TwigBush: a secure GNAP engine built in the open
We are building TwigBush to help teams ship secure agent and API flows with dynamic grants, key bound tokens, and strong audit. The code is public. The roadmap is public. The community is invited.
×
Strong defaults, practical docs, and a clean CLI so teams can ship faster and safer.
What TwigBush delivers
- Dynamic grants
Update access without restarting a flow. Agents adapt in real time inside safe limits.
- Multi resource access
Authorize across many resource servers with one request. Simpler orchestration and cleaner logs.
- Key bound tokens
Cryptographic binding by default for safer tokens used by humans and machines.
- Strong audit
End to end visibility to support compliance and trust.
Example grant request
gnap grant request{
"client": { "key": { "proof": "httpsig", "jwk": { "kty": "EC", "crv": "P-256", "x": "...", "y": "..." } } },
"access": [
{ "type": "payment", "resource_id": "sku:GPU-HOURS-100", "actions": ["purchase"],
"constraints": { "amount": "19.99", "currency": "USD", "merchant_id": "merchant:acme" } }
],
"interact": { "start": ["user_code"] }
}How to contribute
- Try the CLI and sample server. Share feedback on the developer experience.
- Tackle issues tagged good first issue and help wanted.
- Propose adapters for policy engines, storage, or cloud identity tools.
- Share real world use cases that help the wider community.
FAQ
What is GNAP?
An IETF standard for negotiating grants between a client, an authorization server, and resource servers. It fits modern apps, services, and agents.
Why open source?
Open work invites shared learning, faster iteration, and trustworthy security.
Can I use TwigBush at work?
Yes. It is designed to help teams adopt secure agent patterns with less effort.