Agent Identity Protocol

v1.0.0Securitystable

Agent Identity Protocol - Zero-trust security layer for AI agents. Policy enforcement proxy for MCP with Human-in-the-Loop approval, DLP scanning, and audit logging.

agent-identity-protocolai-agentsai-safetycursor-idedlp
Share:
27
Stars
0
Downloads
0
Weekly
0/5

What is Agent Identity Protocol?

Agent Identity Protocol is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to agent identity protocol - zero-trust security layer for ai agents. policy enforcement proxy for mcp with human-in-the-loop approval, dlp scanning, and audit logging.

Agent Identity Protocol - Zero-trust security layer for AI agents. Policy enforcement proxy for MCP with Human-in-the-Loop approval, DLP scanning, and audit logging.

This server falls under the Security category on MCPgee, the world's largest MCP server directory with 33,000+ servers.

Features

  • Agent Identity Protocol - Zero-trust security layer for AI a

Use Cases

Zero-trust agent security
Policy enforcement
Audit logging
LicenseApache-2.0
Languagetypescript
Versionv1.0.0
UpdatedApr 18, 2026
Statushealthy
Maintenanceactive

Works with

ClaudeOpenAIwindowsmacoslinux

Installation

Manual Installation

npx agentidentityprotocol

Configuration

Configuration Details

Config File

claude_desktop_config.json

Performance

Response Metrics

Response Time< 200ms
ThroughputMedium

Resource Usage

Memory UsageLow
CPU UsageLow

How to Set Up and Use Agent Identity Protocol

Agent Identity Protocol (AIP) is a zero-trust security proxy that sits in front of any MCP server and enforces policy-based access control on every tool call. It supports tool allowlisting and denylisting, per-argument regex validation, human-in-the-loop approval workflows, Data Loss Prevention (DLP) scanning, and immutable JSONL audit logging. Developers and teams use it to ensure AI agents operate within clearly defined safety boundaries without modifying the underlying MCP server.

Prerequisites

  • Go runtime installed (the AIP binary is written in Go)
  • An existing MCP server to proxy (e.g., a Python or Node.js MCP server)
  • A YAML policy file describing allowed and blocked tools
  • An MCP client such as Claude Desktop or Cursor IDE
  • Basic familiarity with YAML configuration
1

Install the AIP binary

Download or install the Agent Identity Protocol CLI. The binary is named `aip` and is the main entry point for wrapping MCP servers.

# Install via Go toolchain
go install github.com/openagentidentityprotocol/agentidentityprotocol/cmd/aip@latest
2

Create a policy file

Write a YAML policy that specifies which tools are allowed, which require human approval, and which are permanently blocked. Also configure DLP patterns to prevent secrets from leaking.

# agent.yaml
apiVersion: aip.io/v1alpha1
kind: AgentPolicy
metadata:
  name: secure-agent
spec:
  mode: enforce
  allowed_tools:
    - read_file
    - list_directory
    - git_status
  tool_rules:
    - tool: write_file
      action: ask
    - tool: exec_command
      action: block
  dlp:
    patterns:
      - name: "AWS Key"
        regex: "AKIA[A-Z0-9]{16}"
3

Wrap your MCP server with AIP

Use the `aip` command to start your existing MCP server through the AIP proxy. All tool calls will now be intercepted and evaluated against the policy before being forwarded.

aip --target "python mcp_server.py" --policy ./agent.yaml
4

Generate client configuration

AIP can automatically generate the correct MCP client configuration for Cursor IDE or Claude Desktop so you point the client at the proxy rather than the raw server.

aip --generate-cursor-config --policy ./agent.yaml --target "npx @mcp/server"
5

Configure your MCP client to use the AIP proxy

Update your MCP client config to run the AIP proxy as the server command. The proxy handles all communication with the underlying MCP server transparently.

{
  "mcpServers": {
    "secure-agent": {
      "command": "aip",
      "args": ["--target", "python mcp_server.py", "--policy", "./agent.yaml"]
    }
  }
}
6

Review the audit log

AIP writes an immutable JSONL audit log of every tool invocation, its policy decision, and whether it was approved, blocked, or escalated to a human. Review this log to tune your policy.

# Audit log is written to ./aip-audit.jsonl by default
cat aip-audit.jsonl | jq .

Agent Identity Protocol Examples

Client configuration

Claude Desktop config that runs the AIP proxy in front of an existing MCP server with a local policy file.

{
  "mcpServers": {
    "secure-agent": {
      "command": "aip",
      "args": [
        "--target", "python mcp_server.py",
        "--policy", "/path/to/agent.yaml"
      ]
    }
  }
}

Prompts to try

These prompts exercise the policy enforcement layer — allowed actions succeed while blocked or approval-required actions trigger AIP's control flow.

- "List the files in the current directory"
- "Read the contents of config.yaml"
- "Write a new file called output.txt with the summary"
- "Execute the deployment script deploy.sh"

Troubleshooting Agent Identity Protocol

Tool call returns 'Permission Denied: Tool is not allowed by policy'

Add the tool name to the `allowed_tools` list in your YAML policy file, or change its `action` from `block` to `ask` if you want human-in-the-loop approval instead.

DLP scanner is blocking legitimate tool responses

Review the `dlp.patterns` section in your policy file and narrow the regex patterns to avoid false positives. You can disable specific patterns by removing them or reducing their scope.

AIP binary not found after installation

Ensure your Go bin directory is on your PATH. Run `export PATH=$PATH:$(go env GOPATH)/bin` and add it to your shell profile (~/.zshrc or ~/.bashrc).

Frequently Asked Questions about Agent Identity Protocol

What is Agent Identity Protocol?

Agent Identity Protocol is a Model Context Protocol (MCP) server that agent identity protocol - zero-trust security layer for ai agents. policy enforcement proxy for mcp with human-in-the-loop approval, dlp scanning, and audit logging. It connects AI assistants to external tools and data sources through a standardized interface.

How do I install Agent Identity Protocol?

Follow the installation instructions on the Agent Identity Protocol GitHub repository. Clone the repo, install dependencies, and add the server config to your AI client.

Which AI clients work with Agent Identity Protocol?

Agent Identity Protocol works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.

Is Agent Identity Protocol free to use?

Yes, Agent Identity Protocol is open source and available under the Apache-2.0 license. You can use it freely in both personal and commercial projects.

Agent Identity Protocol Alternatives — Similar Security Servers

Looking for alternatives to Agent Identity Protocol? Here are other popular security servers you can use with Claude, Cursor, and VS Code.

Casdoor

13.6k

An open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD

ghidraMCP

9.0k

An Model Context Protocol server that enables LLMs to autonomously reverse engineer applications by exposing Ghidra's decompilation and analysis tools. It allows AI agents to list code structures, rename methods, and analyze binaries directly through

HexStrike AI

8.9k

HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly b

IDA Pro MCP

8.7k

Enables AI-assisted reverse engineering in IDA Pro by providing tools to analyze binaries, decompile functions, manage comments, search patterns, and interact with the IDA database through natural language.

Anthropic Cybersecurity Skills

6.6k

754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platform

Hooker

5.1k

🔥🔥 hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click SOCKS5 proxy setup, Frida JustTrustMe, and BoringSSL u

Browse More Security MCP Servers

Explore all security servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.

Quick Config Preview

{ "mcpServers": { "agentidentityprotocol": { "command": "npx", "args": ["-y", "agentidentityprotocol"] } } }

Add this to your claude_desktop_config.json or .cursor/mcp.json

Read the full setup guide →

Ready to use Agent Identity Protocol?

Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.

33,000+ ServersFree & Open SourceStep-by-Step Guides