Skip to content

CodeSigils/awesome-agent-trust

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

22 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Awesome Agent Trust & Identity Awesome

A curated list of open-source projects, protocols, and standards for AI agent identity, naming, trust verification, governance, and security.

Inspired by the ANS (Agent Name Service) ecosystem and Linux Foundation standards efforts.

What this list is not: A catalog of commercial products, academic papers without implementations, internal enterprise governance systems, or platform- specific trust models from Anthropic, OpenAI, or Google. This is a public open-source snapshot — the actual agent trust landscape is larger but less transparent.


Contents


Agent Naming & Discovery

DNS-like resolution for AI agents. Core protocol with IETF draft backing.

  • Agent Name Service - Reference implementation of the ANS protocol. Registry, transparency log, and IETF draft draft-narajala-ans-00.
  • ANS Registry - Registration and resolution for the Agent Name Service.
  • ANS SDK for Rust - Rust SDK for the Agent Name Service.
  • ANS SDK for Go - Go SDK for the Agent Name Service.
  • ANS SDK for Java - Java SDK for the Agent Name Service.
  • route-ans - High-performance ANS resolver with semantic versioning and Redis caching.
  • ERC-8004 Registry - On-chain searchable agent identity registry. Agents register as NFTs with queryable capability metadata.
  • A2A Agent Cards - JSON metadata at /.well-known/agent-card.json. Agents self-describe capabilities and authentication requirements.

Agent Identity & Cryptographic Identity

Cryptographic identity for agents — DIDs, Ed25519, zero-trust frameworks.

  • AGNTCY Identity - Linux Foundation project. Onboard, create, and verify identities for Agents, MCP Servers, and multi-agent systems.
  • OrgKernel - Open-source trust layer for AI agents. Cryptographic agent identity (Ed25519), instance-scoped execution tokens, SHA-256 integrity verification.
  • Vorim Agent Identity Protocol (VAIP) - Open standard for AI agent identity, permissions, and cryptographic audit trails.
  • Alibaba Open Agent Auth - Enterprise framework implementing Agent Operation Authorization protocol with cryptographic identity binding and fine-grained permission verification.
  • Agent Identity Protocol (AIP) - Zero-trust security layer for AI agents. Policy enforcement proxy for MCP with human-in-the-loop.
  • ASI - Minimal cryptographic identity standard for agent skill ecosystems. Ed25519 + DID:key + JCS bundling.
  • agent-auth - Cryptographic identity and delegation for AI agents.
  • Ratify Protocol - Open cryptographic trust protocol for AI agent authorization. Hybrid Ed25519 + ML-DSA-65 (FIPS 204).
  • HelixID - Open-source identity and authorization layer for AI agents. Issue verifiable credentials, manage decentralized identifiers.
  • agentdnai - Verifiable digital identity, scoped permissions, and audit trails for AI agents.
  • W3C Decentralized Identifiers (DIDs) - The foundation. Globally unique, self-sovereign identifiers controlled by the subject.
  • W3C Verifiable Credentials - Cryptographically signed, tamper-evident, machine-verifiable credentials.

Agent Governance & Policy Enforcement

Frameworks for governing autonomous agent behavior — policy enforcement, zero-trust, execution sandboxing, approval gates.

  • Agent Governance Toolkit - Microsoft's toolkit for AI agent governance. Policy enforcement, zero-trust identity, execution sandboxing, and reliability engineering.
  • defenseclaw - Cisco's security governance for agentic AI.
  • cordum - Open agent control plane. Govern autonomous AI agents with pre-execution policy enforcement, approval gates, and audit.
  • lunar.dev - Agent-native MCP Gateway for governance and security.
  • DashClaw - Governance runtime for AI agents. Intercept actions, enforce guard policies, require approvals, produce audit trails.
  • superagentX - Policy-driven autonomous AI agents. Unified Control Plane with centralized tools, identity, and governance.
  • faramesh-core - Governance-as-Code for AI agents. Declarative constraints with deterministic enforcement.
  • Deterministic Agent Control Protocol - Governance gateway for AI agents. Bounded, auditable, session-aware control with MCP proxy.
  • Agentic Trust Framework - Open specification for Zero Trust governance of autonomous AI agents. Five core elements, four maturity levels.
  • pattern8 - AI Agent Governance Framework. Constrain how AI agents behave in your project. pip install pattern8.
  • Clyro - Governance platform for AI agents. Stops failures before they happen.
  • Hermes Katana - Defense-in-depth security toolkit for LLM agents. Taint tracking, proxy secret guard, policy engine, and red-team benchmark.
  • Agentoes - Enterprise AI trust platform for safe deployment and management of AI agents.
  • AegisSwarm-Core - Zero-trust security and governance framework for autonomous multi-agent AI networks. Implements CSA Agentic Trust Framework.
  • cullis - Zero-trust governance for autonomous AI agents in regulated organizations. Self-hosted gateway with verified identity.
  • Preventra - Governance, trust, and identity for the agentic economy. Public infrastructure.
  • Lelu - Open-source authorization engine for AI agents. Confidence-aware gating, human-in-the-loop, and policy enforcement.
  • veldt-kya - KYA (Know Your Agents). Open-source trust, governance, and evidentiary assurance for autonomous systems.

