Agent Identity API Reference¶
Identity, tracing, and attribution for agents — every public class,
factory, and exception across promptise.identity.
For concepts and setup, start with the Agent Identity overview.
Public class¶
AgentIdentity¶
The entire user-facing surface. Construct a local identity directly, or
use a credential factory (from_entra, from_aws, from_gcp,
from_spiffe, from_oidc, or auto) to make it verifiable. Pass it to
build_agent(identity=...) to attribute the agent's actions to it.
promptise.identity.AgentIdentity
¶
The identity of an agent — for tracing and attributing its actions.
Construct a local identity directly, or use a credential factory
(:meth:from_entra, :meth:from_aws, :meth:from_gcp,
:meth:from_spiffe, :meth:from_oidc, or :meth:auto) to make it
verifiable. An instance is immutable in identity and safe to share
across threads.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
agent_id
|
str | None
|
Optional local handle. For a verifiable identity you
can omit it: the authoritative identifier then comes from the
IdP — the |
None
|
name
|
str | None
|
Optional human-readable display name. |
None
|
owner
|
str | None
|
Optional owner — the team or person operating the agent. |
None
|
labels
|
Mapping[str, str] | None
|
Optional free-form key/value metadata (team, environment, version) carried alongside the identity on every trace. |
None
|
credential
|
IdentityProvider | None
|
Optional :class: |
None
|
Raises:
| Type | Description |
|---|---|
ProviderConfigError
|
If neither an |
agent_id = normalized
instance-attribute
¶
name = name
instance-attribute
¶
owner = owner
instance-attribute
¶
labels = dict(labels or {})
instance-attribute
¶
is_verifiable
property
¶
True when a credential provider backs this identity.
credential_provider
property
¶
The backing provider's label (e.g. "entra-imds"), if any.
credential
property
¶
The backing :class:IdentityProvider (advanced use).
from_entra(agent_id=None, *, name=None, owner=None, labels=None, mode='auto', client_id=None, token_file=None, resource=_ENTRA_DEFAULT_RESOURCE)
classmethod
¶
Build an identity backed by Microsoft Entra ID.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
agent_id
|
str | None
|
Stable identifier for the agent. |
None
|
name
|
str | None
|
Optional display name. |
None
|
owner
|
str | None
|
Optional owning team or person. |
None
|
labels
|
Mapping[str, str] | None
|
Optional free-form metadata. |
None
|
mode
|
Literal['auto', 'imds', 'projected']
|
|
'auto'
|
client_id
|
str | None
|
Managed-identity client id (IMDS mode). |
None
|
token_file
|
str | Path | None
|
Projected token path (projected mode). |
None
|
resource
|
str
|
Resource/audience the credential targets. |
_DEFAULT_RESOURCE
|
from_aws(agent_id=None, *, name=None, owner=None, labels=None, mode='auto', region=None, token_file=None, audience=_AWS_DEFAULT_AUDIENCE, signing_algorithm=_AWS_DEFAULT_SIGNING_ALGORITHM)
classmethod
¶
Build an identity backed by AWS IAM.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
agent_id
|
str | None
|
Stable identifier for the agent. |
None
|
name
|
str | None
|
Optional display name. |
None
|
owner
|
str | None
|
Optional owning team or person. |
None
|
labels
|
Mapping[str, str] | None
|
Optional free-form metadata. |
None
|
mode
|
Literal['auto', 'sts', 'projected']
|
|
'auto'
|
region
|
str | None
|
AWS region for STS. Falls back to |
None
|
token_file
|
str | Path | None
|
EKS-projected token path. |
None
|
audience
|
str
|
Audience the credential targets. |
_DEFAULT_AUDIENCE
|
signing_algorithm
|
str
|
STS signing algorithm (e.g. |
_DEFAULT_SIGNING_ALGORITHM
|
from_gcp(agent_id=None, *, name=None, owner=None, labels=None, audience=_GCP_DEFAULT_AUDIENCE, service_account_email=_GCP_DEFAULT_SERVICE_ACCOUNT_EMAIL, request_timeout=5.0)
classmethod
¶
Build an identity backed by Google Cloud.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
agent_id
|
