What is Grantex?
AI agents are acting in the world — booking travel, sending emails, executing trades, managing files — on behalf of real humans. Many agent systems still rely on shared credentials and application-level controls that cannot answer these questions reliably:- No standard way to grant an agent scoped, time-limited permissions on your behalf
- Services can’t verify whether an agent is genuinely authorized by the claimed human
- No auditable, tamper-evident record of what an agent did, when, and under whose authority
- Multi-agent pipelines have no way to chain authorization — a sub-agent can’t prove it was legitimately spawned
Key Properties
Model-Neutral
Works with OpenAI, Anthropic, Google, Llama, and Mistral models. Framework adapters cover LangChain, Vercel AI SDK, and CrewAI; other stacks can integrate at the SDK or service boundary.
Framework-Native
First-class integrations for LangChain, AutoGen, CrewAI, Vercel AI, OpenAI Agents SDK, Google ADK, and MCP.
Offline-Verifiable
Services verify token signatures and claims using published JWKS after retrieving the keys. Current revocation still requires an online state check or synchronized revocation data.
Compliance Evidence
Audit records, control mappings, exports, and evidence-pack tooling can support reviews such as SOC 2 and GDPR assessments; they do not by themselves establish certification or legal compliance.
Current releases
The primary SDKs and MCP Auth server are published independently:
See Release Status for registry links, runtime requirements,
and the distinction between SDK, API-contract, and repository versions.
Install
The exact versions below make local and CI builds reproducible.Architecture
FAQ
Is this just another auth library?
Is this just another auth library?
Human identity systems and Grantex solve different layers. Human auth establishes who the person is; Grantex carries the scoped authority that person or organization delegated to a specific agent. Current revocation requires an online state check or synchronized revocation data at the enforcement point.
Why not just use OAuth 2.0?
Why not just use OAuth 2.0?
OAuth 2.0 was designed for “user grants app permission to access their data.” Agents introduce new requirements: the agent needs a verifiable identity separate from its creator, grants need to be chainable across multi-agent pipelines, and every autonomous action must be attributable and auditable. We extend OAuth 2.0 concepts but add the agent-specific primitives it lacks.
What about MCP (Model Context Protocol)?
What about MCP (Model Context Protocol)?
MCP connects clients to tools and resources and defines optional OAuth-based authorization for HTTP transports. Grantex adds agent-specific delegated authority at the tool or service boundary: which agent may perform which action for which principal. The two layers are complementary.
Can I self-host?
Can I self-host?
Yes. The reference implementation is fully open-source. Docker Compose deploy in one command. See the self-hosting guide.
Who owns the standard?
Who owns the standard?
The Grantex protocol specification is open under Apache 2.0 and frozen at v1.0. The related Delegated Agent Authorization Protocol (DAAP) Internet-Draft is an individual submission for discussion; it is not an IETF-adopted or endorsed standard.