Vision
Establish AIP as the de facto standard for agent identity, authentication, and authorization—submitted to the IETF for standardization and adopted across the AI ecosystem.Release Timeline
v0.1: Localhost Proxy ✅
Status: Released (2026-01-20) Goal: The “Little Snitch” for AI Agents Provide local policy enforcement for individual developers securing their AI agents.Completed Features
Completed Features
- ✅ Tool allowlist enforcement
- ✅ Argument validation with regex
- ✅ Human-in-the-Loop (macOS, Linux)
- ✅ DLP output scanning
- ✅ JSONL audit logging
- ✅ Monitor mode (dry-run testing)
- ✅ Cross-platform support (macOS, Linux, Windows)
- ✅ Cursor/Claude Desktop integration
- ✅ Example policy library
v0.2: Kubernetes Sidecar 🚧
Status: In Progress Goal: The “Istio” for AI Agents Enable enterprise deployment with orchestration and observability.Kubernetes Integration
- Helm chart for easy deployment
- NetworkPolicy integration
- Pod security policies
- Init container pattern
Observability
- Prometheus metrics export
- OpenTelemetry tracing
- Grafana dashboard templates
- Alert rule examples
Multi-Tenancy
- Namespace-scoped policies
- RBAC integration
- Tenant isolation
- Policy inheritance
High Availability
- Stateless proxy design
- Horizontal pod autoscaling
- Health checks and readiness probes
- Graceful shutdown
v1.0: OIDC / SPIFFE Federation 📋
Status: Planned Goal: Enterprise Identity and Federation Integrate with existing identity infrastructure for production-grade deployments.Workload Identity Federation
- SPIFFE/SPIRE integration for workload identities
- Kubernetes ServiceAccount binding
- AWS IAM Roles for Service Accounts (IRSA)
- GCP Workload Identity
- Azure Managed Identity
Centralized Policy Management
- Policy registry with versioning
- GitOps integration (ArgoCD, Flux)
- Policy-as-Code validation
- Automated policy rollout
Multi-Tenant Audit Aggregation
- Centralized audit log aggregation
- SIEM integration (Splunk, Datadog, Elastic)
- Compliance reporting (SOC 2, GDPR, HIPAA)
- Forensic query capabilities
Future Extensions
These features are being considered for post-v1.0 releases based on community feedback.
Network Egress Control
Problem: MCP servers can currently make arbitrary network calls. Solution:- Declarative egress allow/block lists
- DNS-based filtering
- Container network isolation
- Circuit breaker patterns
Agent Capability Attestation
Problem: No cryptographic proof of agent capabilities. Solution:- Hardware-backed attestation (TPM, SGX)
- Manifest signing and verification
- Runtime integrity monitoring
- Capability certificates
Multi-Agent Workflows
Problem: Complex workflows involving multiple agents lack coordination. Solution:- Workflow-scoped policies
- Agent-to-agent delegation
- Composite audit trails
- Workflow orchestration primitives
AI Model Governance
Problem: No visibility into which models are used by agents. Solution:- Model provenance tracking
- Model allowlists by vendor/version
- Inference cost tracking
- Model bias auditing hooks
IETF Standardization Track
Our goal is to submit AIP to the IETF for standardization:Reference Implementations
Multiple independent implementationsStatus: Go implementation stable, Rust planned
How You Can Help
We welcome contributions at all levels:Try It
Deploy AIP in your environment and provide feedback on usability and edge cases.
Contribute Code
Implement features from the roadmap or build integrations with your favorite tools.
Spread the Word
Share your experience, write blog posts, or speak at conferences about AIP.
Stay Updated
Follow development progress:- GitHub Discussions: Architecture discussions
- GitHub Issues: Feature requests and bugs
- Twitter/X: @ArangoGutworker
- Changelog: Version history
Roadmap items and timelines are subject to change based on community feedback and priorities.