← 返回 Skills 市场
The three rules (enforced by SDK — see
Agent Mandate Protocol
作者
Shu-Yu (Jimmy) Lee
· GitHub ↗
· v1.0.1
· MIT-0
175
总下载
1
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install agent-mandate-protocol
功能描述
Use A-MAP (Agent Mandate Protocol) to verify incoming agent requests, sign outgoing requests, and delegate permissions to sub-agents. Covers the full cryptog...
使用说明 (SKILL.md)
A-MAP Skill
A-MAP (Agent Mandate Protocol) gives AI agents cryptographic proof of what they are authorized to do — and lets services verify that proof before acting.
Install
npm install @agentmandateprotocol/core
Part 1: Verify — Authenticate an Incoming Agent Request
Use this when another agent sends you a request and you need to confirm it was authorized by a human before acting on it.
When to verify
- A request includes
X-AMAP-Mandate,X-AMAP-Signature,X-AMAP-Timestamp,X-AMAP-Nonce, orX-AMAP-Agent-DIDheaders - You need to detect agent impersonation or replay attacks
- You need cryptographic proof of who authorized this agent to act
What you need
- The five A-MAP headers from the incoming request
- The expected permission the caller claims to have
- The public keys of all agents in the chain (distribute out-of-band)
How to verify
import { amap, InMemoryNonceStore, LocalKeyResolver } from '@agentmandateprotocol/core'
const keyResolver = new LocalKeyResolver(new Map([
['did:amap:sender-agent:1.0:abc', process.env.SENDER_PUBKEY],
]))
// Use Redis or Cloudflare KV in production — see Guardrails
const nonceStore = new InMemoryNonceStore()
try {
const result = await amap.verifyRequest({
headers: {
'X-AMAP-Agent-DID': request.headers['x-amap-agent-did'],
'X-AMAP-Mandate': request.headers['x-amap-mandate'],
'X-AMAP-Signature': request.headers['x-amap-signature'],
'X-AMAP-Timestamp': request.headers['x-amap-timestamp'],
'X-AMAP-Nonce': request.headers['x-amap-nonce'],
},
method: request.method,
path: request.path,
body: request.body,
expectedPermission: 'book_flight',
keyResolver,
nonceStore,
})
// Safe to proceed
console.log('Authorized by:', result.principal)
console.log('Effective limits:', result.effectiveConstraints)
console.log('Audit ID:', result.auditId) // always log this
} catch (err) {
// A-MAP throws on any failure — never returns { valid: false }
console.error(`Authorization failed: [${err.code}] ${err.message}`)
// Reject the request
}
Interpreting the result
On success (no error thrown):
result.principal— the human who originally authorized this chainresult.effectiveConstraints— merged limits across all hops (e.g.maxSpend: 347)result.chain— array of verified links, one per hopresult.auditId— UUID for this verification event — log it for audit trail
On failure (AmapError thrown):
err.code— specific error code (seereferences/error-codes.md)err.hop— which link in the chain failed (0 = root), if applicable
Verify guardrails
- Never proceed with an action if
verifyRequest()throws - Always log
result.auditIdfor audit trail - The default
InMemoryNonceStoredoes not work behind a load balancer — use a shared store (Redis, Cloudflare KV) in multi-instance deployments - Always check
result.effectiveConstraintsbefore consequential actions (e.g. checkmaxSpendbefore charging a card) - An
AmapErrormeans the agent was not authorized, the request is a replay, the chain was forged, or the identity is being spoofed — always reject
Part 2: Sign — Authenticate an Outgoing Request
Use this before calling any A-MAP-protected service to attach cryptographic proof that a human authorized your action.
