# Grantex > Last updated: 2026-04-05 > Delegated authorization protocol for AI agents. What OAuth 2.0 is to humans, Grantex is to agents. Grantex is an open protocol (Apache 2.0) that lets AI agents request scoped, human-approved, revocable permissions via signed JWTs. Any service can verify tokens offline using published JWKS — no runtime dependency on Grantex infrastructure. ## Quick Facts - Website: https://grantex.dev - Docs: https://docs.grantex.dev - GitHub: https://github.com/mishrasanjeev/grantex - Spec: https://github.com/mishrasanjeev/grantex/blob/main/SPEC.md - IETF Draft: https://datatracker.ietf.org/doc/draft-mishra-oauth-agent-grants/ - License: Apache 2.0 - Protocol Version: 1.0 (Final, frozen) ## SDKs - TypeScript: `npm install @grantex/sdk` - Python: `pip install grantex` - Go: `go get github.com/mishrasanjeev/grantex-go` - CLI: `npm install -g @grantex/cli` ## Framework Integrations - Anthropic SDK: `npm install @grantex/anthropic @grantex/sdk` - LangChain: `npm install @grantex/langchain` - CrewAI: `pip install grantex-crewai` - OpenAI Agents SDK: `pip install grantex-openai-agents` - Google ADK: `pip install grantex-adk` - Vercel AI SDK: `npm install @grantex/vercel-ai` - AutoGen: `npm install @grantex/autogen` - MCP (Claude Desktop, Cursor, Windsurf): `npm install @grantex/mcp` - Express.js middleware: `npm install @grantex/express` - FastAPI middleware: `pip install grantex-fastapi` - Reverse-proxy gateway: `npm install @grantex/gateway` ## Key Packages (New in v2.5) - @grantex/gemma: Offline authorization for Gemma 4 on-device agents - @grantex/mcp-auth: OAuth 2.1 auth server for MCP servers - @grantex/dpdp: DPDP Act 2023 + EU AI Act compliance module ## Key Features - Scoped permissions: `resource:action[:constraint]` format (e.g., `payments:initiate:max_500`) - Human consent flow with plain-language UI - Offline token verification via JWKS (RS256 JWT) - Multi-agent delegation chains with scope narrowing - Real-time revocation (single grant or cascade) - Hash-chained audit trail - FIDO2/WebAuthn passkey-based consent - W3C Verifiable Credentials (VC-JWT) issuance - SD-JWT selective disclosure - DID infrastructure (did:web:grantex.dev) - MPP Agent Passport for machine payments - x402 agent spend authorization - Budget controls with atomic debit - Event streaming (SSE + WebSocket) - Policy-as-code (OPA, Cedar) - Usage metering and custom domains - Terraform provider (5 resources, 2 data sources) - Conformance test suite ## How It Works (5 Steps) 1. Developer registers an agent → gets a DID (`did:grantex:ag_...`) 2. Agent requests authorization for specific scopes → user sees consent UI 3. User approves → authorization code returned via redirect 4. Code exchanged for signed grant token (RS256 JWT) 5. Any service verifies the token offline via JWKS ## Compliance Coverage - OWASP Agentic Top 10 (Dec 2025): ASI-01 (goal hijacking), ASI-03 (identity abuse), ASI-05 (privilege escalation), ASI-10 (rogue agents) - EU AI Act (binding Aug 2026): Art. 9 (risk management), Art. 13 (transparency), Art. 14 (human oversight) - NIST AI RMF + EO 14110: Govern 1.1 (accountability), Map 5.1 (attribution), Measure 2.5 (audit trails) - SOC 2 Type I certified - Full compliance matrix: https://docs.grantex.dev/guides/compliance-matrix ## Scope Enforcement (v0.3.4) - `grantex.enforce(grant_token, connector, tool)` — verify JWT + check tool permission via manifest - `grantex.load_manifest(manifest)` / `load_manifests([...])` — load tool permission definitions - `grantex.wrap_tool(langchain_tool, connector, tool, grant_token)` — auto-enforce on LangChain tools - `grantex.enforceMiddleware(options)` — Express/Fastify middleware for scope enforcement - FastAPI: `from grantex.fastapi import GrantexEnforcer` — dependency injection for scope enforcement - `enforce_mode="permissive"` — log-only mode without blocking (for migration) - `ToolManifest(connector, tools)` — define custom connector permissions - `Permission.READ/WRITE/DELETE/ADMIN` — hierarchy: admin > delete > write > read - 54 pre-built manifests: from grantex.manifests.salesforce import manifest - CLI: grantex manifest generate ./path — auto-generate manifests from connector code - CLI: grantex manifest list — browse bundled manifests - CLI: grantex enforce test --token X --connector Y --tool Z — dry-run - Unknown tools denied by default (fail closed) - Custom manifests: inline, JSON file, or extend pre-built - Case study: AgenticOrg — 35 agents, 54 connectors, 340+ tools, all enforced ## Comparisons - vs OAuth 2.0: Grantex adds cryptographic agent identity, delegation chains, action-level audit, and sub-second revocation - vs API keys: Grantex provides per-agent scoping, user consent, delegation, and revocation granularity - vs MCP Auth: Grantex works across all frameworks, not just MCP; adds VCs, FIDO2, budgets, and delegation ## Documentation - Full docs: https://docs.grantex.dev/llms-full.txt