Skip to main content

Overview

The Go implementation is the reference implementation of the Agent Identity Protocol. It provides a production-ready proxy that enforces zero-trust authorization for AI agents.

aip-go Repository

Official Go SDK and proxy implementation - stable and production-ready

Implementation Status

LanguageRepositoryStatusConformance Level
Goaip-go✅ StableFull + Extended
Rustaip-rust🚧 Coming Soon-

What the Go Proxy Does

The Go proxy operates as a transparent sidecar between your AI client (Cursor, Claude Desktop, VS Code) and MCP tool servers. It intercepts every tool call and enforces policy before the request reaches your infrastructure.

Core Capabilities

Policy Enforcement

Tool allowlists, argument validation, and action-level authorization

DLP Scanning

Redacts secrets (API keys, credentials) from agent responses

Audit Logging

Immutable JSONL logs tied to agent identity for compliance

Human-in-the-Loop

Native OS approval dialogs for sensitive operations

Installation

1

Install the Go proxy

# Using Go
go install github.com/openagentidentityprotocol/aip-go/cmd/aip@latest

# Or download binary from releases
curl -L https://github.com/openagentidentityprotocol/aip-go/releases/latest/download/aip-linux-amd64 -o aip
chmod +x aip
2

Verify installation

aip --version

Quick Start

1

Wrap an existing MCP server

# Secure your Docker MCP with a read-only policy
aip wrap docker --policy ./policies/read-only.yaml
2

Start the proxy manually

# Proxy any MCP server
aip --target "python mcp_server.py" --policy ./agent.yaml
3

Generate IDE configuration

# Generate Cursor/Claude Desktop config
aip --generate-cursor-config --policy ./agent.yaml --target "npx @mcp/server"

Basic Usage Example

Define Your Policy

agent.yaml
apiVersion: aip.io/v1alpha1
kind: AgentPolicy
metadata:
  name: secure-agent
spec:
  mode: enforce
  allowed_tools:
    - read_file
    - list_directory
    - git_status
  tool_rules:
    - tool: write_file
      action: ask        # Human approval required
    - tool: exec_command
      action: block      # Never allowed
  dlp:
    patterns:
      - name: "AWS Key"
        regex: "AKIA[A-Z0-9]{16}"
      - name: "GitHub Token"
        regex: "ghp_[a-zA-Z0-9]{36}"

Run the Proxy

aip --target "npx -y @modelcontextprotocol/server-filesystem /home/user" \
    --policy ./agent.yaml \
    --audit-log ./audit.jsonl

What Happens on a Policy Violation

When an agent attempts a blocked action: 
{
  "jsonrpc": "2.0",
  "id": 1,
  "error": {
    "code": -32001,
    "message": "Permission Denied: Tool 'delete_database' is not allowed by policy"
  }
}
The request never reaches your infrastructure. This is zero-trust authorization in action.

Architecture Features

Defense-in-Depth

The Go proxy implements multiple security layers:
1

Signature Verification

Verifies Agent Authentication Token (AAT) cryptographic signatures
2

Policy Evaluation

Checks tool calls against YAML-defined authorization rules
3

Argument Validation

Validates tool arguments using regex patterns and type constraints
4

DLP Scanning

Scans both requests and responses for sensitive data patterns
5

Audit Logging

Writes immutable logs for every decision (allow, deny, ask)

Attack Blocked Example

Reference Implementation Features

The Go proxy is the canonical implementation of the AIP specification and demonstrates:

Policy Loading

YAML and JSON schema validation

Unicode Normalization

NFKC normalization for security

Error Codes

All AIP-defined error codes (-32001, -32002, etc.)

Monitor Mode

Non-blocking policy testing
Conformance Level: The Go implementation passes Full + Extended conformance tests. See Conformance Testing for details.

Configuration Options

Command-Line Flags

FlagDescriptionExample
--targetCommand to launch the real MCP server"python server.py"
--policyPath to policy YAML file./agent.yaml
--audit-logPath to audit log file (JSONL)./audit.jsonl
--modeOverride policy mode (enforce/monitor)monitor
--portPort for proxy to listen on3000

Environment Variables

# Override policy mode
export AIP_MODE=monitor

# Set custom audit log location
export AIP_AUDIT_LOG=/var/log/aip/audit.jsonl

# Enable debug logging
export AIP_LOG_LEVEL=debug

Development

Prerequisites

  • Go 1.21+
  • MCP-compatible tool server

Build from Source

# Clone the repository
git clone https://github.com/openagentidentityprotocol/aip-go.git
cd aip-go

# Build the proxy
go build ./cmd/aip

# Run tests
go test -race -cover ./...

Code Style

# Format code
gofmt -s -w .

# Lint
go vet ./...
golangci-lint run

Next Steps

Conformance Testing

Validate your AIP implementation

Policy Reference

Complete YAML schema documentation

Contributing

Build new language implementations

Specification

Read the formal protocol definition

Community

Want to contribute to the Go implementation?
  • GitHub Issues: Bug reports and feature requests
  • Pull Requests: Code contributions welcome
  • Discussions: Architecture and design questions
See CONTRIBUTING.md for guidelines.

Build docs developers (and LLMs) love

Get started for freeTalk to us