Grantex - OAuth 2.0 for AI agents — scoped, revocable, auditable

Hey Product Hunt! 👋 I built Grantex because I got nervous watching agents operate with all-or-nothing API keys. Every time I connected an agent to a real service — calendar, email, payments — I'd think: "this agent has way more access than it needs, and if something goes wrong, I'll have no idea what happened." OAuth 2.0 solved this for apps 15 years ago. But agents aren't apps — they spawn sub-agents, operate autonomously, and chain actions across services. OAuth was never designed for that. So I built Grantex from scratch. The key ideas: → Agents get their own cryptographic identity (DID) → Users approve scoped, time-limited grants via a consent UI → Agents receive signed JWTs — any service verifies offline via JWKS → Parent agents can delegate narrower grants to sub-agents → Every action is logged in an append-only, hash-chained audit trail → Revocation takes effect in < 1 second Today we're shipping SDKs for TypeScript, Python, and Go, plus integrations for every major agent framework (LangChain, CrewAI, AutoGen, Vercel AI, OpenAI Agents SDK, Google ADK, MCP). The quickstart takes about 10 lines of code — sign up for a free account, install the SDK, and you have a working authorization flow in under 5 minutes. I'd love to hear: - How are you currently handling permissions for your agents? - What scopes would be most useful for your use case? - Anything in the protocol design you'd push back on? Everything is open source (Apache 2.0). Happy to answer any questions about the protocol, security model, or implementation!