Agent Permissions & Authorization

Fine-grained authorization, delegation, and permission systems for agent tool execution.

  • Pi Permission System - Permission enforcement extension for the Pi coding agent.
  • permguard - Authorization engine for today's systems and tomorrow's agentic world.
  • grantex - Identity, authorization, and audit infrastructure for AI agents. The "OAuth moment" for the agentic internet.
  • agentlock - Adversarially benchmarked pre-action agent authorization. Framework-agnostic tool permissions.
  • theauth - Auth for AI agents and humans. First-class agent identity, MCP, OAuth 2.1, delegation, audit.
  • spicebox - Fine-grained permissions for AI coding agents (by AuthZed / SpiceDB).
  • CapiscIO Agent Guard - Trust badges, identity verification, and tool-level authorization for AI agents.
  • Jean-Claw-Van-Damme - Authorization gatekeeper for OpenClaw agents. Scoped grants, time-bound permissions, skill scanning.
  • permitrail - Open-source permission and audit layer for AI agents that take real actions.
  • agent-passport - Authorization for AI agents. Scoped permissions, spend limits, delegation chains, instant revocation. Ed25519-signed.
  • ampersona - Rust platform for AI agent governance: identity (psychology, voice, capabilities) + authority (scoped actions, deny-by-default).
  • ActionWarrant - Local CLI for verifying signed, scoped permission artifacts before agent actions.
  • Emilia Protocol - Receipt Required for AI agents. No receipt, no irreversible action. Offline-verifiable authorization-receipt protocol.

Trust Registries & Verification

Public registries, trust scoring, signed receipts, and verifiable attestation.

  • AgentGuard - Security guard for AI agents. Blocks malicious skills, prevents data leaks, protects secrets. 24 detection rules.
  • agentregistry - Centralized, trusted, curated registry for AI agent skills.
  • Attestix - Attestation infrastructure for AI agents. DID-based agent identity, W3C Verifiable Credentials, EU AI Act compliance.
  • treeship - Portable trust receipts for agent workflows. Signed, chained, verifiable.
  • Open Agent Trust Registry - Open root-of-trust for agent identity. Public, federated registry of trusted attestation issuers.
  • Verifiable ClawGuard - Use TEE attestation to prove an agent is running behind known guardrails.
  • hvtracker - AI Agent Trust Registry. Independent, evidence-based trust scores for 172+ open-source AI agents.
  • ToolTrust Directory - Trust layer for AI agents. Curated registry of secure tools and MCP servers with A-F risk grading.
  • ai-trust - VirusTotal for AI packages. ai-trust check <pkg> returns a 0-100 trust score.
  • attestplane - Verifiable audit substrate for AI agents. EU AI Act Article 12 ready.
  • provetrail - Open standard for verifiable execution provenance. Portable, third-party-verifiable records.
  • halo-record - Tamper-evident runtime records for AI agents. Hash-chained, dependency-free, verifiable by anyone.
  • mimir - Verifiable provenance for MCP tool-call results. Signed envelopes + quality scoring.
  • kairon-protocol - Attestation protocol for AI coding agents. Turns completed tasks into verifiable receipts.
  • agentattest - Verifiable provenance for AI coding agents. Binds agent runs, diffs, PRs, artifacts, and approvals into attestations.
  • bootproof - Zero-trust supervisor that boots any repository or agent artifact to a verifiable, known-good state.
  • logpose - Verifiable reputation + attestation SDK for AI agents.

Agent Reputation & Scoring

Credit-score-style reputation systems and trust scoring for agents.

  • nobulex - Trust economy for autonomous AI agents. Credit scores for machines. Agents earn Trust Capital through verified behavior.
  • AgenticTrust - Decentralized reputation, scoring, and discovery infrastructure for AI agents.
  • mnemopay-sdk - Trust & reputation layer for AI agents. Agent Credit Score (300-850) + Merkle-anchored ledger.
  • djd-agent-score - Reputation scoring for AI agent wallets on Base.
  • repute - FICO score for AI agents. Open source reputation scoring on EAS + Base.

