The neutral, portable passport + verify + suspend rail for AI agents
๐ Website โข ๐ Docs โข ๐ Try Now โข ๐ฌ Support
graph TD
A[๐ค AI Agent] --> B[๐ณ Refund $1000]
A --> C[๐ Export 1M Rows]
A --> D[๐ Merge to Main]
A --> E[๐ Deploy to Prod]
B --> F[โ No Identity Check]
C --> F
D --> F
E --> F
F --> G[๐ฅ Security Incident]
G --> H[โฐ Hours to Detect]
H --> I[๐ฐ $10K+ in Damages]
style A fill:#ff6b6b
style F fill:#ff6b6b
style G fill:#ff6b6b
style I fill:#ff6b6b
Organizations are letting AI agents perform sensitive actions without proper identity verification or policy enforcement.
graph TD
A[๐ค AI Agent<br/>with Passport] --> B[๐ก๏ธ APort Verify]
B --> C{Policy Check}
C -->|โ
Allowed| D[โ
Action Proceeds]
C -->|โ Blocked| E[๐ซ Action Blocked]
F[๐ Policy Pack] --> B
G[โก Global Suspend] --> B
style A fill:#06b6d4,color:#ffffff
style B fill:#10b981,color:#ffffff
style D fill:#10b981,color:#ffffff
style E fill:#ef4444,color:#ffffff
style F fill:#8b5cf6,color:#ffffff
style G fill:#f59e0b,color:#ffffff
APort provides a neutral, portable identity and policy enforcement layer for AI agents across all platforms.
# Create a template passport via API
curl -X POST "https://api.aport.io/api/admin/create" \
-H "Content-Type: application/json" \
-H "Authorization: Bearer YOUR_ADMIN_API_KEY" \
-d '{
"name": "HappyRefunds Bot",
"role": "Support Refunds",
"description": "Refund helper for customer support",
"capabilities": [{"id": "payments.refund", "params": {}}],
"limits": {
"refund_usd_max_per_tx": 50,
"refund_usd_daily_cap": 200
},
"regions": ["US", "CA"],
"contact": "team@aport.io",
"links": {
"homepage": "https://aport.io",
"repo": "https://github.com/aporthq/agent-passport"
},
"kind": "template",
"controller_type": "org",
"status": "active"
}'# .github/workflows/aport-verify.yml
name: APort Verify PR
on: [pull_request]
jobs:
verify:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: aporthq/policy-verify-action@v1
with:
agent-id: ${{ secrets.APORT_AGENT_ID }}
policy-pack: 'repo.v1'// Express.js with Policy Pack middleware
const { requirePolicy } = require("@aport/middleware-express");
// Apply policy enforcement to refunds endpoint
app.post("/api/refunds",
requirePolicy("refunds.v1", "agt_inst_xyz789"),
async (req, res) => {
// Your business logic - policy already verified!
const refund = await processRefund(req.body);
res.json({ success: true, refund });
}
);| ๐ท๏ธ Feature | ๐ Description | ๐ฏ Use Case |
|---|---|---|
| ๐ Agent Identity | Portable passports with capabilities & limits | Know who your agents are |
| ๐ Policy Packs | Pre-built policies for common actions | Enforce business rules |
| โก Real-time Verify | Sub-100ms policy checks | Block bad actions instantly |
| ๐จ Global Suspend | Kill switch across all platforms | Stop incidents in seconds |
| ๐ Multi-level Assurance | Email, GitHub, Domain verification | Trust but verify |
| ๐ Audit Trail | Complete action history | Compliance & debugging |
graph LR
A[๐ก๏ธ APort Core] --> B[๐ณ Payments]
A --> C[๐ Data Export]
A --> D[๐ Git Operations]
A --> E[๐ CI/CD]
A --> F[๐ฌ Messaging]
B --> B1[Stripe<br/>PayPal<br/>Square]
C --> C1[Segment<br/>Fivetran<br/>Snowflake]
D --> D1[GitHub<br/>GitLab<br/>Bitbucket]
E --> E1[GitHub Actions<br/>Jenkins<br/>CircleCI]
F --> F1[Slack<br/>Teams<br/>Discord]
style A fill:#06b6d4,color:#ffffff
style B fill:#10b981,color:#ffffff
style C fill:#f59e0b,color:#ffffff
style D fill:#8b5cf6,color:#ffffff
style E fill:#ef4444,color:#ffffff
style F fill:#06b6d4,color:#ffffff
{
"policy": "refunds.v1",
"limits": {
"max_refund_per_tx": 1000,
"max_refunds_per_day": 10,
"allowed_currencies": ["USD", "EUR"]
}
}{
"policy": "data_export.v1",
"limits": {
"max_rows_per_export": 100000,
"allow_pii": false,
"allowed_datasets": ["users", "orders"]
}
}{
"policy": "repo.v1",
"limits": {
"max_prs_per_day": 5,
"allowed_repos": ["owner/repo1"],
"require_review": true
}
}// Express.js with Policy Pack middleware
const { requirePolicy } = require("@aport/middleware-express");
app.post("/api/refunds",
requirePolicy("refunds.v1", "agt_inst_xyz789"),
async (req, res) => {
// Policy already verified! Check specific limits
const passport = req.policyResult.passport;
if (req.body.amount > passport.limits.refund_usd_max_per_tx) {
return res.status(403).json({
error: "Refund exceeds limit",
requested: req.body.amount,
limit: passport.limits.refund_usd_max_per_tx
});
}
// Process refund safely
const refund = await stripe.refunds.create({
amount: req.body.amount,
payment_intent: req.body.payment_intent
});
res.json({ success: true, refund });
}
);# .github/workflows/aport-verify.yml
name: APort Verify PR
on: [pull_request]
jobs:
verify:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Verify via APort
run: |
BODY=$(jq -n \
--arg agent_id "$APORT_AGENT_ID" \
--arg repo "$GITHUB_REPOSITORY" \
--arg base "${{ github.event.pull_request.base.ref }}" \
--arg head "${{ github.event.pull_request.head.ref }}" \
--argjson files_changed "${{ steps.changed-files.outputs.files }}" \
'{
agent_id: $agent_id,
context: {
repo: $repo,
base: $base,
head: $head,
files_changed: $files_changed,
author: "${{ github.event.pull_request.user.login }}"
}
}')
curl -s -X POST "https://api.aport.io/api/verify/policy/repo.v1" \
-H "Content-Type: application/json" \
-d "$BODY" | tee result.json
env:
APORT_AGENT_ID: ${{ secrets.APORT_AGENT_ID }}// FastAPI with Policy Pack middleware
from fastapi import FastAPI, Request
from aport.middleware import require_policy
@app.post("/api/data/export")
@require_policy("data_export.v1", "agt_inst_xyz789")
async def export_data(request: Request, export_data: dict):
passport = request.state.policy_result.passport
# Check PII permission
if export_data.get("include_pii") and not passport.limits.allow_pii:
raise HTTPException(403, {
"error": "PII export not allowed",
"agent_id": passport.agent_id,
"upgrade_instructions": "Request PII export capability from your administrator"
})
# Check row limit
if export_data["rows"] > passport.limits.max_rows_per_export:
raise HTTPException(403, {
"error": "Export exceeds row limit",
"requested": export_data["rows"],
"limit": passport.limits.max_rows_per_export
})
# Process export safely
return {"success": True, "export_id": f"exp_{int(time.time())}"}| Metric | Target | Actual |
|---|---|---|
| โก Verify Latency | <100ms p95 | ~50ms p95 |
| ๐จ Suspend Time | <30s global | ~15s global |
| ๐ Uptime | 99.9% | 99.99% |
| ๐ Throughput | 10k req/s | 50k+ req/s |
graph TD
A[๐ค Current State] --> B[โ Custom Solutions]
A --> C[โ Platform Lock-in]
A --> D[โ No Global Control]
E[โจ With APort] --> F[โ
Standardized]
E --> G[โ
Portable]
E --> H[โ
Global Suspend]
B --> I[๐ฐ High Cost]
C --> I
D --> I
F --> J[๐ฐ Lower Cost]
G --> J
H --> J
style A fill:#ef4444,color:#ffffff
style E fill:#10b981,color:#ffffff
style I fill:#ef4444,color:#ffffff
style J fill:#10b981,color:#ffffff
- Works across all platforms
- No vendor lock-in
- Open standards
- Sub-100ms policy checks
- Global suspend in seconds
- Edge-deployed for speed
- Multi-level assurance
- Complete audit trails
- Compliance built-in
- Simple APIs
- Rich SDKs
- GitHub Actions ready
Create and manage AI agent passports with capabilities and limits
# Issue a template passport
curl -X POST "https://api.aport.io/api/admin/create" \
-H "Authorization: Bearer YOUR_ADMIN_API_KEY" \
-d '{
"name": "HappyRefunds Bot",
"role": "Support Refunds",
"capabilities": [{"id": "payments.refund", "params": {}}],
"limits": {"refund_usd_max_per_tx": 50}
}'Integrate APort middleware to protect sensitive operations
// Express.js middleware
const { requirePolicy } = require("@aport/middleware-express");
app.post("/api/refunds",
requirePolicy("refunds.v1", "agt_inst_xyz789"),
async (req, res) => {
// Policy already verified!
res.json({ success: true, refund: await processRefund(req.body) });
}
);Add GitHub Actions for automated policy verification
# .github/workflows/aport-verify.yml
name: APort Verify PR
on: [pull_request]
jobs:
verify:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: aporthq/policy-verify-action@v1
with:
agent-id: ${{ secrets.APORT_AGENT_ID }}
policy-pack: 'repo.v1'Mint instance passports for each tenant installation
# Mint instance passport on tenant install
curl -X POST "https://api.aport.io/api/passports/agt_tmpl_abc123/instances" \
-H "Authorization: Bearer YOUR_PLATFORM_API_KEY" \
-d '{
"platform_id": "gorgias",
"controller_id": "org_acme",
"tenant_ref": "store_987",
"overrides": {"limits": {"refund_usd_max_per_tx": 50}}
}'
- ๐ Documentation - Complete guides and API reference
- ๐ฎ Playground - Try APort in your browser
- ๐บ Video Tutorials - Step-by-step guides
- ๐ก Examples - Real-world implementations
- ๐ Report Issues - Help us improve
We love contributions! Whether it's:
- ๐ Bug fixes
- โจ New features
- ๐ Documentation
- ๐จ Design improvements
- ๐งช Tests
Check out our Contributing Guide to get started.
This project is licensed under the MIT License - see the LICENSE file for details.
๐ก๏ธ Secure your AI agents. Trust but verify.
Made with โค๏ธ by the APort team