str | None
|
Stable identifier for the agent. |
None
|
name
|
str | None
|
Optional display name. |
None
|
owner
|
str | None
|
Optional owning team or person. |
None
|
labels
|
Mapping[str, str] | None
|
Optional free-form metadata. |
None
|
audience
|
str
|
Audience the credential targets. |
_DEFAULT_AUDIENCE
|
service_account_email
|
str
|
Attached service account whose
identity to request ( |
_DEFAULT_SERVICE_ACCOUNT_EMAIL
|
request_timeout
|
float
|
Seconds to wait for the metadata response. |
5.0
|
from_spiffe(agent_id=None, *, name=None, owner=None, labels=None, mode='auto', token_file=None, socket_path=None, audience=_SPIFFE_DEFAULT_AUDIENCE)
classmethod
¶
Build an identity backed by SPIFFE / SPIRE.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
agent_id
|
str | None
|
Stable identifier for the agent. |
None
|
name
|
str | None
|
Optional display name. |
None
|
owner
|
str | None
|
Optional owning team or person. |
None
|
labels
|
Mapping[str, str] | None
|
Optional free-form metadata. |
None
|
mode
|
Literal['auto', 'file', 'sdk']
|
|
'auto'
|
token_file
|
str | Path | None
|
JWT-SVID path (file mode). |
None
|
socket_path
|
str | None
|
Workload API socket (SDK mode). Falls back to
|
None
|
audience
|
str
|
Audience the JWT-SVID targets. |
_DEFAULT_AUDIENCE
|
from_oidc(agent_id=None, *, issuer, name=None, owner=None, labels=None, token_file=None, token_fn=None, token_env_var=None)
classmethod
¶
Build an identity backed by a generic OIDC issuer.
Exactly one of token_file, token_fn, or token_env_var
must be supplied.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
agent_id
|
str | None
|
Stable identifier for the agent. |
None
|
issuer
|
str
|
The OIDC issuer URL. |
required |
name
|
str | None
|
Optional display name. |
None
|
owner
|
str | None
|
Optional owning team or person. |
None
|
labels
|
Mapping[str, str] | None
|
Optional free-form metadata. |
None
|
token_file
|
str | Path | None
|
Path to a file holding the JWT. |
None
|
token_fn
|
Callable[[], str] | None
|
Zero-arg callable returning the JWT. |
None
|
token_env_var
|
str | None
|
Env var holding the JWT (re-read each refresh). |
None
|
auto(agent_id=None, *, name=None, owner=None, labels=None)
classmethod
¶
Detect the platform and build a verifiable identity for it.
Uses environment markers to pick Entra, AWS, GCP, or SPIFFE and dispatches to the matching factory with platform defaults.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
agent_id
|
str | None
|
Stable identifier for the agent. |
None
|
name
|
str | None
|
Optional display name. |
None
|
owner
|
str | None
|
Optional owning team or person. |
None
|
labels
|
Mapping[str, str] | None
|
Optional free-form metadata. |
None
|
Raises:
| Type | Description |
|---|---|
PlatformDetectionError
|
When no platform marker is present.
Construct a local |
subject()
¶
Return the IdP-assigned identifier from the credential.
The persistent identity lives in the IdP; this reads who the IdP
says the agent is — the sub claim (or oid for Microsoft
Entra) of the verifiable credential. Acquiring the credential
may contact the platform; the result is cached on the provider.
.. note::
The claim is read without verifying the credential's
signature — the holder trusts its own IdP-issued token, and
the receiving resource is what verifies the signature on
presentation (see :class:~promptise.mcp.server.JwksAuth).
For local attribution this is authoritative only insofar as
the credential source is trusted; if you wire an untrusted
token_fn / env var / file, the returned subject is only as
trustworthy as that source.
Returns:
| Type | Description |
|---|---|
str
|
The IdP subject ( |
str
|
( |
Raises:
| Type | Description |
|---|---|
ProviderConfigError
|
If this is a local identity with no credential backing. |
CredentialAcquisitionError
|
If the credential carries neither
a |
idp_claims()
¶
Return the identity-relevant claims from the credential.