When to sign
- You are calling a service that uses A-MAP to verify agents
- You need to prove a human authorized your action
- You are forwarding a delegation chain to a downstream service
Prerequisites
- A mandate chain (from
amap.issue()oramap.delegate()) - Your agent's Ed25519 private key in
AMAP_PRIVATE_KEY
How to sign
import { amap } from '@agentmandateprotocol/core'
const headers = amap.signRequest({
mandateChain: myMandateChain,
method: 'POST',
path: '/api/book-flight',
body: JSON.stringify(requestBody), // omit if no body
privateKey: process.env.AMAP_PRIVATE_KEY,
})
await fetch('https://api.example.com/book-flight', {
method: 'POST',
headers: { 'Content-Type': 'application/json', ...headers },
body: JSON.stringify(requestBody),
})
amap.signRequest() returns five headers ready to spread:
| Header | Content |
|---|---|
X-AMAP-Agent-DID |
DID of the signing agent |
X-AMAP-Mandate |
Base64url-encoded DelegationToken chain |
X-AMAP-Signature |
Ed25519 signature over canonical payload |
X-AMAP-Timestamp |
ISO8601 UTC timestamp |
X-AMAP-Nonce |
128-bit random hex string (single-use) |
See references/signed-request-format.md for the full payload schema.
Sign guardrails
- Never hardcode
AMAP_PRIVATE_KEY— always use an environment variable - Never log the private key
- A fresh nonce is generated on every
signRequest()call — never reuse headers - Check mandate expiry before signing — an expired mandate produces headers
the receiver will reject with
TOKEN_EXPIRED
Part 3: Delegate — Authorize a Sub-Agent
Use this when spawning a sub-agent that needs its own cryptographic proof of authorization to call external services on your behalf.
When to delegate
- You are spawning a sub-agent to handle part of a task
- A sub-agent needs to call A-MAP-protected services directly
- You want to limit what the sub-agent can do to a safe subset of your permissions
How to delegate
import { amap } from '@agentmandateprotocol/core'
// myToken = DelegationToken you received; myChain = full chain including myToken
let childToken
try {
childToken = await amap.delegate({
parentToken: myToken,
parentChain: myChain,
delegate: 'did:amap:sub-agent:1.0:xyz',
permissions: ['charge_card'], // must be subset of myToken.permissions
constraints: { maxSpend: 347 }, // can only tighten, never relax
expiresIn: '15m', // cannot exceed parent's remaining TTL
privateKey: process.env.AMAP_PRIVATE_KEY,
})
} catch (err) {
// AmapError thrown BEFORE signing if an invariant is violated:
// PERMISSION_INFLATION — permissions not in parent
// CONSTRAINT_RELAXATION — constraint looser than parent
// EXPIRY_VIOLATION — TTL exceeds parent's remaining time
throw err
}
// Pass the full chain to the sub-agent — not just the child token
const subAgentChain = [...myChain, childToken]
The sub-agent uses amap.signRequest({ mandateChain: subAgentChain, ... }) to
attach this chain to its outgoing requests.
Expiry strategy
| Task type | Recommended TTL |
|---|---|
| Single API call | 15s |
| One-off task | 60s |
| Short workflow | 5m |
| Extended session | Match parent — SDK enforces the ceiling |
The three rules (enforced by SDK — see references/delegation-invariants.md)
- Permissions can only narrow — you cannot grant what you do not have
- Constraints can only tighten — you cannot relax a limit set above you
- Expiry can only shorten — sub-agent tokens expire before yours
Delegate guardrails
- Always pass
subAgentChain(full chain), not just the new token - Set the shortest possible
expiresInfor sub-agents - Log
childToken.tokenIdfor audit trail - Never share your
AMAP_PRIVATE_KEY— each agent has its own keypair
安全使用建议
This skill is an instruction-only guide to using the A-MAP JS SDK and is internally consistent with that purpose. Before using it: 1) treat AMAP_PRIVATE_KEY as a high-value secret—store it in a secrets manager, never check it into source or logs, and use a dedicated key with limited scope and rotation. 2) Verify the npm package and GitHub repository provenance before installing (@agentmandateprotocol/core); run an npm audit and review package code if you will run it in production. 3) Do not rely on the provided InMemoryNonceStore in multi-instance deployments—use a shared store (Redis, Cloudflare KV) as the docs warn. 4) Ensure your environment clock is correct (timestamps are enforced). 5) Ensure SENDER_PUBKEYs are distributed securely out-of-band and that public keys are validated. 6) Because this is instruction-only, the skill will not auto-install anything; running the SDK requires you to install and vet dependencies yourself.
