An educational demonstration of Zero Trust security principles for AI agent systems using SPIFFE/SPIRE for workload identity and Open Policy Agent (OPA) for fine-grained access control.
This demo showcases a document management system where:
- Users have department-based access rights (Engineering, Finance, Admin, HR)
- AI Agents have capability-based restrictions
- Delegation requires permission intersection (user AND agent must both have access)
- Every request is authenticated via mTLS and authorized via OPA policies
βββββββββββββββββββ βββββββββββββββββββ βββββββββββββββββββ
β Web Dashboard ββββββΆβ User Service ββββββΆβ Agent Service β
β :8080 β β :8080 β β :8080 β
βββββββββββββββββββ βββββββββββββββββββ ββββββββββ¬βββββββββ
β
βββββββββββββββββββ β
β OPA Service ββββββββββββββββ
β :8080 β β
ββββββββββ¬βββββββββ β
β β
ββββββββββΌβββββββββ β
β Document Serviceββββββββββββββββ
β :8080 β
βββββββββββββββββββ
No SPIRE required. Uses mocked identities to demonstrate the concepts.
git clone https://github.com/redhat-et/zero-trust-agent-demo.git
cd zero-trust-agent-demo
./scripts/setup-kind.sh
kubectl apply -k deploy/k8s/overlays/mock
kubectl -n spiffe-demo wait --for=condition=ready pod --all --timeout=120s
open http://localhost:8080Full SPIFFE/SPIRE integration with real X.509 SVIDs and mTLS.
git clone https://github.com/redhat-et/zero-trust-agent-demo.git
cd zero-trust-agent-demo
./scripts/setup-kind.sh
./scripts/setup-spire.sh
kubectl apply -k deploy/k8s/overlays/ghcr
kubectl apply -f deploy/spire/clusterspiffeids.yaml
kubectl -n spiffe-demo wait --for=condition=ready pod --all --timeout=120s
open http://localhost:8080See docs/DEMO_GUIDE.md for all deployment options including local development.
| User | Departments | SPIFFE ID |
|---|---|---|
| Alice | Engineering, Finance | spiffe://demo.example.com/user/alice |
| Bob | Finance, Admin | spiffe://demo.example.com/user/bob |
| Carol | HR | spiffe://demo.example.com/user/carol |
| Agent | Capabilities | SPIFFE ID |
|---|---|---|
| GPT-4 | Engineering, Finance | spiffe://demo.example.com/agent/gpt4 |
| Claude | All departments | spiffe://demo.example.com/agent/claude |
| Summarizer | Finance only | spiffe://demo.example.com/agent/summarizer |
- Direct User Access: Alice accesses Engineering Roadmap β β ALLOWED
- Agent Without Delegation: GPT-4 accesses Finance Report β β DENIED (no user context)
- Delegated Access: Alice delegates to GPT-4 for Engineering doc β β ALLOWED
- Permission Reduction: Bob (Admin) delegates to Summarizer (Finance only) for Admin doc β β DENIED
- Cryptographic Workload Identity: SPIFFE IDs backed by X.509 certificates
- Verified Workload Identity: Every service-to-service call carries cryptographic identity proof (mTLS or signed JWT)
- Policy-Based Access Control: OPA evaluates Rego policies on every request
- Permission Intersection: Agent access = User permissions β© Agent capabilities
- Agents Cannot Act Autonomously: Agents MUST have user delegation context
- Short-Lived Credentials: SVIDs have 1-hour TTLs and auto-rotate
See docs/README.md for the full documentation index.
| Document | Description |
|---|---|
| Demo Guide | Step-by-step instructions for running the demo |
| Learning Guide | Deep dive into Zero Trust, SPIFFE/SPIRE, mTLS, and OPA |
| API Testing | API endpoints and curl commands for testing |
| Architecture | System design and component overview |
| Document | Description |
|---|---|
| Security | Threat model, trust boundaries, incident response |
| Operations | Deployment, monitoring, troubleshooting runbook |
| ADR | Title |
|---|---|
| ADR-0001 | SPIFFE/SPIRE for Workload Identity |
| ADR-0002 | Permission Intersection for AI Agent Delegation |
| ADR-0003 | OPA for Policy Evaluation |
| ADR-0004 | Kustomize for Deployment Variants |
| ADR-0005 | Separate Health Ports for mTLS Services |
| Document | Description |
|---|---|
| Contributing | Guidelines for contributors |
| OpenShift vs Kubernetes | Platform comparison |
Want to modify the code? See CONTRIBUTING.md for guidelines.
git clone https://github.com/redhat-et/zero-trust-agent-demo.git
cd zero-trust-agent-demo
# Build all services
make build
# Run locally (without Kubernetes)
./scripts/run-local.sh
# Open dashboard
open http://localhost:8080make build # Build all services
make run-local # Run services locally
make test # Run tests
make test-policies # Run OPA policy tests
make setup-kind # Create Kind cluster
make deploy-k8s # Deploy to Kubernetes
make help # Show all commandszero-trust-agent-demo/
βββ pkg/ # Shared packages
β βββ config/ # Viper configuration
β βββ logger/ # slog-based colored logger
β βββ metrics/ # Prometheus metrics
β βββ spiffe/ # SPIFFE workload client
βββ opa-service/ # Policy evaluation service
βββ document-service/ # Protected resource server
βββ user-service/ # User workload simulation
βββ agent-service/ # AI agent workload simulation
βββ web-dashboard/ # Interactive demo UI
βββ deploy/ # Deployment configurations
β βββ kind/ # Kind cluster config
β βββ k8s/ # Kustomize base and overlays
β β βββ base/ # Shared K8s resources
β β βββ overlays/ # mock, local, ghcr, openshift
β βββ spire/ # SPIRE Helm values and registrations
βββ docs/ # Documentation
β βββ adr/ # Architecture Decision Records
β βββ deployment/ # Platform-specific guides
β βββ dev/ # Development process docs
β βββ ARCHITECTURE.md # System design
β βββ SECURITY.md # Security documentation
β βββ OPERATIONS.md # Operations runbook
βββ scripts/ # Deployment scripts
βββ Makefile # Build and run commands
- Language: Go 1.25
- CLI/Config: Cobra + Viper
- Logging:
log/slogwith colored output - Policy Engine: Open Policy Agent (OPA) with Rego
- Identity: SPIFFE/SPIRE (mock mode for local dev)
- Deployment: Kind (Kubernetes in Docker)
- CI/CD: GitHub Actions with multi-arch builds (amd64/arm64)
- Styling: Red Hat Design System