A subset of the credential's claims that describe who the IdP
says the agent is and who issued the identity: sub, oid,
iss, aud, azp, appid.
Raises:
| Type | Description |
|---|---|
ProviderConfigError
|
If this is a local identity. |
resolve_identifier()
¶
Return the authoritative identifier for this identity.
The explicit agent_id handle when one was given, otherwise the
IdP subject (which contacts the platform). This is the value used
to attribute the agent's actions.
claims()
¶
Return the identity as a dict for stamping onto traces/audit.
Contains the agent_id and whichever of name, owner,
credential_provider, and labels are set, plus a
verifiable flag. Never includes a credential token.
get_credential(audience=None)
¶
Return a signed credential (JWT) proving this identity.
Present this to a resource the agent calls — an MCP server or an HTTP API — so it can verify and attribute the caller.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
audience
|
str | None
|
The resource the credential targets. When given, an
IdP-backed identity whose provider can re-mint (Entra IMDS,
AWS STS, GCP metadata, SPIFFE SDK) issues a credential
scoped to that audience — so one identity can present to
several resources. Projected-token and OIDC file/env
modes have a fixed audience and ignore this. |
None
|
Returns:
| Type | Description |
|---|---|
str
|
The credential JWT. |
Raises:
| Type | Description |
|---|---|
ProviderConfigError
|
When this is a local identity with no verifiable credential backing. |
CredentialAcquisitionError
|
When the backing provider cannot mint a credential. |
auth_header(audience=None)
¶
Return {"Authorization": "Bearer <credential>"}.
Convenience for presenting the identity to an MCP server or API.
Requires a verifiable identity (see :meth:get_credential).
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
audience
|
str | None
|
The resource the credential targets (see
:meth: |
None
|
Credential providers¶
The verifiable backing of an identity. Use the factory classmethods on
AgentIdentity; these classes are exported for advanced use.
IdentityProvider¶
promptise.identity.IdentityProvider
¶
Bases: ABC
Abstract base for a verifiable agent-identity credential source.
A single instance is safe to share across threads. Concurrent calls
to :meth:get_credential collapse into one acquisition, serialised
by the lock. The cache is process-local: each process acquires its
own credential rather than sharing one.
provider_name
abstractmethod
property
¶
A short identifier used in log messages and error output.
get_credential(audience=None)
¶
Return a currently-valid identity credential (a JWT).
Returns the cached credential for audience when it is still
well inside its lifetime; otherwise acquires a fresh one. The
credential's expiry is read from its exp claim; a credential
with no decodable expiry (an opaque token, or a rotated file token)
is re-acquired on every call.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
audience
|
str | None
|
The resource the credential is for. |
None
|
Returns:
| Type | Description |
|---|---|
str
|
The credential JWT to present to a resource. |
Raises:
| Type | Description |
|---|---|
CredentialAcquisitionError
|
When the platform cannot supply a fresh JWT and none is safely cached. |
auth_header(audience=None)
¶
Return a ready-to-use Authorization bearer header.
Convenience for presenting the identity credential to a resource — an MCP server or a third-party API the agent calls.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
audience
|
str | None
|
The resource the credential is for (see
:meth: |
None
|
Returns:
| Type | Description |
|---|---|
dict[str, str]
|
|
FileTokenProvider¶
promptise.identity.FileTokenProvider
¶
Bases: IdentityProvider
Reads the identity JWT from a file on disk on every refresh.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
token_file
|
str | Path
|
Filesystem path to the JWT file. The framework
re-opens this file on every refresh; the projection
mechanism (Kubernetes, AKS, |
required |
provider_label
|
str
|
Short string used in log messages and error output. Concrete provider subclasses (Entra projected, AWS EKS projected, SPIFFE file, generic OIDC file) pass their own label. |
'file'
|
token_file
property
¶
Path of the projected JWT file (read-only access).
