ADTP — production Go implementation using UCAN for agent-to-agent delegation #206
Zahanturel
started this conversation in
Show & Tell
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Hi Brooklyn — I built ADTP, a Go daemon that uses UCAN delegation chains for AI agent identity and authorization across MCP/A2A.
One design choice I'd appreciate feedback on: ADTP adds a RESTRICT mode on top of standard UCAN attenuation. It's a structural invariant — a delegated credential can only narrow its parent's capabilities, enforced at chain validation, not policy evaluation. I tested it against 7 adversarial escalation vectors (scope widening, depth bypass, RESTRICT removal, caveat stripping, cross-org escalation, replay injection, malformed caveats). Zero bypasses.
The other piece: cascade revocation with a registration invariant that guarantees every descendant is dead the moment an ancestor is revoked. No background jobs, no eventual consistency.
12.6k lines of Go, Apache 2.0, 22-finding security audit resolved: github.com/Zahanturel/adtp
Would value your take on the UCAN usage patterns — especially whether RESTRICT mode is something worth proposing as a spec extension.
Beta Was this translation helpful? Give feedback.
All reactions