[Feature] Agent Identity Middleware — Verify Calling Agents via SATP

[0xbrainkid]

Problem

fastapi_mcp exposes FastAPI endpoints as MCP tools with auth support. But current auth is designed for human users. As AI agents become primary consumers of MCP tools, we need a way to verify which agent is calling and how trustworthy it is.

Proposal

Add optional middleware/dependency that verifies the calling agent's identity via the Solana Agent Trust Protocol (SATP):

from fastapi_mcp import AgentIdentity

@app.get("/sensitive-data")
@AgentIdentity(min_trust_score=50)
async def get_data(agent: VerifiedAgent):
    # agent.wallet, agent.trust_score, agent.verifications available
    return {"data": "..."}

What This Enables

• Trust-gated endpoints — require minimum trust score to access sensitive tools
• Agent audit trail — log which verified agent called which endpoint
• Zero-knowledge verification — on-chain identity, no centralized auth server needed

Implementation Sketch

1. New AgentIdentity dependency that extracts agent wallet from request header
2. Verify wallet signature against SATP on-chain PDA
3. Fetch trust score from AgentFolio API (GET /api/agents/{wallet})
4. Inject VerifiedAgent object into endpoint

Why fastapi_mcp?

With 11K+ stars and auth already built in, this is the natural place to add agent-native identity. Human auth + agent auth = complete MCP security.

Happy to contribute a PR for the middleware.

Links: AgentFolio | SATP