DEV Community: One Man Fleet The latest articles on DEV Community by One Man Fleet (@1manfleet). https://dev.to/1manfleet https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3980259%2F3a904d9b-0d6e-421e-8980-4acbc1b91683.png DEV Community: One Man Fleet https://dev.to/1manfleet en Passport – issue revocable, Secure Enclave-signed permissions to AI agents One Man Fleet Fri, 12 Jun 2026 13:24:41 +0000 https://dev.to/1manfleet/passport-issue-revocable-secure-enclave-signed-permissions-to-ai-agents-16lk https://dev.to/1manfleet/passport-issue-revocable-secure-enclave-signed-permissions-to-ai-agents-16lk <p>I built Passport, a free iOS/macOS app that lets a human issue signed, scoped, time-bounded credentials to AI agents — and revoke them instantly.</p> <p>The problem: when an agent acts on your behalf (books, buys, emails), the receiving service can't tell whether a human authorized that specific agent to do that specific thing. Today it's raw API keys (no scoping, no audit trail, no kill switch) or nothing.</p> <p>A Passport credential is a standard ES256 JWT that asserts:</p> <ul> <li>which agent this is (human-readable name)</li> <li>what it may do (scopes like <code>browse</code>, <code>purchase:general</code>)</li> <li>when the grant expires</li> <li>the issuing public key, embedded in the header</li> </ul> <p>The private key is generated in the device's Secure Enclave and never leaves it; every issuance requires Face ID, so each credential maps to an explicit human decision.</p> <p>Verification is deliberately boring: any JWT library can verify the token offline against the embedded key. There's also a hosted endpoint (Cloudflare Worker) that does signature + expiry + scope + revocation in one POST:</p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>POST https://passport-verify.passport-app.workers.dev/verify {"token": "&lt;jwt&gt;", "scope": "purchase:general"} </code></pre> </div> <p>Revocation went live today: revoke a credential in the app and the next verify returns 401 with "Token has been revoked by its owner" (KV-backed list, also queryable at <code>GET /revoked?jti=</code>). I tested the full loop on a real credential in production. If you verify offline instead, you can poll the revocation endpoint or simply rely on short expiry times.</p> <p>The format choice is intentional — I wanted something existing HTTP middleware could accept with one <code>if</code> statement, not a new protocol. Visa TAP and Google AP2 are converging on the same three-leg shape (human grants → agent presents → merchant verifies) for payments; this is that pattern as a small open building block.</p> <p>App is free on the App Store (iOS + macOS, native). Docs with drop-in Node/Python/cURL snippets: <a href="https://passport-landing.pages.dev" rel="noopener noreferrer">https://passport-landing.pages.dev</a></p> <p>Curious how others handling agent auth are thinking about scoped, revocable delegation vs. just passing API keys around.</p> <p>Thank you! Feel free to ask questions!</p> ai opensource security software