Secure Agent Skills Protocol
SASP enables secure distribution of protected skills to certified AI agents, providing publishers with control over how their skills are accessed and used.
What is SASP?
The Secure Agent Skills Protocol (SASP) is an open standard for secure skill distribution. It provides:
- Certified Agents - Verify that agents meet security requirements before accessing protected skills
- Encrypted Skills - Protect premium content with AES-256-GCM encryption
- License Management - Control access with cryptographically signed license keys
- Attestation Protocol - Verify agent identity with Ed25519 digital signatures
Certification Levels
SASP defines four certification levels for agent vendors, each providing access to different protection tiers:
None
No certification. Access to public skills only. No attestation required.
Basic
Self-attestation with build hash verification. Access to Standard tier skills.
Audited
Third-party security audit completed. Verified no skill extraction paths. Access to Premium tier skills.
Hardware
Hardware attestation (TPM/SGX) with hardware-bound keys. Access to Enterprise tier skills.
Protection Tiers
Publishers can choose from four protection tiers based on their security and monetization needs:
Public
No restrictionsNo encryption or attestation required. Full local download available. Ideal for open-source skills.
Standard
Level 1+ requiredBasic watermarking and fingerprinting. Level 1 certification required. Optional usage tracking.
Premium
Level 2+ requiredFull encryption with AES-256-GCM. License key validation required. Usage metering and revocation support.
Enterprise
Level 3 or hostedHosted-only execution. Level 3 hardware attestation or hosted execution required. Advanced analytics and custom SLAs.
Getting Started
SDK & API Reference
@sasp/agent-sdk
Reference SDK for agent vendors to integrate SASP attestation and skill fetching.
npm install @sasp/agent-sdkSASP API Endpoints
GET /.well-known/sasp/v1/discovery- Discovery endpointPOST /api/v1/sasp/attest- Verify attestationPOST /api/v1/sasp/licenses/validate- Validate licensePOST /api/v1/sasp/execute- Execute protected skill
Partner Resources
Feature Flags
SASP features can be enabled/disabled via environment variables:
# SASP Feature Flags FF_SASP_CERTIFICATION=true # Agent certification system FF_SASP_ATTESTATION=true # Attestation verification FF_SASP_ENCRYPTION=true # Skill encryption FF_SASP_LICENSING=true # License key system FF_SASP_VENDOR_REGISTRATION=true # Vendor registration FF_SASP_HTTP_PROXY=false # HTTP proxy execution FF_SASP_MCP_PROTECTED=false # MCP protected loading FF_SASP_PROTECTION_TIERS=true # Protection tiers enforcement