CallableTokenProvider¶
promptise.identity.CallableTokenProvider
¶
Bases: IdentityProvider
Invokes a user-supplied callable to acquire the identity JWT.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
token_fn
|
Callable[[str | None], str]
|
A callable that returns the JWT as a string, accepting
the requested |
required |
provider_label
|
str
|
Short string used in log messages and error output. Concrete provider subclasses (Entra IMDS, AWS STS, GCP metadata, SPIFFE SDK, generic OIDC callable) pass their own label. |
'callable'
|
Concrete providers¶
promptise.identity.EntraManagedIdentityProvider
¶
Bases: CallableTokenProvider
Entra managed-identity credential source backed by Azure IMDS.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
client_id
|
str | None
|
Optional client ID of a user-assigned managed identity. Omit for the resource's system-assigned identity. |
None
|
resource
|
str
|
The resource (audience) to request — set this to the resource the agent presents its identity to. |
_DEFAULT_RESOURCE
|
api_version
|
str
|
IMDS API version. Defaults to |
_DEFAULT_IMDS_API_VERSION
|
imds_endpoint
|
str
|
Override for the IMDS URL — primarily for tests. |
_IMDS_TOKEN_ENDPOINT
|
request_timeout
|
float
|
Seconds to wait for the IMDS response. Defaults to five seconds; IMDS is link-local and fast. |
5.0
|
promptise.identity.EntraProjectedTokenProvider
¶
Bases: FileTokenProvider
Entra projected-token credential source for AKS Workload Identity.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
token_file
|
str | Path | None
|
Path to the projected token. Defaults to the value
of |
None
|
promptise.identity.AwsStsProvider
¶
Bases: CallableTokenProvider
AWS STS web-identity-token credential source (lazily imports boto3).
STS is regional, so a region is required. It is resolved from the
region argument, then AWS_REGION, then AWS_DEFAULT_REGION.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
region
|
str | None
|
AWS region for the STS client. Falls back to
|
None
|
audience
|
str
|
Audience to request in the web-identity token — the resource the agent authenticates to. |
_DEFAULT_AUDIENCE
|
signing_algorithm
|
str
|
JWT signing algorithm STS should use.
Defaults to |
_DEFAULT_SIGNING_ALGORITHM
|
Raises:
| Type | Description |
|---|---|
ProviderConfigError
|
At construction, if no region can be resolved. |
promptise.identity.AwsEksProjectedProvider
¶
Bases: FileTokenProvider
AWS EKS projected-token credential source.
Reads a projected federated token from
$PROMPTISE_IDENTITY_TOKEN_FILE (default
/var/run/secrets/promptise/token). Requires no boto3.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
token_file
|
str | Path | None
|
Projected-token path. Defaults to
|
None
|
promptise.identity.GcpMetadataProvider
¶
Bases: CallableTokenProvider
GCP credential source backed by the Compute metadata server.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
audience
|
str
|
Audience to request in the identity token — the resource the agent authenticates to. |
_DEFAULT_AUDIENCE
|
service_account_email
|
str
|
The attached service account whose
identity to request. |
_DEFAULT_SERVICE_ACCOUNT_EMAIL
|
metadata_endpoint
|
str | None
|
Override for the metadata URL — primarily for
tests. When |
None
|
request_timeout
|
float
|
Seconds to wait for the metadata response. Defaults to five seconds; the metadata server is link-local. |
5.0
|
promptise.identity.SpiffeFileProvider
¶
Bases: FileTokenProvider
SPIFFE credential source reading a JWT-SVID from spiffe-helper.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
token_file
|
str | Path
|
Path to the JWT-SVID file |
required |
promptise.identity.SpiffeSdkProvider
¶
Bases: CallableTokenProvider
SPIFFE credential source using the Workload API via pyspiffe.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
socket_path
|
str | None
|
SPIRE agent Workload API socket. Falls back to
|
None
|
audience
|
str
|
Audience to request in the JWT-SVID — the resource the agent authenticates to. |
_DEFAULT_AUDIENCE
|
promptise.identity.OidcFileProvider
¶
Bases: FileTokenProvider
Generic OIDC credential source that reads the JWT from a file path.
A thin specialisation of :class:FileTokenProvider that records the
issuer and fixes the provider label to "oidc:<issuer>".