Audit Trails & Observability

Immutable audit logs, hash-chained event records, session replay, and observability infrastructure.

  • clawlens - Agent observability and guardrails for OpenClaw. Risk scoring, audit trails, dashboard.
  • agentlens - Open-source observability and audit trail platform for AI agents. MCP-native, tamper-evident event logging.
  • deconvolute - Policy-as-code enforcement and observability for MCP tool calls. Cryptographic integrity chains.
  • notmemory - Tamper-proof agent memory with audit trails, rollback, GDPR tombstoning, and semantic search.
  • soma - Local-first AI agent governance with verifiable, tamper-evident audit trails.
  • trailing - Immutable audit trails for AI agents. Compliance-ready logging for Claude Code, Codex, Cursor, CrewAI.
  • agent-witness - Session recorder and audit log for AI coding agents. Replay Claude Code sessions as TUI timeline.
  • DecisionNotary - Decentralized decision-notary bridging AI observability with on-chain identity.
  • forgesight - Vendor-neutral, OpenTelemetry-first telemetry for AI agents. Traces, cost, budgets, audit trails.
  • SoulGuard - Open trust layer for AI-agent memory. Tamper-evident memory and cryptographic agent identity.
  • vaara - Open-source evidence layer for AI governance. Gates every agent tool call against your policies with verifiable receipts.
  • trishula-agent-telemetry - Deterministic agent observability. Merkle-chained audit trails. Anomaly detection. Zero dependencies.

Security & Scanning

Security toolkits, vulnerability scanning, skill vetting, and supply chain security.

  • AI-Infra-Guard - Full-stack AI Red Teaming platform. Agent Security Scan, supply chain verification, and prompt security for AI ecosystems.
  • awesome-skills-security - Security testing toolkit for AI agents. Curated SecLists wordlists, injection payloads, and expert agents for authorized security testing.
  • hackagent - Open-source security toolkit to detect vulnerabilities in your AI agents.
  • SecOpsAgentKit - Security operations toolkit for AI coding agents. 25+ skills for vulnerability detection, container scanning.
  • hackmyagent - Metasploit for AI agents. Scan, attack, and fix AI agents and MCP servers.
  • ClawGuard - Comprehensive security toolkit for autonomous agents (OpenClaw, Claude Code, Cursor).
  • ops0 CLI - Stop AI agents from shipping insecure IaC. Cloud plan scanning and governance.
  • agentseal - Security toolkit for AI agents. Scan for dangerous skills and MCP configs, monitor supply chain attacks.
  • MindJack - Security toolkit that extracts agent memories and rewrites instructions. Red-teaming tool.
  • agent-bom - AI supply-chain and cloud security scanner. Self-hosted control plane for agents, MCP, and packages.
  • skillfortify - Security scanner for AI agent skills and plugins. Static analysis, supply chain vulnerability detection.
  • clawguard (yourclaw) - Security scanning and trust registry for AI agent skills (Clawdbot, MoltBot, OpenClaw, ClawHub).

Skills Curation & Trusted Marketplaces

Curated registries, security-audited marketplaces, and vetted skill catalogs for AI agents.

  • PM Skills - Marketplace for agentic skills, commands, and plugins focused on project management and development workflows.
  • Claude Code Plugins Plus - Open-source marketplace. 425 plugins, 2,810 skills, 200 agents for Claude Code.
  • Claude Code Skills - Professional Claude Code skills marketplace featuring production-ready skills for enhanced development workflows.
  • Binance Skills Hub - Open skills marketplace giving AI agents native access to crypto exchange capabilities through curated, verified skills.
  • Trail of Bits Curated Skills - Curated, community-vetted Claude Code plugin marketplace from the respected security firm.
  • AI Skill Store - Security-audited skills for Claude, Codex, and Claude Code. One-click install, quality verified.
  • Mercury Agent Skills - Curated registry of reusable agent skills for Mercury Agent, OpenClaw, and Hermes Agent.
  • Awesome Claude (HeyClaude) - Curated registry and distribution surface for Claude and AI-workflow assets: agents, skills, MCP servers.
  • x-cmd/skill - Human-vetted, community-curated skills for AI coding and agent tools.
  • Agent Skill Exchange - Curated, trusted open catalog of AI agent skills for OpenClaw, Claude Code, Codex, GitHub Copilot, Gemini, Cursor, MCP.
  • awesome-agent-skills - Curated, auto-updated awesome-list of vetted AI agent skills with quality ratings.
  • n-skills - Curated plugin marketplace for AI agents, compatible with Claude Code, Codex, and OpenClaw.

