AEOESS
ContactGet Started
Protocol Live·Apache-2.0·installs
Agent Passport System

The governance
layer for AI agents.

Cryptographic identity, scoped delegation, and signed receipts.
Built for the four jobs your agents already do.

How it works

One protocol, two sides of the audit.

Identity proves who delegated. Delegation proves what they authorized. Every action the agent takes is signed against both, and the receipt your auditor reads is verifiable without us.

Principalhuman / orgPassportidentityDelegationscope · spend · sunsetAgentacts on your behalfGatewaypolicy enforcementReceiptsigned auditIDENTITY PATHDELEGATION PATH
Solutions

Four jobs your agents already do.

Pick the one closest to your team. Each Solutions page goes deeper into rails, primitives, and integration shape.

fintech

Payments

Let agents spend money under cryptographic limits.

Six rails, a four-gate spending policy, signed payment receipts. Every transaction carries the delegation that authorized it.

Explore Payments
publishers

Content

License your content to AI without losing control.

Governance blocks, signed access receipts, and revocation that propagates through derivatives. Your terms travel with the bytes.

Explore Content
regulated industries and EU operators

Compliance

Prove every agent action under your regulator.

Eight governance primitives mapped to EU AI Act, NIST AI RMF, ISO 42001, and SR 11-7. Auditors verify receipts without going through us.

Explore Compliance
internal agent fleets and platform teams

Enterprise

Run internal agent fleets with full audit.

Bring your own identity formats: did:key, did:web, SPIFFE, OAuth. Policy enforcement at action time, signed audit trail by default.

Explore Enterprise
Why aeoess

Three things to know.

01

Identity that travels.

Agents carry verifiable identity across systems. Use existing formats, did:web, OAuth, SPIFFE, or our native passport. No vendor lock-in.

02

Policy enforced, not promised.

Delegation, scope, spend limits, sunset. All signed and verified at action time. The agent cannot exceed what its delegation authorizes.

03

Audit by default.

Every action produces a signed receipt. Every receipt is verifiable by your auditor without going through us. Open spec, open code.

Recognized by
Cited in
University of British Columbia paper on Personal Data Repositories
Integration
Microsoft Agent Toolkit, PR in review
Federal
NIST NCCoE concept paper submitted
Ecosystem
Active integrations with peer protocols
Open source

OPEN PROTOCOL

A passport system for agents should belong to the world they move through.

APS is public infrastructure for agent identity, delegation, enforcement, and receipts. Read the spec. Run the gateway. Verify the chain.

No black boxes. No lock-in. No "trust us."

@aeoessApache-2.0 · 8 papers · draft-pidlisnyi-aps-00 (IETF)

Ready to govern your agents?

Architecture

Identity, delegation, action, receipt.

The protocol pairs identity with delegation. Each action signs against both. The receipt is verifiable by any auditor without going through aeoess.