Skip to main content
AIDiveForge AIDiveForge
Visit Agent Passport

Get This Tool

License: MIT Any use incl. commercial
Local-run terms: MIT license permits commercial use, modification, and distribution with attribution.

Share This Tool

Compare This Tool
📋 Embed this tool on your site

Copy this code to embed a compact tool card:

Agent Passport

FreeOpen SourceAPISelf-Hosted

Pricing

Model
Free

Summary

Your agents have two access states: full account access or nothing — and when something goes wrong, there's no log of what they actually did or why.

Agent Passport is an open-source authorization layer that sits between your agents and the actions they take. You issue a scoped passport — specific permissions, a spend cap, a time window — then every action checks against it before executing. Denied calls are logged alongside allowed ones, so you have a record either way. Delegation chains shrink permissions as they pass down to sub-agents; a child passport cannot exceed what the parent granted. Revocation cascades instantly across the whole chain, so you're not hunting down API keys across six services.

Bottom line: Pick this when you need spend limits and a signed audit trail before your LangChain or CrewAI agents touch production systems — but if your compliance requirement calls for a managed audit store with access controls rather than a self-hosted SQLite file, you'll need to build that layer yourself.

Community Performance Report Card

No community ratings yet. Be the first to rate this tool!

Best For: Production AI agent deployments needing controls, Teams requiring audit trails for compliance, Multi-agent systems with delegation, Applications integrating with LangChain or CrewAI

Community Benchmarks Community

No community benchmarks yet. Be the first to share a real-world data point.

  • Scoped permissions per agent per task, so a booking bot that needs calendar access cannot also charge a payment method — even if the underlying account credentials would allow it.
  • Server-side spend tracking with hard caps, which means agents cannot silently drain API budgets between monitoring checks — the deny fires at the limit, not after the bill arrives.
  • Instant cascade revocation across delegation chains, so cutting off a parent passport stops all child agents immediately without rotating keys across every downstream integration.
  • Every authorize() call is logged whether allowed or denied, so when an auditor asks what your agent attempted at 14:23:08, you have a signed record — not a gap.
  • Purpose-built packages for LangChain, CrewAI, Express, Fastify, and MCP, so wrapping existing agent tools does not require rewriting call patterns from scratch.
  • The audit store is SQLite. A single-file database works for a single server and moderate throughput — teams running multiple agent instances or high-frequency authorize() calls will hit write contention and need to either replace the persistence layer or front it with a queue, at which point they are maintaining infrastructure the tool does not provide.
  • There is no managed cloud option; every component is self-hosted. Teams that need a SOC 2-audited, access-controlled audit log with role-based visibility into the dashboard will build that controls layer themselves — and teams whose security policy prohibits self-managed audit storage will move to a vendor that offers it.
  • Delegation only constrains permissions downward — it does not add them. If your agent graph needs a sub-agent to acquire permissions the parent was not issued, you reissue from the top, which means any workflow that dynamically expands scope mid-run requires a round-trip to the issuing authority rather than a local escalation path.

Community Reviews

No reviews yet. Be the first to share your experience.

About

Platforms
Node.js, self-hosted
API Available
Yes
Self-Hosted
Yes
Last Updated
2026-07-01T02:17:17.656Z

Best For

Who it's for

  • Production AI agent deployments needing controls
  • Teams requiring audit trails for compliance
  • Multi-agent systems with delegation
  • Applications integrating with LangChain or CrewAI

What it does well

  • Limit agent spend on APIs or services
  • Scope agent permissions to specific tools or actions
  • Audit every agent action with signed logs
  • Delegate tasks to sub-agents with reduced privileges
  • Instantly revoke access across agent chains

Integrations

MCPExpressFastifyLangChainCrewAIA2A

Discussion Community

No discussion yet. Sign in to start the conversation.

Compare Agent Passport

Spotted incorrect or missing data? Join our community of contributors.

Sign Up to Contribute

Community Notes & Tips Community

Be the first to contribute. General notes, observations, gotchas, and tips from people who use this tool day-to-day.

Frequently Asked Questions

Is Agent Passport free?
Yes — Agent Passport is fully free to use. There is no paid tier.
Is Agent Passport open source?
Yes. Agent Passport is open source.
Does Agent Passport have an API?
Yes. Agent Passport exposes a developer API. See the official documentation at https://agent-passport-red.vercel.app for details.
Can I self-host Agent Passport?
Yes. Agent Passport supports self-hosting on your own infrastructure.
What platforms does Agent Passport support?
Agent Passport is available on: Node.js, self-hosted.

Hours Saved & ROI Stories Community

Be the first to contribute. Concrete time/cost savings, with context. e.g. "Cut my code review backlog from 4h to 45m per week."

Agent Passport

Most agent stacks treat authorization as an afterthought: identity tells you who the agent is, but nothing enforces what it can do, how much it can spend, or when to cut it off. Agent Passport fills that gap with three API calls — issue, authorize, delegate. You issue a signed passport scoped to a specific agent, action set, budget cap, and time-to-live. Every subsequent action calls authorize() before executing; the result is either allowed or denied, and both outcomes are logged. When an agent needs to hand off work to a sub-agent, delegate() produces a narrower passport — permissions only shrink, never grow.

The audit trail is the differentiating feature for teams with compliance requirements. Every authorize() call is persisted in SQLite and queryable by passport ID, with the action, agent identity, timestamp, and denial reason all captured. The sample output in the docs shows denied calls like ‘payment:charge exceeds $500 budget’ and ‘database:drop permission not granted’ sitting in the same log as allowed ones — which means your audit record reflects what agents attempted, not just what succeeded.

The tool fits cleanly into stacks already using LangChain, CrewAI, Express, Fastify, or the Model Context Protocol, with purpose-built packages for each. The self-hosted server package runs a REST API with SQLite and a dashboard, and the MIT license means no vendor dependency. Where it shows its limits: the audit store is SQLite, so teams with high-volume agent workloads or multi-instance deployments will hit the ceiling of a single-file database and need to replace or wrap that layer. Teams whose compliance requirements mandate a managed, access-controlled audit log — not a local SQLite file — will find they’re maintaining infrastructure Agent Passport does not provide.

Installation is via npm (@passport-agent/sdk is the main entry point), and the vendor states the full API surface is three verbs. Eight packages cover the integration surface: core token and policy engine, SDK, middleware for Node.js frameworks, wrappers for LangChain and CrewAI, A2A Protocol extensions, MCP middleware, and the self-hosted authority server. The protocol spec is open, and the project is MIT licensed with source on GitHub.