Agent Identity & Trust Protocol
Agents are starting to act on each other's behalf — across companies, clouds, and trust boundaries. The missing piece is knowing who you're talking to, and what they're allowed to do. AITP is the open protocol that lets two autonomous agents establish mutual trust — with no shared verifier in between.
Capability is everywhere. Trust is missing.
When an agent calls another agent across an organizational boundary, today's answer is a shared API key, an OAuth client someone provisioned by hand, or a centralized broker both sides have to trust. None of that tells Agent A that Agent B is who it claims to be, that the message it sent was actually signed by it, or exactly which capabilities it has been granted — and for how long.
“Trust is bilateral and earned per peer. There is no shared root, no central authority — only two agents, each cryptographically proving who they are, and each issuing the other exactly the authority it's willing to grant.”
— the core model from RFC-AITP-0001AITP doesn't define what your agents do or how they reason — that's your application. What it defines is the handshake that turns two strangers into trusted peers, and the tokens that make every grant explicit, scoped, and verifiable.
Every agent has a self-certifying Agent Identifier (AID) bound to its public key, published in a signed Manifest. No registrar, no shared namespace — identity you can verify from first principles.
A four-message Mutual Handshake where each peer proves possession of its key and states what it will grant. Bidirectional, audience-bound, and replay-resistant — no third party in the trust path.
The handshake yields a pair of signed Trust Context Tokens — each audience-bound, capability-scoped, and time-limited. Delegatable, revocable, and verifiable offline against the peer that issued them.
The web solved this for servers with TLS and certificates. AITP solves it for agents with verifiable identity, a mutual handshake, and scoped, delegatable trust.
What AITP Is Made Of
Two agents, each with a verifiable identity, run a mutual handshake and walk away holding a pair of Trust Context Tokens.
- 1
mutual_helloA → BIdentity + nonce + requested grants - 2
mutual_helloB → AIdentity + nonce + requested grants - 3
mutual_commitA → BProof of possession + issued TCT - 4
mutual_commitB → AProof of possession + issued TCT
Trust as a first-class primitive
As agents start acting across organizational boundaries, identity and authorization become the bottleneck. AITP makes both verifiable.
Self-Certifying Identity
Agent Identifiers (AIDs) bind an agent to its public key and are published in signed Manifests — verifiable without a central registry.
Learn more →Mutual Handshake
A four-message exchange where both peers prove key possession and commit grants — bidirectional trust with no shared verifier.
Learn more →Trust Context Tokens
Signed, audience-bound, capability-scoped, time-limited tokens. Every grant is explicit and verifiable offline against its issuer.
Learn more →Scoped Delegation
Pass on a strict subset of authority to a third agent — single-hop or multi-hop — with each step attenuating, never amplifying, the grant.
Learn more →Revocation & Key Resolution
Resolve a peer’s keys from its manifest, and pull signed revocation lists so a compromised token or key stops being honored.
Learn more →Open Standard
Thirteen RFCs, a conformance suite, and a Rust reference implementation with Python and Node bindings. Apache 2.0, community-governed.
Learn more →Explore the Ecosystem
Everything you need to understand, build with, and operate agent-to-agent trust — from specification to production.
Learn the protocol
Understand how AITP works before you write a line of code.
Documentation
Architecture, discovery, the mutual handshake, Trust Context Tokens, the threat model, and integration guides.
Specification
Thirteen RFCs defining core, identity, manifests, the handshake, TCTs, delegation, key resolution, revocation, and security.
Registry
Canonical identity types, capabilities, media types, error codes, and extension keys that interoperating agents share.
See it in motion
Walkthroughs and a live playground showing the handshake end-to-end.
Build with AITP
SDKs, the reference implementation, and a control plane for production.
SDKs
Python (aitp-py) and Node.js (aitp-node) bindings with envelope signing, manifests, and the handshake built in.
Implementation
aitp-rs — the Rust reference implementation. Core types, JCS, Ed25519 envelopes, HTTP transport, 44/44 conformance.
Control Plane
Agent registry, audit log, revocation serving, and webhook fan-out — observing and auditing without sitting in the trust path.
Contribute
Explore the source, file issues, and help shape the protocol.
Watch two agents build trust
See the handshake happen end-to-end with real LLM-powered agents — intra-org, cross-org, and cross-cloud — then inspect every envelope, token, and revocation as it flows.
Open the hosted console
LiveA unified control panel for AITP deployments — launch scenarios, watch handshakes and delegations resolve in real time, browse the registry, and audit trust events across the ecosystem.
Open ConsoleRun the playground locally
FastAPI · CrewAI · LangChain · LangGraph
Spin up scenario packs that drive the full AITP handshake between real agents, with live event streams. All protocol logic comes from the SDK — the playground just orchestrates the peers.
Playground Guide