DEV Community

Cover image for Passport – issue revocable, Secure Enclave-signed permissions to AI agents
One Man Fleet
One Man Fleet

Posted on

Passport – issue revocable, Secure Enclave-signed permissions to AI agents

I built Passport, a free iOS/macOS app that lets a human issue signed, scoped, time-bounded credentials to AI agents — and revoke them instantly.

The problem: when an agent acts on your behalf (books, buys, emails), the receiving service can't tell whether a human authorized that specific agent to do that specific thing. Today it's raw API keys (no scoping, no audit trail, no kill switch) or nothing.

A Passport credential is a standard ES256 JWT that asserts:

  • which agent this is (human-readable name)
  • what it may do (scopes like browse, purchase:general)
  • when the grant expires
  • the issuing public key, embedded in the header

The private key is generated in the device's Secure Enclave and never leaves it; every issuance requires Face ID, so each credential maps to an explicit human decision.

Verification is deliberately boring: any JWT library can verify the token offline against the embedded key. There's also a hosted endpoint (Cloudflare Worker) that does signature + expiry + scope + revocation in one POST:

POST https://passport-verify.passport-app.workers.dev/verify
{"token": "<jwt>", "scope": "purchase:general"}
Enter fullscreen mode Exit fullscreen mode

Revocation went live today: revoke a credential in the app and the next verify returns 401 with "Token has been revoked by its owner" (KV-backed list, also queryable at GET /revoked?jti=). I tested the full loop on a real credential in production. If you verify offline instead, you can poll the revocation endpoint or simply rely on short expiry times.

The format choice is intentional — I wanted something existing HTTP middleware could accept with one if statement, not a new protocol. Visa TAP and Google AP2 are converging on the same three-leg shape (human grants → agent presents → merchant verifies) for payments; this is that pattern as a small open building block.

App is free on the App Store (iOS + macOS, native). Docs with drop-in Node/Python/cURL snippets: https://passport-landing.pages.dev

Curious how others handling agent auth are thinking about scoped, revocable delegation vs. just passing API keys around.

Thank you! Feel free to ask questions!

Top comments (1)

Collapse
 
1manfleet profile image
One Man Fleet