Agent Authentication

Authenticate CI/CD agents and workloads via OIDC bridge tokens.

AgentAuth

AgentAuth(bridge_url: str, attestation_chain_path: str, root_public_key: str | None = None)

Auths agent authentication for MCP tool servers.

Exchanges a KERI attestation chain for a scoped JWT via the OIDC bridge.

Parameters:

• bridge_url (str) –

  The OIDC bridge base URL (e.g., "https://oidc.example.com").

• attestation_chain_path (str) –

  Path to the JSON file containing the attestation chain.

• root_public_key (str | None, default: None ) –

  Hex-encoded Ed25519 public key of the root identity.

get_token

get_token(capabilities: list[str] | None = None) -> str

Get a Bearer token for MCP tool access.

Parameters:

• capabilities (list[str] | None, default: None ) –

  List of capabilities to request.

Returns:

• str –

  The JWT access token string.