"Continue with Google", but for AI agents.
An agent hits your API, connects via AgentPI, and gets credentials in seconds. No signup form, no email, no human.
Uses Vestauth for agent authentication.
1. Install
npm install @agentpi/sdk2. Mount the middleware
With Prisma (batteries included):
import { agentpi, prismaSignatureProvision } from '@agentpi/sdk';
app.use(agentpi({
tool: 'my_tool',
scopes: ['read', 'write', 'deploy'],
provision: prismaSignatureProvision(prisma),
}));Or bring your own database:
app.use(agentpi({
tool: 'my_tool',
scopes: ['read', 'write', 'deploy'],
provision: async (ctx) => {
const ws = await db.upsertWorkspace(ctx.orgId, ctx.workspace.name);
const agent = await db.upsertAgent(ws.id, ctx.agentId, ctx.requestedScopes);
return { workspaceId: ws.id, agentId: agent.id, type: 'http_signature', keyId: agent.keyId, algorithm: 'ed25519' };
},
}));That's it. The SDK auto-mounts GET /.well-known/agentpi.json and POST /v1/agentpi/connect, and handles JWT verification, replay protection, idempotency, scope validation, and limit clamping.
- Agent discovers your tool via
GET /.well-known/agentpi.json - Agent gets a signed short-lived JWT from the AgentPI service
- Agent posts the JWT to
POST /v1/agentpi/connect - Your tool provisions a workspace and returns credentials
Same flow whether it's a first-time signup or a returning agent — one endpoint, no branching.
# Prerequisites: Node 20+, pnpm, Docker
pnpm install && pnpm dev
pnpm demo # full connect flow
pnpm verify # 18-point conformance checkScan any API for agent auth compatibility:
npx @agentpi/cli scan https://your-api.comOr audit your codebase for functions that are risky for agents to call:
npx @agentpi/cli audit ./src- DETAILED.md — architecture, config reference, custom stores, security model, error codes
apps/example-tool-api— full NestJS + Prisma examplepackages/cli—agentpi scan,agentpi audit,agentpi connect- Vestauth — HTTP signature auth used by agents