AgentTrust ID Feature Status
This page lists what the repository currently implements and what should not be claimed yet. It is intentionally code-backed and avoids production-readiness, fixed latency, fixed cost, and certification claims.
Implemented Runtime Capabilities
| Capability | Status | Code reference |
|---|---|---|
| Agent registry | Implemented: org-scoped agent records, framework/capability metadata, public-key metadata, status changes | internal/identity/ |
| Opaque agent tokens | Implemented: at_ token issue/introspect/revoke path, hash-only Redis storage, server-side validation | internal/tokens/opaque.go, internal/tokens/handler.go |
| API keys | Implemented: API-key validation, pepper-aware hashing, org context propagation | internal/apikeys/ |
| Sessions | Implemented: Redis-backed state, scope ceilings, approval/elevation state, expiry/cleanup paths | internal/agenttrust/session.go, internal/sessions/ |
| Unified action checks | Implemented: effect classification, session checks, anomaly checks, approval gate, Guardian routing | internal/agenttrust/check.go |
| Approvals/elevation | Implemented: pending/approved/denied/expired approval lifecycle, max five-minute elevation | internal/agenttrust/approval.go |
| MCP mediation | Implemented: MCP proxy and sampling guard route mediated requests through AgentTrust ID checks | internal/mcp/ |
| A2A mediation | Implemented: JSON-RPC task server plus adapter/delegation paths | internal/a2a/ |
| API session bridge | Implemented: verified JWT claims can initialize local AgentTrust ID sessions | internal/agenttrust/api_adapter.go |
| Federation bridge | Implemented: server-side federation token verification and local session initialization | internal/federation/ |
| Audit logging | Implemented: event ingestion/query, compliance summary support, audit-chain/integrity tests | internal/audit/, internal/integrity/ |
| Notifications/alerts | Implemented service surface for alert rules and delivery paths | internal/notifications/ |
| Dashboard | Implemented operator UI; split into the dashboard repo during public migration | dashboard/ |
Guardian pipeline & integration surfaces
The Guardian pipeline (Fast / Spot / Deep, risk-tier based, not a fixed percentage split) and the three integration surfaces (MCP, A2A, Direct API) routed through the UnifiedChecker are documented on the Architecture page.
This page does not claim “90% Fast / 8% Spot / 2% Deep”, fixed p95 latency, fixed per-decision cost, or a scikit-learn-based Spot Guard.
SDK Surface
The Python, TypeScript, Go, Java, and Rust SDKs expose the same core areas: agents, opaque tokens, actions/checks, sessions, approvals, delegations, federation, and integration helpers where language-appropriate.
Package coordinates are:
| Language | Install coordinate |
|---|---|
| Python | pip install agenttrustid |
| TypeScript | npm install @agenttrustid/sdk |
| Go | go get github.com/agenttrustid/sdk/go@v0.3.0 |
| Rust | cargo add agenttrustid |
| Java | id.agenttrust:agenttrustid:0.3.0 |
Current status
AgentTrust ID is in controlled beta - a runtime authorization platform for AI agents with code-backed support for opaque tokens, per-action evaluation, session-scoped authorization, approval gates, instant revocation, audit trails, MCP / A2A / API / federation mediation, and five SDKs.