Linux Foundation & Standards

Officially recognized standards efforts under Linux Foundation, OASF, AAIF, AGNTCY.

  • OASF Agent Directory MCP - Cisco AGNTCY bridge under Linux Foundation for the OASF Agent Directory.
  • AAIF Agent Card MCP - Linux Foundation AAIF Agent Card MCP. Publish /.well-known/agent-card, bridge A2A and OASF.
  • ServiceNow A2A Sample - Sample client for Linux Foundation A2A (Agent-to-Agent) protocol.
  • Agentic AI Foundation - LF Agentic AI Foundation (AAIF), formed December 2025.
  • CapiscIO RFCs - Request for Comments for CapiscIO protocols and standards. AGCP, trust policies, agent identity.

Agent-to-Agent Protocols

Protocols for inter-agent communication, trust networks, and agent economies.

  • Agent2Agent (A2A) - Google's open protocol enabling communication and interoperability between agentic applications. 24,600+★.
  • Agentic Commerce Protocol (ACP) - Open standard for connecting AI agents with commerce infrastructure — payments, orders, and product discovery.
  • Python A2A - Python library for implementing Google's Agent-to-Agent (A2A) protocol.
  • A2A .NET - .NET implementation of the A2A protocol for secure, interoperable agent communication.
  • A2A Rust - Type-safe, async Rust SDK for the Agent2Agent (A2A) protocol.
  • A2A Go - Go implementation of the A2A protocol for agent interoperability.
  • EEP - Open standard for push-based, verifiable communication between digital entities and agents.
  • HITL Protocol - Human-in-the-Loop Protocol for autonomous agent services. Open standard (v0.8).
  • ClawNet - Governed multi-agent social network. Every AI agent acts under human-granted identity and scoped authorization.
  • sati - Trust infrastructure for million-agent economies on Solana. Identity, reputation, validation.
  • neus/network - Open trust network for apps, people, and AI agents.
  • dos-kernel - Catch AI agents when they lie about what they shipped. Verifies claims against git.
  • Graphenium - Trust and verification layer for AI-generated code changes.
  • Kinetic Trust Protocol - Dynamic, physics-based authorization of autonomous agents.
  • MoveGate Protocol - Agent Identity, Authorization, and Trust Infrastructure for Sui. On-chain mandate delegation.
  • Oath Protocol - Protocol for cryptographically verifiable human intent. Agent authorization, local-first, offline-capable.
  • swarm-hedera - Agent identity, HCS messaging, staking, governance, NFTs, trust verification on Hedera.
  • Agent Identity Protocol (AIP) draft - Concept draft of AIP. Governance layer for autonomous agents covering identity, permissions, audit.
  • AINRP - AI Identity and Non-Repudiation Protocol for trusted autonomous agents. Smart contracts, architecture, tokenomics.
  • Fides Protocol - Trust layer for AI agents. Every tool call is intercepted, verified, and authorized.

Attestation & Confidential Computing

TEE-backed attestation, confidential computing, and hardware-enforced security.

  • Confidential AI - Confidential computing stack for AI workloads. Run inference, training, agents in hardware-encrypted environments.
  • QWED Verification - Deterministic verification layer for AI systems. Verifies outputs using mathematics and symbolic reasoning.
  • Azure Trust Agents - Hands-on hackathon challenges for building multi-agent financial compliance workflows with Azure confidential computing.
  • Confidential Computing Expert Skill - AI agent skill for confidential computing. TEE platforms, attestation protocols, KRAB verifiability.
  • TEE-backed Private Memory - Private memory layer using Gramine SGX/RA-TLS for AI agents.

Related Awesome Lists


Contributing

See contributing.md for submission guidelines, format requirements, and CI checks that run on every pull request.

See CRITERIA.md for the full inclusion criteria — relevance domains, quality gates (star threshold, activity, description), categorization rules, and exclusion policies enforced by the repo validation CI.

CC0 1.0

To the extent possible under law, the curator has waived all copyright and related or neighboring rights to this work.

About

Awesome list of open-source AI agent identity, trust, governance, security, and naming projects. Protocols, standards, tools for agent verification, permissions, attestation, reputation, and policy enforcement.

Topics

Resources

License

Contributing

Security policy

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors