The questions a developer asks first.

AEOESS makes every AI agent accountable. Every agent gets a cryptographic identity (Ed25519). Authority can only narrow, never expand. Trust is earned through performance. One API call revokes all downstream access.

Most frameworks handle orchestration. AEOESS handles enforcement: what can this agent do, and what happens when it violates a constraint? Bring your own identity. The gateway is both judge and executor. Works with any framework.

110 modules across SDK, MCP, and Python implementations. 2,884 tests. Eight published papers in the federal record. An IETF Internet-Draft. Independently cited by PDR in Production (UBC). 25 vocab crosswalks.

A human delegates authority to an agent with explicit scope: tools, money, services. The agent can sub-delegate, but authority can only narrow, never expand. Revoke the root and everything downstream dies instantly.

Cascade revocation. Delegation chains form a tree. Revoke any node and every downstream delegation dies instantly. The gateway enforces this at the boundary, so revoked agents can't sneak through on cached credentials.

Bring your own: did:key, did:web, SPIFFE SVID, OAuth. Cross-language: signatures round-trip TS ↔ Python byte-identically across 27 fixtures.

The protocol and SDK are free and open source (Apache-2.0). Always will be. The hosted enforcement gateway has a free plan (3 agents, 1K evals), Production $299/mo, Enterprise custom.

Yes. The gateway image is published. You own your keys, your audit log, and your enforcement decisions. The hosted version exists for convenience, not lock-in.

Microsoft Agent Toolkit (PR in review). MolTrust co-edits the spec. Edison Munoz Duran contributed the Agent-DID crosswalk. UBC PDR in Production cites the Bayesian model. Federal agency review underway.

GitHub issues, vocab PRs, conformance fixtures. The agent-governance-spec org is the cross-vendor home; aeoess/agent-passport-system is the reference SDK.