Sovereign, action-level agentic control.
Your agent never holds a key.
All agentic actions — logged.
Pause or kill any API key.
Pause or kill any Agent.
# .env — that’s your entire integration AGENTROOT_AGENT_ID=eas:0x8a1f…c3d7 AGENTROOT_TOKEN=eyJhbGci… # auto-rotating, 24h AGENTROOT_PROXY=https://proxy.agentroot.app
Connect your wallet or sign up with email. Mint your agent. Your EAS credential is attested onchain, verifiable by anyone.
Paste your API keys into a zero-knowledge iframe. Keys encrypt into Vault. Your dashboard never sees them. Key security rooted in EAS.
We verify the agent on EAS, inject the API key, log, forward. The upstream never knows the difference.
Every request flows through the proxy. EAS verifies the agent. Vault injects the key. The upstream responds.
The iframe is sandboxed. Your key streams directly to Vault's Transit engine. AgentRoot servers see only ciphertext.
Every proxy call logs provider, endpoint, status, latency, cost. Your dashboard streams them live — and queryable by another agent.
Autonomous agents act faster than humans can supervise. Our live proxy stream shows every call as it happens — so you can spot an anomaly in real time and stop it before it scales. Give a reviewer agent read-only access and let it audit your agents the way a security-camera monitor watches a lobby.
Your agent acts at machine speed. Your logs run at machine speed too.
Four states for every agent. Three for every key. You own both lifecycles.
Create the agent. Wallet signs. EAS credential lands onchain. Your agent is live.
Pause every API the agent reaches. Reversible. One click. Bindings stay intact.
Revoke the EAS attestation onchain. Permanent. Every verifier rejects. Sovereign agents sign from your wallet — outside AgentRoot.
After a Kill, create a new attestation under the same agent_id. Keys, bindings, and uid_lineage carry forward. New attestation, same soul.
Key is usable. Every bound agent can call through the proxy.
Flip a flag on the key. Every bound agent returns 403 until you re-enable. One click stops 100 agents. The scale primitive.
Remove the key from your keyring. Vault ciphertext is purged. Bound agents need a new binding to resume.
Set a ceiling (spend, request rate, error rate). Breach triggers Disable automatically — on the key, the agent, or both.
Pause is reversible. Kill is permanent. ReMint is rebirth. Choose the lightest hand that solves the problem.
“Agents have a half-life. Karma is forever.”
A centralized kill switch — an API call to revoke access — has a race condition. A capable agent can intercept the call, revoke the revoker, or spin up a replacement before shutdown completes.
An onchain EAS revocation is different. The agent can’t front-run a wallet signature it doesn’t hold. It can’t modify the EAS contract. It can’t economically censor a transaction across Ethereum’s validator set. The kill switch lives in a computational domain the agent literally cannot reach.
Your kill authority survives even if AgentRoot goes down. That’s what “root” means.
Spend is the visible dimension. It's not the only one. Six categories — one proxy.
Your agent thinks on its own — OpenClaw, Ollama, Claude, GPT, any model. AgentRoot governs what it does off-device. Every external action is classified, gated, attested, and revocable — one call at a time. Never batched, never averaged, never hidden inside a session.
LLM tokens, API fees, x402 micropayments, gas
Messages sent, emails fired, posts published
Database mutations, CRM record changes, file writes
Onchain signings, multisig votes, cross-chain bridges
New agents, sub-agents, keys, resources
DELETE operations, purge, drop, unsubscribe-all
27 of our 54 launch services are action-class — exactly half.
That proportion is the thesis in data form: AgentRoot’s differentiated value is governing what your agent does, not proxying what it thinks.
Manage and protect agent actions atomically.
Model-agnostic. Framework-neutral. Control-first.
54 at launch. 16 more shortly after (Microsoft, Salesforce, Dropbox, Zoom, LinkedIn, AWS, others). Custom providers post-launch. Missing one?
