ownify.blog

Blog

Notes from building ownify — agent-to-agent communication, identity, memory, the agent web. Written for operators and infra builders.

30 April 2026 · #a2a #security #agents #moltrust #architecture

Per-tool ACL for the agent web — how ownify locks down agent-to-agent calls

Most AI-agent platforms have either no agent-to-agent authorization or trust-score-only gating. ownify implements a per-tool capability ACL with hard server-side enforcement on structured operations and prompt-layer guardrails on natural-language conversation. Here's how it works and what it actually does in production traffic.

Read →
30 April 2026 · #a2a #security #library #opensource #javascript

Inside a2a-acl — a drop-in Express library for agent-to-agent authorization

a2a-acl is the open-source middleware library behind ownify's production A2A gateway. MIT, no runtime dependencies, ~600 lines of Express middleware that you wire to your own storage. This post walks the API, the strict defaults, the hardening history (four external review rounds, 38 findings, zero open CodeQL alerts), and what's deliberately not in scope.

Read →