AgentID: manifest + gateway pattern for authorizing AI agent tool calls with OPA policy output

[dinpd]

Hi OPA community,

I am working on AgentID, an open-source project for putting runtime authorization checks in front of AI agent tool execution.

Repo: https://github.com/dinpd/AgentID
Demo: https://agentid-refund-demo.drisw.workers.dev/
Policy builder: https://agentid-policy-builder.pages.dev/

The idea is to make an agent's authority explicit in a manifest, then enforce that authority before tools run. A manifest declares:

• agent identity, owner, purpose, and expiry
• allowed tools and actions
• allowed and blocked data flows
• JIT approval requirements for sensitive actions
• OIDC/JWKS settings for production identity validation
• audit and kill-switch expectations

The CLI can validate manifests, score risk, and generate starter OPA/Rego policy:

agentid validate examples/customer-support-refund-agent.yaml
agentid risk-score examples/customer-support-refund-agent.yaml
agentid generate-policy examples/customer-support-refund-agent.yaml --target opa

There is also a Cloudflare Workers gateway that checks tool calls before execution, including single-use JIT grants for sensitive operations.

The current demo models a SaaS refund workflow: the app checks support context access, refund-history access, human notification requirements, and scoped JIT authority before allowing a Stripe refund.

I would value feedback from OPA users on:

1. Whether the manifest-to-Rego model feels useful or too high-level.
2. What policy shape would make the generated Rego easier to adopt.
3. Whether this belongs as an OPA ecosystem project once the integration matures.

Thanks.