Skip to main content

What is Grantex?

AI agents are acting in the world — booking travel, sending emails, executing trades, managing files — on behalf of real humans. Many agent systems still rely on shared credentials and application-level controls that cannot answer these questions reliably:
  • No standard way to grant an agent scoped, time-limited permissions on your behalf
  • Services can’t verify whether an agent is genuinely authorized by the claimed human
  • No auditable, tamper-evident record of what an agent did, when, and under whose authority
  • Multi-agent pipelines have no way to chain authorization — a sub-agent can’t prove it was legitimately spawned
Grantex is an open-source delegated authorization protocol and reference implementation for AI agents. It gives each agent a verifiable identity and scoped, time-limited, revocable authority from a human or organization, with multi-agent delegation, service-side verification, and audit records. Grantex complements OAuth 2.0 and MCP: OAuth handles application and user authorization, MCP connects models to tools, and Grantex proves which agent may perform which action for which principal.

Key Properties

Model-Neutral

Works with OpenAI, Anthropic, Google, Llama, and Mistral models. Framework adapters cover LangChain, Vercel AI SDK, and CrewAI; other stacks can integrate at the SDK or service boundary.

Framework-Native

First-class integrations for LangChain, AutoGen, CrewAI, Vercel AI, OpenAI Agents SDK, Google ADK, and MCP.

Offline-Verifiable

Services verify token signatures and claims using published JWKS after retrieving the keys. Current revocation still requires an online state check or synchronized revocation data.

Compliance Evidence

Audit records, control mappings, exports, and evidence-pack tooling can support reviews such as SOC 2 and GDPR assessments; they do not by themselves establish certification or legal compliance.

Current releases

The primary SDKs and MCP Auth server are published independently: See Release Status for registry links, runtime requirements, and the distinction between SDK, API-contract, and repository versions.

Install

The exact versions below make local and CI builds reproducible.

Architecture

FAQ

Human identity systems and Grantex solve different layers. Human auth establishes who the person is; Grantex carries the scoped authority that person or organization delegated to a specific agent. Current revocation requires an online state check or synchronized revocation data at the enforcement point.
OAuth 2.0 was designed for “user grants app permission to access their data.” Agents introduce new requirements: the agent needs a verifiable identity separate from its creator, grants need to be chainable across multi-agent pipelines, and every autonomous action must be attributable and auditable. We extend OAuth 2.0 concepts but add the agent-specific primitives it lacks.
MCP connects clients to tools and resources and defines optional OAuth-based authorization for HTTP transports. Grantex adds agent-specific delegated authority at the tool or service boundary: which agent may perform which action for which principal. The two layers are complementary.
Yes. The reference implementation is fully open-source. Docker Compose deploy in one command. See the self-hosting guide.
The Grantex protocol specification is open under Apache 2.0 and frozen at v1.0. The related Delegated Agent Authorization Protocol (DAAP) Internet-Draft is an individual submission for discussion; it is not an IETF-adopted or endorsed standard.
Last modified on July 12, 2026