Skip to content

RunStack-AI/AAPP

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
docs
docs
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
index.js
index.js
 
 
openapi.yaml
openapi.yaml
 
 
package.json
package.json
 
 

Repository files navigation

Agent Account Provisioning Protocol (AAPP)

This repository contains the reference implementation and specification for the Agent Account Provisioning Protocol (AAPP) — a new standard that enables AI agents to automatically create and manage accounts on third-party services while maintaining security, user control, and privacy.

What is AAPP?

AAP solves a critical gap in AI automation: while agents can work with APIs once they have credentials, the manual process of account creation and API key generation has remained a bottleneck. AAPP provides a secure, standardized way for AI agents to automatically provision accounts and obtain credentials on behalf of users.

Key Features

  • Automated Account Creation: AI agents can create service accounts without manual user intervention
  • Security First: All credentials are cryptographically bound to agent keys using proof-of-possession
  • User Control: Complete transparency with audit trails and revocation capabilities
  • Privacy Protection: Minimal data sharing with pairwise pseudonymous identifiers
  • Anti-Spam Protection: Built-in safeguards including rate limits, reputation scoring, and verification steps
  • Standards Integration: Built on OAuth 2.0, OIDC, WebAuthn, and Verifiable Credentials

Protocol Documentation

📖 Read the full AAPP Protocol Specification

The protocol documentation provides a comprehensive overview of AAPP including:

  • Detailed technical specifications
  • Security model and threat analysis
  • Implementation requirements
  • Integration patterns
  • Adoption roadmap

Repository Contents

  • docs/protocol.md - Complete AAPP protocol specification
  • openapi.yaml - OpenAPI 3.0 specification for AAPP endpoints
  • index.js - Reference Node.js/Express server implementation
  • package.json - Node.js dependencies
  • notes/ - Development notes and research

Quick Start

Requirements

  • Node.js 16+ (Node 18 recommended)

Installation

npm install
npm start

Server runs at http://localhost:8080

Basic Usage

Discovery:

curl http://localhost:8080/.well-known/aapp

Provision new account:

curl -X POST http://localhost:8080/aapp/provision \
  -H "Content-Type: application/json" \
  -d '{
    "client_request_id":"demo-1",
    "idp_assertion":"<demo-id-token-or-vc>",
    "user_consent": {
      "consent_id":"consent-demo-1",
      "timestamp":"2025-09-20T00:00:00Z",
      "text":"Allow agent X to create account and read invoices"
    },
    "agent_pubkey_jwk": {"kty":"OKP","crv":"Ed25519","x":"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"},
    "requested_scopes":["invoices:read"],
    "provisioning_options": {"preferred_username":"alice+agent-demo"}
  }'

Link existing account:

curl -X POST http://localhost:8080/aapp/link \
  -H "Content-Type: application/json" \
  -d '{
    "oauth_access_token":"demo-oauth-token",
    "agent_pubkey_jwk": {"kty":"OKP","crv":"Ed25519","x":"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"},
    "requested_scopes":["invoices:read"]
  }'

Protocol Flow

  1. Discovery: Agent discovers service AAPP capabilities via /.well-known/aapp
  2. User Consent: User approves agent access through secure consent flow
  3. Identity Verification: User identity verified via OIDC/WebAuthn
  4. Provision Request: Broker sends signed request with user consent and agent public key
  5. Account Creation: Service creates account and issues agent-bound credentials
  6. Secure Usage: Agent uses proof-of-possession tokens for API access
  7. Audit & Control: User maintains full visibility and revocation control

Security Model

AAP implements multiple security layers:

  • Proof-of-Possession: All tokens cryptographically bound to agent keys
  • Minimal Privilege: Scoped permissions with short token lifetimes
  • User Consent: Explicit approval required for all provisioning
  • Audit Trails: Complete transparency of all agent actions
  • Anti-Abuse: Rate limiting, reputation scoring, and verification steps
  • Privacy Protection: Pairwise pseudonymous identifiers and data minimization

Implementation Status

⚠️ Development Status: This is a reference implementation for demonstration and development purposes. Production deployment requires additional security hardening including:

  • Proper OIDC token validation and introspection
  • Full DPoP or mTLS implementation for proof-of-possession
  • Secure credential storage with HSM/KMS
  • Rate limiting and CAPTCHA integration
  • Comprehensive audit logging
  • Database persistence with proper security controls

Contributing

AAP is designed as an open standard. Contributions are welcome including:

  • Protocol specification improvements
  • Reference implementation enhancements
  • Security analysis and recommendations
  • Integration examples and SDKs
  • Documentation improvements

Adoption

AAP is designed for gradual adoption:

  • Phase 0: Specification and reference implementations (current)
  • Phase 1: Pilot integrations with developer-friendly APIs
  • Phase 2: Broader ecosystem adoption and potential standardization

Interested in implementing AAPP? See the protocol documentation for detailed implementation guidance.

License

[License information to be added]

Contact

[Contact information to be added]

About

A new standard that lets AI agents automatically create and use third-party accounts while preserving user control, security, anti-spam, and auditability.

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages