")
        
        # Proceed with tool execution
        return await self.execute_tool(tool_name, params)

Sources: sdk-python/agentsid/middleware.py

Audit Logging

Retrieving Audit Logs

The SDK provides access to the complete audit trail for agent activities:

const log = await aid.getAuditLog();
console.log('Audit events:', log.entries.length);

Response Schema:

{
  "entries": [
    {
      "id": 42,
      "agent_id": "agt_7x9k2mNpQ4rS1tUv",
      "action": "tool_call",
      "tool": "save_memory",
      "params": { "category": "note" },
      "decision": "allowed",
      "ip_address": "203.0.113.42",
      "user_agent": "MyApp/1.0",
      "created_at": "2026-03-25T14:30:00+00:00"
    }
  ],
  "pagination": {
    "cursor": "eyJpZCI6NDJ9",
    "has_more": true
  }
}

Sources: web/src/pages/guides.tsx, web/src/pages/docs.tsx

Verifying Audit Integrity

The audit system supports cryptographic verification to detect tampering:

const verification = await aid.verifyAuditLog();
if (!verification.verified) {
  console.error('Chain broken at entry:', verification.broken_at_id);
}

Verification Response (intact chain):

{
  "verified": true,
  "entries_checked": 1523,
  "message": "Integrity chain verified -- all entries match their Merkle proofs"
}

Verification Response (tampering detected):

{
  "verified": false,
  "entries_checked": 1523,
  "broken_at_id": 42,
  "message": "Integrity chain broken at entry 42 -- possible tampering"
}

Sources: web/src/pages/docs.tsx

Delegation

AgentsID supports hierarchical agent delegation, where one agent can create sub-agents with constrained permissions:

const delegate = await aid.delegate({
  parentAgentId: 'agt_parent',
  parentToken: 'aid_tok_...',
  childName: 'sub-researcher',
  childPermissions: ['search_memories'],
  ttlHours: 12
});

Constraints:

Sources: web/src/pages/docs.tsx, web/src/pages/spec.tsx

Usage Limits

The SDK exposes methods to monitor API usage against plan limits:

const usage = await aid.getUsage();
console.log(`Events: ${usage.events_this_month}/${usage.events_limit}`);
console.log(`Agents: ${usage.agents_active}/${usage.agents_limit}`);
console.log(`Plan: ${usage.plan}`);

Response Schema:

{
  "events_this_month": 1200,
  "events_limit": 10000,
  "agents_active": 5,
  "agents_limit": 25,
  "plan": "free"
}

Sources: web/src/pages/docs.tsx

Error Handling

The SDK provides consistent error handling across all languages:

Token Validation Errors:

All token validation failures return intentionally generic messages to prevent information leakage:

{
  "valid": false,
  "reason": "Token validation failed"
}

Sources: web/src/pages/docs.tsx

Quick Reference

Installation Commands

Sources: web/src/pages/landing.tsx

Environment Variables

Sources: web/src/pages/guides.tsx

Doramagic Pitfall Log

Doramagic extracted 7 source-linked risk signals. Review them before installing or handing real data to the project.

1. Project risk: Project risk needs validation

• Severity: medium
• Finding: Project risk is backed by a source signal: Project risk needs validation. Treat it as a review item until the current version is checked.
• User impact: The project should not be treated as fully validated until this signal is reviewed.
• Recommended check: Open the linked source, confirm whether it still applies to the current version, and keep the first run isolated.
• Evidence: identity.distribution | github_repo:1192733106 | https://github.com/AgentsID-dev/agentsid | repo=agentsid; install=@agentsid/sdk

2. Capability assumption: README/documentation is current enough for a first validation pass.

• Severity: medium
• Finding: README/documentation is current enough for a first validation pass.
• User impact: The project should not be treated as fully validated until this signal is reviewed.
• Recommended check: Open the linked source, confirm whether it still applies to the current version, and keep the first run isolated.
• Evidence: capability.assumptions | github_repo:1192733106 | https://github.com/AgentsID-dev/agentsid | README/documentation is current enough for a first validation pass.

3. Maintenance risk: Maintainer activity is unknown

• Severity: medium
• Finding: Maintenance risk is backed by a source signal: Maintainer activity is unknown. Treat it as a review item until the current version is checked.
• User impact: Users cannot judge support quality until recent activity, releases, and issue response are checked.
• Recommended check: Open the linked source, confirm whether it still applies to the current version, and keep the first run isolated.
• Evidence: evidence.maintainer_signals | github_repo:1192733106 | https://github.com/AgentsID-dev/agentsid | last_activity_observed missing

4. Security or permission risk: no_demo

• Severity: medium
• Finding: no_demo
• User impact: The project may affect permissions, credentials, data exposure, or host boundaries.
• Recommended check: Open the linked source, confirm whether it still applies to the current version, and keep the first run isolated.
• Evidence: downstream_validation.risk_items | github_repo:1192733106 | https://github.com/AgentsID-dev/agentsid | no_demo; severity=medium

5. Security or permission risk: no_demo

• Severity: medium
• Finding: no_demo
• User impact: The project may affect permissions, credentials, data exposure, or host boundaries.
• Recommended check: Open the linked source, confirm whether it still applies to the current version, and keep the first run isolated.
• Evidence: risks.scoring_risks | github_repo:1192733106 | https://github.com/AgentsID-dev/agentsid | no_demo; severity=medium

6. Maintenance risk: issue_or_pr_quality=unknown

• Severity: low
• Finding: issue_or_pr_quality=unknown。
• User impact: Users cannot judge support quality until recent activity, releases, and issue response are checked.
• Recommended check: Open the linked source, confirm whether it still applies to the current version, and keep the first run isolated.
• Evidence: evidence.maintainer_signals | github_repo:1192733106 | https://github.com/AgentsID-dev/agentsid | issue_or_pr_quality=unknown

7. Maintenance risk: release_recency=unknown

• Severity: low
• Finding: release_recency=unknown。
• User impact: Users cannot judge support quality until recent activity, releases, and issue response are checked.
• Recommended check: Open the linked source, confirm whether it still applies to the current version, and keep the first run isolated.
• Evidence: evidence.maintainer_signals | github_repo:1192733106 | https://github.com/AgentsID-dev/agentsid | release_recency=unknown

Community Discussion Evidence

Doramagic exposes project-level community discussion separately from official documentation. Review these links before using agentsid with real data or production workflows.

• Project risk needs validation - GitHub / issue