The latest articles on DEV Community by Yaima Valdivia (@yaimavaldivia). https://dev.to/yaimavaldivia https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3974412%2F06421353-6c35-4b4d-895f-a4d407d81ae0.jpg https://dev.to/yaimavaldivia en Yaima Valdivia Mon, 08 Jun 2026 15:24:05 +0000 https://dev.to/yaimavaldivia/agenttrust-id-is-live-agn https://dev.to/yaimavaldivia/agenttrust-id-is-live-agn <p>This weekend, <a href="https://agenttrust.id" rel="noopener noreferrer">AgentTrust ID</a> went live in production. As of today, all five SDKs are published:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>pip <span class="nb">install </span>agenttrustid npm <span class="nb">install</span> @agenttrustid/sdkgo get github.com/agenttrustid/sdk/go cargo add agenttrustid <span class="c"># Maven / Gradle</span> <span class="c"># id.agenttrust:agenttrustid:0.3.0</span> </code></pre> </div> <p>The SDKs are open source under Apache 2.0 at <a href="https://github.com/agenttrustid/sdk" rel="noopener noreferrer">github.com/agenttrustid/sdk</a>. The hosted platform is running at <a href="https://app.agenttrust.id" rel="noopener noreferrer">app.agenttrust.id</a> in a controlled beta.</p> <h2> Why I built this </h2> <p>AI agents broke the assumptions that machine-to-machine security was built on. An API key answers one question: who is calling. It asks it once, at the door. An agent decides its next action at runtime, from context nobody wrote by hand. The same agent that summarized a document a second ago might now try to email it, delete it, or chain a task to another agent. A credential that only proves identity has no opinion about any of that.</p> <p>Agents need a decision at the <strong>action boundary</strong>: <em>should this specific action happen, right now, on whose behalf</em>. Answered at runtime, every time, with an audit trail and a kill switch.</p> <h2> What's running </h2> <p>Everything below is live in production today, not a roadmap:</p> <ul> <li> <strong>Per-action authorization.</strong> Every consequential action passes a pre-flight check. The <a href="https://agenttrust.id/blog/three-tiers-routed-by-risk" rel="noopener noreferrer">Guardian pipeline</a> routes each action by risk: deterministic rule checks for the common path, a policy engine for mutations, and AI-backed review for destructive operations. Fail-closed where it counts.</li> <li> <strong>Opaque, instantly revocable tokens.</strong> Credentials are <code>at_</code> references with <a href="https://agenttrust.id/blog/revoke-in-seconds-the-agent-kill-switch" rel="noopener noreferrer">no standing authority of their own</a>. The server decides on every use, so revocation is one call, effective immediately.</li> <li> <strong>Scoped delegation.</strong> When one agent hands work to another, the grant <a href="https://agenttrust.id/blog/scoped-delegation-narrow-not-copy" rel="noopener noreferrer">narrows instead of copying</a>: subset scopes, independent TTLs, independently revocable, bounded chain depth.</li> <li> <strong>Read-only sessions with time-boxed elevation.</strong> Sessions <a href="https://agenttrust.id/blog/read-only-by-default-sessions-and-elevation" rel="noopener noreferrer">start safe</a> and rise only on approval, for a bounded window, then revert on their own.</li> <li> <strong>One model across surfaces.</strong> MCP tools, agent-to-agent calls, and direct API integrations all route through the same decision, not three security stories.</li> </ul> <h2> Where it stands </h2> <p>The platform is in an invite-only beta while I onboard design partners. If runtime authorization for agents is a problem you have right now, <a href="https://agenttrust.id/#contact" rel="noopener noreferrer">request access</a> and tell me about your setup.</p> <p>If you'd rather kick the tires first: the <a href="https://github.com/agenttrustid/sdk" rel="noopener noreferrer">SDKs</a> are open, the <a href="https://agenttrust.id/docs" rel="noopener noreferrer">docs</a> are public, including an honest <a href="https://agenttrust.id/docs/whats-supported" rel="noopener noreferrer">what's supported</a> page that says what this does <em>not</em> do yet.</p> <p>Agents are already acting at machine speed. The authorization layer should keep up. Now it does.</p> ai security opensource python