Skip to main content

Contributing to the Agent Identity Protocol (AIP)

Thank you for your interest in contributing to AIP. This project aims to establish a zero-trust identity standard for autonomous AI agents.

Ways to Contribute

For Security Researchers

  • Threat modeling and attack surface analysis
  • Penetration testing of reference implementations
  • Review of cryptographic choices and identity flows

For Platform Engineers

  • Kubernetes operators and sidecar implementations
  • Cloud provider integrations (AWS, GCP, Azure)
  • Service mesh integrations (Istio, Linkerd)

For AI/ML Engineers

  • Agent framework integrations (LangChain, AutoGPT, CrewAI)
  • MCP transport implementations
  • SDK development (Python, TypeScript, Go)

For Compliance Teams

  • Regulatory mapping (SOC2, GDPR, HIPAA, FedRAMP)
  • Audit log schema standardization
  • Policy template libraries

Getting Started

Prerequisites

  • Go 1.21+ (for proxy development)
  • Python 3.11+ (for SDK and examples)
  • Node.js 20+ (for TypeScript SDK)

Development Setup

# Clone the repository
git clone https://github.com/ArangoGutierrez/agent-identity-protocol.git
cd agent-identity-protocol

# For Go proxy development
cd proxy && go mod download && go build ./...

# For Python SDK
cd sdk/python && pip install -e ".[dev]"

# For TypeScript SDK
cd sdk/typescript && npm install && npm run build

Contribution Process

1. Issues First

Before starting work, please:
  • Check existing issues for duplicates
  • Open an issue describing what you want to work on
  • Wait for maintainer feedback on approach

2. Branch Naming

feat/short-description    # New features
fix/issue-number          # Bug fixes
docs/what-changed         # Documentation
spec/proposal-name        # Specification changes

3. Commit Messages

Follow Conventional Commits: 
feat: add OIDC token validation to proxy
fix: handle empty manifest gracefully
docs: clarify egress filtering behavior
spec: add delegation token schema

4. Pull Requests

  • Fill out the PR template completely
  • Ensure CI passes (lint, test, build)
  • Request review from relevant CODEOWNERS
  • Squash commits before merge

Specification Changes

Changes to the AIP specification (spec/) require:
  1. RFC Process: Open an issue with [RFC] prefix
  2. Discussion Period: Minimum 2 weeks for community feedback
  3. Consensus: Approval from at least 2 maintainers
  4. Backward Compatibility: Document migration path if breaking

Code Style

Go

gofmt -s -w .
go vet ./...
golangci-lint run

Python

ruff check .
ruff format .
mypy .

TypeScript

npm run lint
npm run typecheck

Testing

All code changes require tests: 
# Go
go test -race -cover ./...

# Python
pytest --cov=aip

# TypeScript
npm test

Documentation

  • Code should be self-documenting with clear names
  • Public APIs require doc comments
  • Complex logic needs inline comments explaining “why”
  • User-facing changes need README/docs updates

Code of Conduct

We follow the Contributor Covenant v2.1. TL;DR: Be respectful, inclusive, and professional. Focus on the work, not the person.

License

By contributing to AIP, you agree that your contributions will be licensed under the Apache License 2.0.

Questions?

  • GitHub Discussions: Architecture and design questions
  • GitHub Issues: Bug reports and feature requests
  • Security Issues: See SECURITY.md
Thank you for helping make AI agents safer and more accountable.