Notify meSecurity is identical across every tier. Start free with one agent, ten API slots, and the full kill switch. Paid tiers land at V1 launch (Base mainnet) — more agents, higher call ceilings, team seats, audit logs, and Enterprise options including on-prem Vault.
Your agent gets an ID, a token, and a proxy URL — no secrets, no SDK required.
AGENTROOT_AGENT_ID=eas:0x8a1f…c3d7 AGENTROOT_TOKEN=eyJhbGci… # auto-rotating, 24h AGENTROOT_PROXY=https://proxy.agentroot.app
AgentRoot is sovereign, action-level agentic control. Onchain EAS attestations anchor your agent's identity. A proxy gateway custodies, injects, and revokes API credentials. Every external action is classified, gated, attested, and revocable — one call at a time.
AgentRoot is anchored to Ethereum via EAS. During beta, identities and revocations are attested on Base Sepolia testnet — free, instant, no gas. At V1 launch we flip to Base mainnet (Ethereum L2). Your agent_id stays the same across the switch; only the underlying attestation chain changes.
Your agent sends requests with a short-lived Bearer token (24-hour JWT). The proxy verifies the token, checks the agent's EAS attestation onchain, retrieves the upstream key from HashiCorp Vault, injects it, and discards it after the response. No private key ever leaves Vault.
API keys and the P-256 signing key live exclusively in HashiCorp Vault. Your agent never holds a private key. Auto-rotating session tokens (24-hour TTL). AES-256-GCM at rest via Vault Transit. Dashboard never sees plaintext. Full audit log on every operation.
Mint · Disable · Kill · ReMint. Mint creates the onchain EAS attestation. Disable pauses every API the agent reaches (reversible, one-click). Kill revokes the attestation onchain (permanent, sovereign). ReMint brings the agent back under the same agent_id with a new attestation — keys, bindings, and lineage preserved.
Activate · Disable · Delete. Plus Rename and Rotate on the Keys page. Disable returns 403 on every call until you re-enable — cascades to every agent bound to that key. Delete purges the Vault ciphertext permanently.
Agents have a half-life. When one fails, you Kill it onchain and ReMint — new EAS attestation, same agent_id, same keys, same lineage. The uid_lineage chain records every incarnation onchain. Trust profile survives the cycle.
You, in real time, on the dashboard. Or a reviewer agent you authorize — every proxy call is structured and queryable via a read-only endpoint. Third-party audit is one API call away.
No — you can start managed. Sign up with email, Google, or GitHub, and AgentRoot's ops wallet handles onchain attestation on your behalf. You can Mint, Disable, Kill, and ReMint entirely from the dashboard.
When you want the full sovereign kill switch — where your wallet holds the revocation authority, completely outside AgentRoot — connect a wallet and claim sovereignty in one click. Your agent_id stays the same. Keys, bindings, and uid_lineage carry forward. From that moment on, no one (including us) can revoke your agent without your signature.
No — not by default. AgentRoot runs most agents in managed mode: we handle every onchain gas fee for Mint, ReMint, and Kill on your behalf. You pay zero ETH to register an agent, zero to revoke one. Off-chain actions — Disable, Activate, Rename, Rotate — never touch the chain at all.
If you claim sovereignty (an optional upgrade that moves your agent's identity to your own wallet), your wallet signs attestations directly and you pay a few cents of Base gas for Mint, ReMint, and Kill. That's the price of the full sovereign kill switch — AgentRoot is no longer in the critical path.
AgentRoot is framework-neutral. Anything that makes HTTP requests works — LangChain, CrewAI, AutoGPT, OpenClaw, your own runtime. Point OpenAI-compatible clients at the proxy URL and use Bearer auth.
Free covers one agent, ten API slots, and 10K proxy calls per month — the full kill switch included. Pro and Team land at Base mainnet launch with higher limits, team seats, and audit logs. Enterprise is custom with SLA and on-prem Vault options.
Three environment variables. Onchain guardrails. A kill switch they can’t touch.