AI agents are accessing databases, sending emails, calling APIs, and making purchases. But there's no standard way to identify them, limit what they can do, or trace their actions back to a human.
I dug into the numbers:
- 88% of MCP servers need authentication
- Only 8.5% use OAuth
- 53% rely on static API keys in environment variables
- 80% of organizations can't tell what their agents are doing in real-time
This is the wild west. So I built AgentsID to fix it.
The Problem
When you build an MCP server, every tool is wide open by default. Any agent with the API key can call any tool — search, delete, deploy, admin reset — with zero restrictions.
There's no way to:
- Give Agent A access to
searchbut blockdelete - Know which agent made which tool call
- Trace an agent's actions back to the human who authorized it
The Fix: 3 Lines of Middleware
Install the SDK:
npm install @agentsid/sdk
Add the middleware:
import { createHttpMiddleware } from '@agentsid/sdk';
const guard = createHttpMiddleware({
projectKey: process.env.AGENTSID_PROJECT_KEY,
});
Validate every tool call:
const auth = await guard.validate(token, toolName);
if (!auth.permission.allowed) {
return { error: 'Blocked', reason: auth.permission.reason };
}
That's it. Every tool call is now validated.
What You Can Control
AgentsID uses a deny-first model. Everything is blocked unless you explicitly allow it. The permission engine supports 14 constraint types:
Access — Allow/deny by tool name with wildcards (search_* allowed, delete_* blocked)
Time & Rate — Restrict to business hours, limit calls per minute/hour
Behavioral — Require tools to run in sequence, detect anomalous behavior
Resource — Set budget caps, limit session duration
Governance — Require human approval for sensitive actions, limit delegation depth
Delegation Chains
When Agent A spawns Agent B, permissions automatically narrow. Agent B can never have more access than Agent A. Revoke the parent and the entire chain downstream stops.
Audit Trail
Every tool call — allowed or denied — is logged. You get a full record of what each agent did, when, and why it was allowed or blocked. The dashboard shows it all in a live feed.
Getting Started
npm install @agentsid/sdk # TypeScript
pip install agentsid # Python
gem install agentsid # Ruby
Free tier: 25 agents, 10,000 events/month. No credit card.
Top comments (1)
Some comments may only be visible to logged-in visitors. Sign in to view all comments.