Built on DDISA — DNS-based identity for agents

The security layer
agents are missing.

AI agents are getting powerful. They send emails, move money, deploy code. OpenApe makes sure a human approves what matters — without slowing anything down.

View on GitHub → See how it works

"If lobsters 🦞 take over the world,
we need apes 🦍 for security."

— The OpenApe Manifesto

The problem

Agents act. Humans hope.

Today's AI agents can book flights, sign contracts, and push to production. But there's no standardized way to verify who authorized what. No audit trail. No approval flow. No kill switch.

agent-session
agent → Transfer €5,000 to vendor account
⚠ OpenApe: Action requires human approval
Scope: finance.transfer | Amount: €5,000
Approval sent to: patrick (Telegram)
⏳ Waiting for approval...
✓ Approved by patrick (1m 23s)
Grant: allow_once | Expires: immediate
agent → Transfer complete. Receipt: #TXN-4821
📋 Logged: agent=miniclaw action=finance.transfer approver=patrick
How it works

DNS-native identity.
Zero new infrastructure.

OpenApe uses DDISA — a DNS-based protocol that turns your domain into an identity provider. No OAuth servers to maintain. No SDKs to integrate. Just a TXT record and you're live.

Identity discovery in one DNS lookup

Agent asks
phofmann@company.at
DNS lookup
_ddisa.company.at TXT
Discovers
idp=https://id.company.at
Authenticates
✓ Verified

Like MX records for email, but for agent identity. Works with any domain you own.

1

Agent wants to act

Your AI agent needs to perform a privileged action — send money, access data, deploy code.

2

OpenApe intercepts

The action hits a permission boundary. OpenApe checks: does this agent have a valid grant for this scope?

3

Human gets notified

If no grant exists, the human owner receives an approval request — via Telegram, email, or any channel.

4

Approve with precision

Grant once, for a time window, or always for this scope. Scoped, signed, auditable.

5

Agent proceeds. Everything logged.

The action executes. Who approved it, when, and for what — all recorded. Dual accountability: agent owner + approver.

Built for real agents

Security without the friction.

OpenApe doesn't slow your agents down — it makes them trustworthy.

🔐

Scoped permissions

Grants are tied to specific actions and scopes. An agent approved for "read calendar" can't suddenly "send emails".

🌐

DNS-native discovery

No central registry. Your domain is your identity anchor. Like email's MX records, but for agent auth.

📱

Approve from anywhere

Approval requests arrive on Telegram, email, or any messaging surface. Tap to approve. Done.

🛡️

Replay protection

Every grant is cryptographically signed with nonce and expiry. Can't be reused, forged, or replayed.

📋

Full audit trail

Dual accountability: who owns the agent AND who approved the action. Compliance-ready from day one.

Zero-infrastructure

Add a DNS TXT record. Deploy the IdP. That's it. No OAuth complexity, no vendor lock-in.

Trust levels

Not all actions are equal.

Some actions need a human every time. Others earn standing trust. OpenApe lets you decide.

🔴
allow_once

One-shot

Approve this specific action, this one time. Grant is consumed immediately. For high-risk operations like transfers or deployments.

🟠
allow_ttl

Time-limited

Grant access for a time window — 15 minutes, 1 hour, 1 day. Perfect for work sessions or batch operations.

🟢
allow_always

Standing trust

This agent can always perform this action. Revocable anytime. For routine, low-risk operations you trust completely.

Open source

Trust is built in the open.

OpenApe and the DDISA protocol are fully open source. Review every line. Fork it. Extend it. The security layer for AI agents shouldn't be a black box.

📦 dns-id — Core protocol + reference implementation

Ready to leash your agents?

Add a DNS record. Deploy the IdP. Your agents are accountable in minutes.

Get started → Get in touch