Your agents are using
your identity.
ADTP gives every agent its own cryptographic key, its own delegation chain, and provably-complete revocation. Single binary. Open protocol.
They inherit your credentials. Every agent operates as you.
They delegate to each other. No record. No visibility.
You revoke access. The downstream agents keep running.
Issue. Restrict. Verify. Revoke.
Thirteen steps between a claim and its execution.
Escalation is structurally impossible.
RESTRICT mode enforces capability attenuation at every delegation step. A child credential can only narrow its parent's permissions — never widen them. This is not a policy check. It is an invariant enforced at issuance and verified at step 8 of the pipeline.
Revoke one. Kill every descendant.
A registration invariant guarantees that when a credential is revoked, every descendant is already dead. Not a background job. Not eventual consistency. Mathematical completeness, verified at the storage layer.
Your agents. Their agents. No shared IAM.
Bilateral agreements between organizations. Non-transitive and depth-bounded. Organization A's agents work with Organization B's agents under auditable policy — evaluated at step 10 — without exposing either side's internal identity infrastructure.
Drops into your stack.
Compatible with MCP, A2A, LangGraph, and CrewAI via REST API.
From clone to a registered agent.
# Clone and buildgit clone https://github.com/Zahanturel/adtp.gitcd adtp && make build# Run the daemon./adtpd --config config.yaml# adtpd listening on 127.0.0.1:8080# generated API key: abc123... copy this# Register an agentcurl -H "Authorization: Bearer <api-key>" \ -X POST localhost:8080/v1/agents \ -d '{"sponsor_did":"did:key:z6Mk..."}'