gitmyhub

legant

Go ★ 1 updated 11d ago

Open-source delegated authorization for AI agents — RFC 8693 on-behalf-of tokens, offline-verified constraints, monotonic attenuation. Single Go binary, self-hostable.

An open-source Go server that controls what AI agents can do on a user's behalf, with scoped time-limited tokens, multi-agent delegation chains, and an MCP gateway.

GoPostgreSQLTypeScriptPythonsetup: hardcomplexity 4/5

Legant is an open-source authorization system designed specifically for AI agents. When an AI agent needs to take actions on behalf of a user, like submitting expenses, booking travel, or querying a database, Legant controls exactly what the agent is allowed to do and for how long. It runs as a single self-hostable binary written in Go.

The core idea is delegated authorization. Instead of giving an AI agent the same permissions as a full user, Legant issues a special token that carries fine-grained restrictions baked in: a maximum dollar amount, specific categories of actions it can perform, which services it can talk to, and how many minutes before the token expires. These constraints are embedded in a signed token that any connected service can verify on its own, without calling back to Legant every time.

When one AI agent spawns another, like a planning agent delegating work to an execution agent, each level in the chain can only have the same permissions or fewer than its parent. This property prevents a sub-agent from quietly expanding its own authority. The full chain of who-delegated-to-whom is recorded inside the token itself.

Legant also ships with a gateway component for the Model Context Protocol (MCP), a standard way for AI models to connect to tools and data sources. The gateway filters which tools each agent is allowed to see and call, and can kill a running agent mid-task. Tamper-evident audit logs record every agent action in a hash-chained event store.

The project includes over a dozen runnable demos covering scenarios like OAuth token theft replay, multi-agent pipelines, Kubernetes-based AI infrastructure, and analytics over a real Postgres database. SDKs are available for Go, TypeScript, and Python for verifying delegation tokens in resource servers. The project requires Go and Postgres to run. It is licensed under the Apache 2.0 license, which allows free use including commercial use.

Where it fits