Graphiti builds temporal knowledge graphs that agents use for memory and context. When agents read from and write to the graph, two governance gaps show up:
1. Write authority. Any agent with graph access can add, modify, or delete nodes and edges. There's no scoped permission saying "this agent can read the graph but only write to the customer-interactions subgraph." A compromised or misbehaving agent can poison the knowledge base that other agents rely on.
2. Attribution on reads. When an agent reads from the graph and uses that knowledge to make a decision, there's no record linking the specific graph data to the agent's output. If the graph data was wrong (poisoned, stale, or biased), tracing which downstream decisions were affected requires manual forensics.
Delegation-scoped graph access with derivation tracking:
from agent_passport_system import create_delegation, create_access_receipt, create_derivation_receipt
# Agent gets read-only access to specific subgraph
delegation = create_delegation(
delegated_to=agent_key,
delegated_by=admin_key,
scope=["graph:read:customer-interactions", "graph:read:product-catalog"],
# no graph:write — agent cannot modify the knowledge base
expires_in_seconds=3600
)
# Every graph read produces a signed access receipt
access = create_access_receipt(
agent_id=agent_did,
source_id="graphiti://customer-interactions/node/12345",
purpose="support-ticket-resolution",
accessed_at=datetime.now(),
private_key=agent_key
)
# When the agent produces output using graph data → derivation receipt
derivation = create_derivation_receipt(
agent_id=agent_did,
input_sources=["graphiti://customer-interactions/node/12345"],
output_id="response://ticket-789",
transformation="summarization",
private_key=agent_key
)If a node in the graph gets flagged as incorrect, the derivation chain shows every agent decision that depended on that node. You can trace forward from bad data to every affected output.
pip install agent-passport-system (v0.8.0, Apache-2.0) or npm install agent-passport-system (v1.36.2).
The temporal aspect of Graphiti pairs well with delegation expiry — graph access rights can be time-bounded to match the temporal validity of the data itself.
Graphiti builds temporal knowledge graphs that agents use for memory and context. When agents read from and write to the graph, two governance gaps show up:
1. Write authority. Any agent with graph access can add, modify, or delete nodes and edges. There's no scoped permission saying "this agent can read the graph but only write to the customer-interactions subgraph." A compromised or misbehaving agent can poison the knowledge base that other agents rely on.
2. Attribution on reads. When an agent reads from the graph and uses that knowledge to make a decision, there's no record linking the specific graph data to the agent's output. If the graph data was wrong (poisoned, stale, or biased), tracing which downstream decisions were affected requires manual forensics.
Delegation-scoped graph access with derivation tracking:
If a node in the graph gets flagged as incorrect, the derivation chain shows every agent decision that depended on that node. You can trace forward from bad data to every affected output.
pip install agent-passport-system(v0.8.0, Apache-2.0) ornpm install agent-passport-system(v1.36.2).The temporal aspect of Graphiti pairs well with delegation expiry — graph access rights can be time-bounded to match the temporal validity of the data itself.