Construct via :meth:AgentIdentity.from_oidc rather than directly.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
issuer
|
str
|
The OIDC issuer URL — the |
required |
token_file
|
str | Path
|
See :class: |
required |
promptise.identity.OidcCallableProvider
¶
Bases: CallableTokenProvider
Generic OIDC credential source that invokes a callable for the JWT.
A thin specialisation of :class:CallableTokenProvider that records
the issuer and fixes the provider label to "oidc:<issuer>".
Construct via :meth:AgentIdentity.from_oidc rather than directly.
Environment-variable mode is implemented on top of this class with a
callable that reads the variable fresh on every refresh.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
issuer
|
str
|
The OIDC issuer URL — the |
required |
token_fn
|
Callable[[], str]
|
A zero-argument callable returning the JWT. The token's audience is fixed by the issuer, so a per-resource audience request is ignored (this is a passive provider). |
required |
Credential cache¶
CachedCredential¶
promptise.identity.CachedCredential
dataclass
¶
One cached identity credential (a verifiable JWT) and its expiry.
Immutable. A provider holds at most one instance and replaces it rather than mutating it.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
token
|
str
|
The credential JWT the agent presents to resources. |
required |
expires_at_epoch
|
float | None
|
The Unix timestamp from the JWT's |
required |
is_stale(buffer_seconds=CREDENTIAL_REFRESH_BUFFER_SECONDS)
¶
Return True when the credential should be re-acquired.
A credential with no known expiry is always stale (re-acquired
on every use). Otherwise it is stale once the current time is
within buffer_seconds of the exp claim.
decode_jwt_claims¶
promptise.identity.decode_jwt_claims(jwt)
¶
Best-effort decode of a JWT's claims payload, without verifying.
The holder of a credential does not verify its own signature — that
is the receiving resource's job. This decodes the payload segment so
the framework can read identity claims (sub, oid, …) and the
expiry. Returns an empty dict if anything is malformed.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
jwt
|
str
|
A compact-serialization JWT ( |
required |
Returns:
| Type | Description |
|---|---|
dict[str, Any]
|
The decoded claims, or |
decode_jwt_expiry¶
promptise.identity.decode_jwt_expiry(jwt)
¶
Best-effort read of the exp claim from a JWT, without verifying.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
jwt
|
str
|
A compact-serialization JWT ( |
required |
Returns:
| Type | Description |
|---|---|
float | None
|
The |
float | None
|
malformed. |
Exceptions¶
All derive from IdentityError.
promptise.identity.IdentityError
¶
Bases: Exception
Base exception for every Agent Identity failure.
Catching :class:IdentityError catches every error raised by
promptise.identity regardless of which provider produced it.
promptise.identity.CredentialAcquisitionError
¶
Bases: IdentityError
A verifiable credential provider could not produce an identity JWT.
Most common causes:
- The platform metadata service (Azure IMDS, GCP metadata server, AWS STS) is unreachable from this workload.
- The federated token file declared by an environment variable does not exist or is not readable.
- A user-supplied callable raised an exception (the original
exception is chained on
__cause__). - A required environment variable is unset.
promptise.identity.ProviderConfigError
¶
Bases: IdentityError
A credential provider was misconfigured at construction time.
Most common causes:
- A required argument is missing and no environment fallback was set.
- Conflicting arguments were supplied (for example, both
token_fileandtoken_fnto the OIDC credential). - A required optional dependency is missing — boto3 for AWS, or
pyspiffe for SPIFFE SDK mode. The exception message names the
exact
pip installcommand that resolves it.
promptise.identity.PlatformDetectionError
¶
Bases: IdentityError
:meth:AgentIdentity.auto could not detect a supported platform.
Most common cause: the process is running on a host that does not
expose a workload identity (a developer laptop, a bare VM without
managed identity, a container without service-account token
projection). Either construct a local :class:AgentIdentity (just
an agent_id) or use an explicit credential factory —
from_entra, from_aws, from_gcp, from_spiffe,
from_oidc — instead of AgentIdentity.auto().