APort

Authorization infrastructure for the AI agent economy

AI agent passport + control plane

The passport & control plane
for agentic work.

Issue passports, authorize tool calls before execution, and audit Claude Code, Cursor, MCP tools, LangChain, and CrewAI.

Create a passportBook enterprise demo
Agent passportsPre-action authorizationGuardrails + audit
terminal
Policy live
passport issuedpolicy enforcedproof signed

Works with the agent frameworks developers use

Claude Code
LangChain
LangGraph
CrewAI
OpenAI
FastAPI
Express
Next.js
Python
Node.js
Claude Code
LangChain
LangGraph
CrewAI
OpenAI
FastAPI
Express
Next.js
Python
Node.js
Claude Code
LangChain
LangGraph
CrewAI
OpenAI
FastAPI
Express
Next.js
Python
Node.js
Claude Code
LangChain
LangGraph
CrewAI
OpenAI
FastAPI
Express
Next.js
Python
Node.js
MCP
Vercel
OpenClaw
Anthropic
Salesforce
AWS
Django
Gemini
MCP
Vercel
OpenClaw
Anthropic
Salesforce
AWS
Django
Gemini
MCP
Vercel
OpenClaw
Anthropic
Salesforce
AWS
Django
Gemini
MCP
Vercel
OpenClaw
Anthropic
Salesforce
AWS
Django
Gemini

Benchmarks

Built for real controls, not cosmetic guardrails.

<100ms
Policy check latency
40+
Security patterns
12+
Pre-built policy packs
100%
Open source

Why This Exists

Prompts are suggestions.
Your agents need enforcement.

Role descriptions are soft. Quality gates should be deterministic. APort enforces what each agent can do and what they must deliver — before they proceed.

Quality

Agent shipped broken code

Prompt said 'write tests.' Agent skipped them.

Deliverable contract: 80% coverage required. Enforced.

Workflow

Agent merged its own PR

No review gate. Engineer bot approved itself.

Policy: reviewer_agent_id !== author_agent_id.

Security

Agent rm -rf'd the repo

Prompt injection bypassed safety instructions.

APort blocks destructive commands before execution.

Enterprise

$15M unauthorized trade

Portfolio AI violated sector concentration limits.

Pre-trade policy check. Blocked in <100ms.

Enterprise

15K client records exported

AI agent used valid credentials to bulk-export PII.

Export limit enforced. Compliance officer notified.

Quality

Task marked done, wasn't

Agent said 'done' - acceptance criteria unmet.

/aport-complete verifies criteria with evidence.

System Design

Four primitives. One system.

The same infrastructure that blocks rm -rf also enforces test coverage thresholds and verifies task completion.

Passport

Who your agent is

Verifiable identity via W3C DID/VC. JSON file, no signup. Portable across any platform. The birth certificate your agent carries everywhere.

Policy

What your agent can do

Pre-action authorization. Command allowlists, spending caps, file size limits, sector concentration rules. Enforced before execution, not after.

Deliverable Contract

What your agent must deliver

Quality gates enforced deterministically. Test coverage thresholds, review requirements, acceptance criteria. Agents can't mark done until the contract is met.

Proof

Cryptographic record of everything

Every decision Ed25519 signed. Tamper-evident records that support your SOC 2, HIPAA, SOX, and IIROC audit requirements. Not logs — mathematical certainty.

Enforcement

Prompts change the mode.
APort changes what’s possible.

Prompt-based (honor system)

# /plan mode
"Think like a senior architect."
# /review mode
"Be paranoid about security."
# /ship mode
"Only merge if tests pass."
Agent can still ignore all of this.

APort (enforced)

# engineer-bot passport
capabilities: [code.write, code.pr.open]
blocked: [code.push.main, code.deploy]
# deliverable contract
min_coverage: 80%
reviewer !== author
Physically cannot proceed until met.

Implementation

60 seconds. Real guardrails.

One installer creates or selects a passport, wires the native hook, and starts recording decisions.

terminal
# Claude Code: installs a PreToolUse hook
npx @aporthq/aport-agent-guardrails claude-code

# or use the install URL
curl -fsSL https://aport.io/install.sh | bash -s -- claude-code

# Claude Code → Bash/Edit/Read/MCP → APort checks passport
# ALLOW: action runs
# DENY: hook blocks before execution and logs the decision
Full integration guide

Use Cases

For developers. For enterprises.

Same primitives. Different pain points.

AI Engineering Teams

Multi-agent workflows with enforced quality.

  • Engineer bot can open PRs but not merge — enforced, not prompted
  • Deliverable contracts gate task completion on test coverage
  • Agent handoffs verified with signed receipts
  • Block destructive commands, secret exposure, path traversal

Regulated Industries

Independent third-party authorization with proof.

  • Pre-trade risk checks for portfolio AI (SOX, IIROC, OSFI)
  • Data export controls with PIPEDA/HIPAA enforcement
  • Signed, tamper-evident attestations — not just logs
  • ESG claim verification with data source provenance

FAQ

APAPORT?

Questions Developers Ask

Quick answers to common objections

APort is an AI agent passport and control plane for agentic work. It gives each agent an identity, enforces pre-action authorization before tools execute, and records guardrail decisions for audit.

More questions? Read the docs

Comparison

How APort compares.

Prompts suggest. Gateways filter. APort enforces and proves.

FeatureAPortPrompt RulesRunlayerOkta / Auth0
Pre-action authorizationPartial
Deliverable quality gatesSoft
Agent identity (W3C DID)
Cryptographic proofsEd25519
Tamper-evident attestations
Task completion verification
Agent handoff verification
Framework agnosticMCP only
Open sourceVaries

APort and Runlayer are complementary. Runlayer governs your agents’ outbound actions. APort governs what agents must deliver and proves they did it.

Design Partner Program

Shape the standard.

First 3–5 companies define the accountability standard for AI agents. White-glove onboarding. Grandfathered pricing. Direct founder access.

Apply for design partnerStart building