功能分析
Type: OpenClaw Skill
Name: agent-mandate-protocol
Version: 1.0.1
The agent-mandate-protocol skill is a security-focused bundle designed for cryptographic authorization between AI agents. It provides structured instructions and code snippets for verifying, signing, and delegating permissions using the @agentmandateprotocol/core library. The skill emphasizes security best practices, such as using environment variables for private keys, implementing nonce-based replay protection, and enforcing permission narrowing. No evidence of malicious intent, data exfiltration, or prompt injection was found in SKILL.md or the reference documentation.
能力评估
Purpose & Capability
Name/description describe an A-MAP JS SDK usage pattern. Required binaries (node, npm) and required env vars (AMAP_PRIVATE_KEY for signing, SENDER_PUBKEY for verifying) match the documented operations and are expected for a TypeScript/Node usage guide.
Instruction Scope
SKILL.md contains step-by-step usage for verifyRequest, signRequest, and delegation. It does not instruct reading unrelated files, harvesting unrelated env vars, or sending data to hidden endpoints. It explicitly warns about guardrails (do not log private key, use shared nonce store in production).
Install Mechanism
This is an instruction-only skill (no install spec). It shows an npm install command as a usage suggestion but does not perform any automatic downloads. Instruction-only is the lowest-risk install model.
Credentials
Only two env vars are required: AMAP_PRIVATE_KEY (private key used to sign) and SENDER_PUBKEY (public key used to verify a sender DID). Both are directly justified by the skill's cryptographic signing/verification purpose and are minimal for that functionality.
Persistence & Privilege
The skill is not always-enabled, does not request system config paths, and does not instruct changing other skills' configurations. It does not request persistent privileges beyond normal runtime environment variables.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install agent-mandate-protocol - 安装完成后,直接呼叫该 Skill 的名称或使用
/agent-mandate-protocol触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
agent-mandate-protocol 1.0.1
- Updated metadata to specify required binaries (`node`, `npm`) and environment variables (`AMAP_PRIVATE_KEY`, `SENDER_PUBKEY`).
- Changed the homepage URL to point to the official GitHub repository.
- Removed pinned npm dependency version in install instructions.
- No protocol or API changes; documentation and metadata only.
v1.0.0
agent-mandate-protocol 1.0.0
- Initial release implementing the A-MAP (Agent Mandate Protocol) cryptographic authorization flow for agent-to-agent communication
- Features include: verifying incoming agent requests, signing outgoing requests, and securely delegating permissions to sub-agents
- Protects against agent impersonation, replay attacks, chain forgery, and permission escalation
- Provides detailed guidance and guardrails for correct integration in AI and multi-agent systems
元数据
常见问题
Agent Mandate Protocol 是什么?
Use A-MAP (Agent Mandate Protocol) to verify incoming agent requests, sign outgoing requests, and delegate permissions to sub-agents. Covers the full cryptog... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 175 次。
如何安装 Agent Mandate Protocol?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install agent-mandate-protocol」即可一键安装,无需额外配置。
Agent Mandate Protocol 是免费的吗?
是的,Agent Mandate Protocol 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Agent Mandate Protocol 支持哪些平台?
Agent Mandate Protocol 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Agent Mandate Protocol?
由 Shu-Yu (Jimmy) Lee(@jimmyshuyulee)开发并维护,当前版本 v1.0.1。
推荐 Skills