Agent-Safe
Embed authorization in the token. 150 lines. Zero deps. Microseconds.
Parse + eval: ~15 μs · Eval only: ~2 μs
Embed authorization in the token. 150 lines. Zero deps. Microseconds.
Every authorization decision an AI agent makes currently requires a round-trip to a policy server. At agent scale — thousands of micro-decisions per second across thousands of agents — that's not a reliability problem. It's a throughput and latency tax on every operation.
SPL moves the policy into the token. The service that receives the request verifies it locally. The policy server only matters when minting the token, not when verifying it.
OPA/Cedar add 1–5 ms per decision (network + evaluation). SPL evaluates in ~2 μs. That's 100–1,000x faster with no network in the path.
1,000 agents × 100 decisions/min = 100K requests/min to your policy server. With SPL, it's zero.
OAuth tokens grant broad access. SPL lets you say "only purchases under $50 for gift cards to family members, max 1 per day."
Token = signed SPL policy + Merkle root + hash-chain commitment + DPoP binding. One function call. No server.
The SQLite of agent authorization. You embed it. It's 150 lines. No server to deploy, no sidecar to manage, no protobuf to compile. When you outgrow it, you'll know.
Benchmarked on Apple M1 Max. Policy: family_gifts.spl (10 conjuncts including crypto predicates).
| System | Policy in Token | Language | Local Verify | Offline Budgets | Zero Deps |
|---|---|---|---|---|---|
| SPL | Yes | S-expr (~150 LOC) | Yes | Yes | Yes |
| Biscuit | Yes | Datalog | Yes | No | Protobuf |
| Macaroons | Caveats only | N/A | Partial | No | HMAC lib |
| Cedar | No | Full policy | Server-side | No | Engine |
| OPA/Rego | No | Rego (Turing-complete) | Server-side | No | OPA server |
Where Biscuit wins: third-party blocks, revocation IDs, token sealing (SPL now has this too), and production maturity. Where SPL wins: 150-line evaluator, zero dependencies, hash-chain offline budgets, and no protobuf in the critical path. Choose Biscuit when you need multi-org delegation. Choose SPL when you need the simplest thing that works.
Edit the policy or request and click Evaluate. This runs the full SPL evaluator in your browser — the same algorithm as all six server-side SDKs.
npm install agent-safe-spl
go get github.com/jmcentire/agent-safe/sdk/go
pip install agent-safe-spl
cargo add agent-safe-spl
cd sdk/java && mvn install
cd sdk/csharp && dotnet build
249 tests across 6 SDKs. Shared crypto test vectors ensure cross-language compatibility.
Agent-Safe is one layer of a larger privacy architecture. Each component addresses a different failure mode.
Cryptographic vault. Three-tier data model, ZK proofs, Ed25519 root of trust.
Self-validating documents. Hash chain, Ed25519 signatures, embedded validators.
Storage the operator can't read. Client-side encryption, opaque record IDs.
Ephemeral P2P messaging. No servers, no metadata, no persistence.