Metadata-Version: 2.4
Name: aip-gateway
Version: 0.1.0
Summary: Drop-in policy proxy for AIP delegation verification on MCP and A2A
Author: Sunil Prakash
License-Expression: Apache-2.0
License-File: LICENSE
Requires-Python: >=3.11
Requires-Dist: agent-identity-protocol>=0.2.0
Requires-Dist: click>=8.1
Requires-Dist: httpx>=0.27
Requires-Dist: pyyaml>=6.0
Provides-Extra: dev
Requires-Dist: pytest-asyncio>=0.23; extra == 'dev'
Requires-Dist: pytest>=8.0; extra == 'dev'
Description-Content-Type: text/markdown

# AIP Gateway

Drop-in policy proxy that adds verifiable delegation to MCP and A2A without rewriting your agents.

```
Before:  Agent --> MCP Server
After:   Agent --> AIP Gateway --> MCP Server
```

## Quick Start

```bash
pip install aip-gateway
aip-gateway serve --policy policy.yaml
```

Or with Docker:

```bash
docker run -v ./policy.yaml:/etc/aip-gateway/policy.yaml -p 8090:8090 sunilp/aip-gateway
```

## What It Does

The gateway sits between your agents and MCP servers. Every request is verified:

1. **Token verification** -- Ed25519 signature check against trusted keys
2. **Policy evaluation** -- agent scope, delegation depth, budget limits, workflow rules
3. **Header injection** -- upstream gets verified caller identity (no SDK needed)
4. **Audit logging** -- every allow/deny decision in JSONL

## Policy File

```yaml
gateway:
  upstream: http://localhost:8080
  port: 8090

trust_keys:
  - z6MkYourTrustKeyHere...

agents:
  credit-scorer:
    identity: "aip:key:ed25519:zScorer..."
    can_delegate:
      - tool:check_credit
    max_depth: 0

rules:
  - action: tool:approve_loan
    requires:
      - tool:check_credit
      - tool:assess_risk
    deny_if:
      - same_actor: [credit-scorer, loan-approver]
```

## Demo: Loan Origination

```bash
cd examples/loan_origination
python run_demo.py
```

Four scenarios showing scope enforcement, prerequisite checking, and maker-checker separation:

```
Scenario 1: Valid chain          -> ALLOW (proper segregation of duties)
Scenario 2: Scope violation      -> DENY  (scorer cannot approve loans)
Scenario 3: Missing prerequisite -> DENY  (no approval without due diligence)
Scenario 4: Same-actor           -> DENY  (maker-checker separation enforced)
```

> AIP prevents an AI agent from turning credit scoring authority into loan approval authority.

## Upstream Header Enrichment

After verification, the gateway injects identity headers into forwarded requests:

```
X-AIP-Verified: true
X-AIP-Issuer: aip:key:ed25519:zOrchestrator...
X-AIP-Subject: aip:key:ed25519:zScorer...
X-AIP-Scope: tool:check_credit
X-AIP-Depth: 1
```

Your MCP server reads these without any AIP SDK dependency.

## CLI

```bash
aip-gateway serve --policy policy.yaml     # Start the proxy
aip-gateway validate --policy policy.yaml  # Check policy syntax
aip-gateway version                        # Show version
```

## Protocol

- Paper: [arXiv:2603.24775](https://arxiv.org/abs/2603.24775)
- IETF: [draft-prakash-aip-00](https://datatracker.ietf.org/doc/draft-prakash-aip/)
- Spec: [sunilprakash.com/aip/](https://sunilprakash.com/aip/)
- TypeScript SDK: [@aip-sdk on npm](https://www.npmjs.com/org/aip-sdk)
- Python SDK: [agent-identity-protocol on PyPI](https://pypi.org/project/agent-identity-protocol/)

## License

Apache 2.0
