Open protocol · Apache-2.0 SDKs

Airlock Protocol

The open verification layer for AI agents: cryptographic identity, scoped delegation with cascade revocation, an advisory reputation signal, and tamper-evident audit. The deterministic enforcement on the homepage is built on these primitives.

Four primitives. One verdict.

Identity and delegation are cryptographic and load-bearing. Reputation is an advisory signal. Audit makes all of it provable.

Identity

Cryptographic Identity

Ed25519 over a W3C did:key, dual-mode: a raw signature, or an OAuth 2.1 / OIDC bearer token via private_key_jwt (RFC 7523). This half needs no trust in Airlock — the signatures verify on their own math.

Delegation

Scoped Delegation

RFC 8693 Token Exchange with nested act claims and scope narrowing. Plus cascade revocation: revoke a principal and every token it delegated, transitively, dies with it.

Reputation

Advisory Reputation

A four-tier behavioral score with per-tier decay — a signal a relying party can weight or ignore, like a CAEP risk signal. Never the root of trust; identity and delegation stay load-bearing.

Audit

Tamper-Evident Audit

Every verification, pass or fail, is written to a hash-chained trail — each record carries the hash of the previous one. Alter history and the chain breaks. The record that survives a compliance review.

Five phases

Phase 1
Resolve
Look up the agent profile, capabilities, and public keys
Phase 2
Handshake
Submit a signed request with credential and intent
Phase 3
Identify
Verify via Ed25519 signature or OAuth 2.1 bearer token
Phase 4
Verdict
Weigh identity, delegation scope, and the risk signal
Phase 5
Seal
Issue a signed attestation and OAuth 2.1 access token

No new trust roots invented

Ed25519 OAuth 2.1 OpenID Connect W3C DID RFC 8693 Verifiable Credentials
pip install airlock-protocol

Enforcement is built on top

The product gates every agent tool call against a policy, using this verified identity as its decision input — and writes every allow and deny into the same tamper-evident audit trail.

See it in action →