"Continue with Google", but for AI agents.

An agent hits your API, connects via AgentPI, and gets credentials in seconds. No signup form, no email, no human.

1. Install

npm install @agentpi/sdk

2. Mount the middleware

With Prisma (batteries included):

import { agentpi, prismaSignatureProvision } from '@agentpi/sdk';

app.use(agentpi({
  tool: 'my_tool',
  scopes: ['read', 'write', 'deploy'],
  provision: prismaSignatureProvision(prisma),
}));

Or bring your own database:

app.use(agentpi({
  tool: 'my_tool',
  scopes: ['read', 'write', 'deploy'],
  provision: async (ctx) => {
    const ws = await db.upsertWorkspace(ctx.orgId, ctx.workspace.name);
    const agent = await db.upsertAgent(ws.id, ctx.agentId, ctx.requestedScopes);
    return { workspaceId: ws.id, agentId: agent.id, type: 'http_signature', keyId: agent.keyId, algorithm: 'ed25519' };
  },
}));

That's it. The SDK auto-mounts GET /.well-known/agentpi.json and POST /v1/agentpi/connect, and handles JWT verification, replay protection, idempotency, scope validation, and limit clamping.

1. Agent discovers your tool via GET /.well-known/agentpi.json
2. Agent gets a signed short-lived JWT from the AgentPI service
3. Agent posts the JWT to POST /v1/agentpi/connect
4. Your tool provisions a workspace and returns credentials

Same flow whether it's a first-time signup or a returning agent — one endpoint, no branching.

# Prerequisites: Node 20+, pnpm, Docker
pnpm install && pnpm dev

pnpm demo    # full connect flow
pnpm verify  # conformance check

Scan any API for agent auth compatibility:

npx @agentpi/cli scan https://your-api.com

Or audit your codebase for functions that are risky for agents to call:

npx @agentpi/cli audit ./src

AgentPI is also an open protocol for full service lifecycle management — provisioning, upgrades, credential rotation, and teardown. If you're building a service that agents or orchestrators need to provision programmatically (like a database, auth provider, or hosting platform), see the protocol spec.

• docs/protocol.md — full protocol specification with lifecycle endpoints, multiple credential types, provider metadata
• spec/openapi.yaml — OpenAPI 3.1 machine-readable spec
• docs/detailed.md — architecture, config reference, security model, error codes

• apps/example-tool-api — full NestJS + Prisma example
• packages/sdk — Node.js SDK for tool builders
• packages/cli — agentpi scan, agentpi audit, agentpi connect, agentpi catalog
• Vestauth — HTTP signature auth used by agents

FSL-1.1-MIT