A runnable, local-first reference for how AI agents/services securely request, validate, monitor, rotate, and revoke short-lived service tokens across Dev / Test / Prod workflows. Built as a Zero-Trust control plane.
Status: working reference implementation / prototype, not a deployed product. The issuer, control plane, and protected service all run in one Python process as stand-ins for Entra ID / APIM / Key Vault. It demonstrates the mechanics and governance flow; productizing it (real IdP, multi-tenancy, real anomaly ML, org process) is the larger architecture effort.
| Capability | Where it shows |
|---|---|
| AI-driven token issuance | cp/issue — agents request tokens per service+env; policy-checked |
| Policy-based access validation | governance.evaluate_policy — env match, role allow-list, TTL cap, prod approval |
| Short-lived scoped credentials | per-env max TTL (dev 120 / test 90 / prod 45s); aud=api://<svc>.<env> |
| Autonomous token rotation | GovernedTokenCache rotates before expiry; predecessor → ROTATED |
| Audit & anomaly monitoring | append-only audit log; registry lifecycle; (anomaly hooks: see Roadmap) |
| Secure agent-to-agent comms | report-agent uses its OWN token to read deploy status — no shared creds |
| Revocation | per-token revoke + identity kill-switch; validation fails closed instantly |
DEV test-runner runs tests · ci-deployer deploys → OK
TEST test-runner runs tests · ci-deployer deploys → OK
PROD ci-deployer deploys WITHOUT approval → POLICY BLOCK
approver grants prod access
ci-deployer deploys (approved) → OK
A2A ci-deployer hands off to report-agent (own token) → OK
pip install -r requirements.txt
uvicorn app.main:app --host 127.0.0.1 --port 8000Open http://127.0.0.1:8000 and click Run Dev→Test→Prod pipeline.
- Watch the token registry fill with ACTIVE tokens, TTL bars counting down.
- See the POLICY block when prod is attempted before approval.
- Click revoke on any active token, or Kill-switch: ci-deployer, and watch state flip to REVOKED — the next call fails closed.
- Lower the TTL slider to watch autonomous rotation (ROTATED lineage).
Run the control-plane test suite: python tests/test_governance.py
ACTIVE → ROTATED (a successor was minted) · EXPIRED (TTL elapsed) ·
REVOKED (operator/kill-switch — added to deny-list, blocked on validation).
- Identity admins — create agent identities, signing keys, TTL policy.
- Resource owners — define app roles their service exposes.
- Approvers — grant prod access (the
cp/approvestep / PIM in production). - Agent teams — own the agent; cannot self-grant roles.
| Demo | Production (Zero Trust on Azure) |
|---|---|
governance.IDENTITIES |
Entra ID app registrations + app-role assignments |
| env in audience | separate tenants/subscriptions or CA scopes |
evaluate_policy |
Conditional Access + PIM + APIM policies (+ OPA/Rego) |
TOKENS registry |
issuance logs in Log Analytics / Sentinel |
REVOKED deny-list |
disable SP / remove assignment; gateway revocation list |
AUDIT log |
immutable log store (Log Analytics) |
GovernedTokenCache |
azure-identity DefaultAzureCredential |
- Real IdP integration (Entra ID) + Managed Identity (remove local secrets).
- Anomaly monitoring: flag abnormal issuance rate / off-hours / env-jump.
- Policy-as-code (OPA/Rego) instead of inline Python rules.
- Multi-tenant isolation + per-environment key separation.
- PIM-style time-bound approvals with full audit export.
app/
governance.py control plane: identities, policy, registry, revocation, audit
agents.py Dev/Test/Deploy workflow agents + GovernedTokenCache (rotation/retry)
jwt_keys.py RS256 signing key (Entra signing-key stand-in)
main.py FastAPI: control-plane API + protected service + SSE + dashboard
static/index.html governance control-plane dashboard
tests/
test_governance.py 13-case lifecycle proof