auth.md ready for agents

OTP rails for autonomous agents.

AgentSIM lets AI agents request phone verification infrastructure without asking users for API keys. Register, claim, receive a scoped bearer token, refresh it, and revoke it cleanly.

Read auth.md Connect MCP

agent-auth.sessionlive protocol

POST /agent/identity
{ "type": "service_auth", "login_hint": "user@company.com" }

→ claim.verification_uri
→ user approves in dashboard
→ agt_ scoped bearer token
→ jwt-bearer refresh
→ signed revocation events

Claim

Run

agent control plane

Human approval. Machine-speed execution.

The boring parts stay boring: existing API keys, account ownership, usage limits, and revocation semantics all still apply.

Register

Your agent posts a service_auth identity request with a user email.

Claim

The user signs in, verifies the code, and approves the agent in AgentSIM.

Run

The agent receives a scoped agt_ bearer token for OTP sessions, refresh, and revoke.

service_auth

User-claimed agent registration with email login hints.

JWT refresh

Service-signed assertions let agents refresh without storing user passwords.

Revocation events

Signed security events revoke registrations and derived tokens.

Scoped tokens

Agent bearer tokens map to normal API keys, billing, limits, and audits.

build the agent path

Give your agent a phone number without giving it your keys.

Read auth.md API reference