AIP Gateway

Drop-in policy proxy that adds verifiable delegation to MCP and A2A without rewriting your agents.

Before:  Agent --> MCP Server
After:   Agent --> AIP Gateway --> MCP Server

Quick Start

pip install aip-gateway
aip-gateway serve --policy policy.yaml

Or with Docker:

docker run -v ./policy.yaml:/etc/aip-gateway/policy.yaml -p 8090:8090 sunilp/aip-gateway

What It Does

The gateway sits between your agents and MCP servers. Every request is verified:

Token verification -- Ed25519 signature check against trusted keys
Policy evaluation -- agent scope, delegation depth, budget limits, workflow rules
Header injection -- upstream gets verified caller identity (no SDK needed)
Audit logging -- every allow/deny decision in JSONL

Policy File

gateway:
  upstream: http://localhost:8080
  port: 8090

trust_keys:
  - z6MkYourTrustKeyHere...

agents:
  credit-scorer:
    identity: "aip:key:ed25519:zScorer..."
    can_delegate:
      - tool:check_credit
    max_depth: 0

rules:
  - action: tool:approve_loan
    requires:
      - tool:check_credit
      - tool:assess_risk
    deny_if:
      - same_actor: [credit-scorer, loan-approver]

Demo: Loan Origination

cd examples/loan_origination
python run_demo.py

Four scenarios showing scope enforcement, prerequisite checking, and maker-checker separation:

Scenario 1: Valid chain          -> ALLOW (proper segregation of duties)
Scenario 2: Scope violation      -> DENY  (scorer cannot approve loans)
Scenario 3: Missing prerequisite -> DENY  (no approval without due diligence)
Scenario 4: Same-actor           -> DENY  (maker-checker separation enforced)

AIP prevents an AI agent from turning credit scoring authority into loan approval authority.

Upstream Header Enrichment

After verification, the gateway injects identity headers into forwarded requests:

X-AIP-Verified: true
X-AIP-Issuer: aip:key:ed25519:zOrchestrator...
X-AIP-Subject: aip:key:ed25519:zScorer...
X-AIP-Scope: tool:check_credit
X-AIP-Depth: 1

Your MCP server reads these without any AIP SDK dependency.

CLI

aip-gateway serve --policy policy.yaml     # Start the proxy
aip-gateway validate --policy policy.yaml  # Check policy syntax
aip-gateway version                        # Show version

Protocol

Paper: arXiv:2603.24775
IETF: draft-prakash-aip-00
Spec: sunilprakash.com/aip/
TypeScript SDK: @aip-sdk on npm
Python SDK: agent-identity-protocol on PyPI

License

Apache 2.0

Name		Name	Last commit message	Last commit date
Latest commit History 9 Commits
aip_gateway		aip_gateway
examples		examples
tests		tests
.gitignore		.gitignore
CHANGELOG.md		CHANGELOG.md
Dockerfile		Dockerfile
LICENSE		LICENSE
README.md		README.md
docker-compose.yaml		docker-compose.yaml
pyproject.toml		pyproject.toml

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

AIP Gateway

Quick Start

What It Does

Policy File

Demo: Loan Origination

Upstream Header Enrichment

CLI

Protocol

License

About

Uh oh!

Releases

Packages

Uh oh!

Contributors

Uh oh!

Languages

Folders and files

Latest commit

History

Repository files navigation

AIP Gateway

Quick Start

What It Does

Policy File

Demo: Loan Origination

Upstream Header Enrichment

CLI

Protocol

License

About

Topics

Resources

License

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Contributors

Uh oh!

Languages

Packages