HackerNews中文版HackerNews CN
GitHubTwitter

展示HN:Agent Passport – 类似OAuth的AI代理身份验证

2作者: samerismail3 个月前原帖
嗨,HN, 我开发了Agent Passport,这是一个开源的AI代理身份验证层。可以理解为“用Google登录,但针对代理”。 问题是:AI代理现在无处不在(OpenClaw在GitHub上有超过18万颗星,Moltbook有230万个代理账户),但代理没有标准的身份验证方式。恶意代理可以冒充他人,而技能/插件市场也没有身份验证层。思科的安全团队已经发现第三方代理技能中存在数据泄露。 Agent Passport通过以下方式解决了这个问题: - Ed25519挑战-响应认证(私钥从不离开代理) - JWT身份令牌(60分钟有效期,可撤销) - 风险引擎为代理评分0-100(允许/限流/阻止) - 应用程序的一行验证:`const result = await passport.verify(token)` 它是完全开源的(MIT许可证),可以在免费层运行(每月$0),并且有发布的npm SDK。 GitHub: [https://github.com/zerobase-labs/agent-passport](https://github.com/zerobase-labs/agent-passport) 文档: [https://github.com/zerobase-labs/agent-passport/blob/main/docs/INTEGRATION.md](https://github.com/zerobase-labs/agent-passport/blob/main/docs/INTEGRATION.md) 在线演示: [https://agent-passport.vercel.app](https://agent-passport.vercel.app) 之所以构建这个,是因为我在每个代理平台上都看到同样的安全漏洞。很高兴回答有关架构或代理身份问题的一般性问题。
查看原文
Hi HN,<p>I built Agent Passport, an open-source identity verification layer for AI agents. Think &quot;Sign in with Google, but for Agents.&quot;<p>The problem: AI agents are everywhere now (OpenClaw has 180K+ GitHub stars, Moltbook had 2.3M agent accounts), but there&#x27;s no standard way for agents to prove their identity. Malicious agents can impersonate others, and skill&#x2F;plugin marketplaces have no auth layer. Cisco&#x27;s security team already found data exfiltration in third-party agent skills.<p>Agent Passport solves this with: - Ed25519 challenge-response authentication (private keys never leave the agent) - JWT identity tokens (60-min TTL, revocable) - Risk engine that scores agents 0-100 (allow&#x2F;throttle&#x2F;block) - One-line verification for apps: `const result = await passport.verify(token)`<p>It&#x27;s fully open source (MIT), runs on free tiers ($0&#x2F;month), and has a published npm SDK.<p>GitHub: <a href="https:&#x2F;&#x2F;github.com&#x2F;zerobase-labs&#x2F;agent-passport" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;zerobase-labs&#x2F;agent-passport</a> Docs: <a href="https:&#x2F;&#x2F;github.com&#x2F;zerobase-labs&#x2F;agent-passport&#x2F;blob&#x2F;main&#x2F;docs&#x2F;INTEGRATION.md" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;zerobase-labs&#x2F;agent-passport&#x2F;blob&#x2F;main&#x2F;do...</a> Live demo: <a href="https:&#x2F;&#x2F;agent-passport.vercel.app" rel="nofollow">https:&#x2F;&#x2F;agent-passport.vercel.app</a><p>Built this because I kept seeing the same security gap in every agent platform. Happy to answer questions about the architecture or the agent identity problem in general.