OpenAgent Server adds agent-native authentication to APIs, brokers, tools, and internal services. It verifies the caller’s DID, completes the OAAP handshake, evaluates AEGIS policy, and passes a typed agent context into your handler.

What the server does

1

Exposes auth endpoints

POST /.well-known/openagent/auth and /.well-known/openagent/auth/prove implement the OAAP handshake.
2

Verifies agents

Runs the AEGIS 7-step verification pipeline: DID resolve, schema check, signature, revocation, lineage walk, liveness, conformance.
3

Enforces policies

Checks scopes, rate limits, delegation constraints, skills policy.
4

Provides context

Every handler receives a typed AuthenticatedContext with peer DID, conformance level, and session key.

Minimal middleware

import express from 'express';
import { createOpenAgentMiddleware } from '@openagent/sdk/server';

const app = express();

app.use(createOpenAgentMiddleware({
  audience: 'https://api.example.com',
  requireLineage: true,
  policies: [{ type: 'scope', value: 'tickets:triage' }],
}));

app.post('/tickets/triage', (req, res) => {
  res.json({
    accepted: true,
    agentDid: req.openagent.agentDid,
    sessionId: req.openagent.sessionId,
  });
});

Middleware

Axum, Express, Hono integrations.

Verification

The 7-step pipeline.

Policies

Scopes, delegation, skills.