Mint Agents.
Root Control.

AGENT_X_001 — grok-build · agentroot.app
# .env — that's your entire integration
AGENTROOT_AGENT_ID=eas:0x8a1f…c3d7   # on-chain attestation (Base)
AGENTROOT_TOKEN=eyJhbGci…         # live until you revoke the attestation
AGENTROOT_PROXY=https://proxy.agentroot.app

# your provider keys live in AgentRoot, never on the agent box
XAI_API_KEY=vault:xai/grok-prod
X_BEARER_TOKEN=vault:x/agent_x_001

# the proxy checks the EAS attestation on every request. tap kill
# in 3AM and every subsequent call returns 403 within one block.
# no rotation, no expiry — the kill IS the rotation.
// claude_desktop_config.json — one MCP fronts every provider
{
  "mcpServers": {
    "agentroot": {
      "command": "npx",
      "args": ["-y", "@agentroot/mcp"],
      "env": {
        "AGENTROOT_AGENT_ID": "eas:0x8a1f…c3d7",  // on-chain ID
        "AGENTROOT_TOKEN":   "eyJhbGci…",        // live until revoked
        "AGENTROOT_PROXY":   "https://proxy.agentroot.app"
      },
      "tools": [
        "grok.chat.completions",
        "grok.code.completions",
        "grok.live_search",
        "x.tweets.search_recent",
        "x.tweets.create",
        "x.users.by_username"
      ]
    }
  }
}

// One MCP, every Grok + X tool. The token doesn't expire — it's bound
// to the EAS attestation. Revoke from 3AM and every tool call from this
// MCP starts returning 403 within one block. No refresh flow to build.
tail -f /var/log/agentroot/AGENT_X_001.log
QR code — demo.agentroot.appTry it on your phone!demo.agentroot.app
Authority

It’s 3AM.Do you know what your agents are up to?

You get an alert in the middle of the night… Sweet dreams!

Kill any agent. Or all of them.

One tap. EAS attestation revoked on‑chain. Every API call from that agent returns 403 — instantly and permanently.

Freeze any API. Or all of them.

Block a provider at the proxy edge in milliseconds. Grok, X, OpenAI — frozen. Reversible from your dashboard whenever you’re ready.

Security

Secrets are yours. Period.

Store your API keys via a sandboxed iframe. Your key streams directly into an encrypted vault — neither your agent nor our servers can read it.

  • API key securityAPI keys live in secure storage — your agent never holds a private API key.
  • Keys fail-closedAny system fault or error fails to all keys OFF. No fallback, no degraded mode.
  • Proxy AuthenticationAll API keys are accessed via agent permissions. Limit or revoke any agent or any key.
iframe://secure.agentroot.app
Paste your API key
sk-proj-****-****-****-a8f3
Encrypted in transitZero-Knowledge
How it works

Your agent never sees a secret.

Every API call flows through our secure proxy. The agent is verified against its public EAS record to assure it is still authorized to operate and not killed. The proxy worker injects the key. The upstream service responds directly.

Your Agent

AgentID + Token + Proxy URL

AgentRoot Proxy

verify token · check EAS · enforce scope

Vault

key injected, never exposed

Upstream API

50+ providers — LLMs, actions, tools

Agent types

Type your agents to the tasks you need.

A Surrogate acts as you. A Principal acts as itself. Pick the right shape for each job — the class is set when you mint and is fixed for the agent's life.

Recommended default

Surrogate Agent

Acts on your behalf — proxies your identity and your keys.

  • Uses your shared, account-level keys — no per-agent setup
  • No separate identity — it operates as you
  • Fastest to spin up — ideal for coding, devops, and task bots
  • Full credential isolation and one-tap kill switch
First-class identity

Principal Agent

True autonomous identity — acting as itself — but controlled by only you.

  • Per-agent email and OAuth, an outward agent identity
  • Can authorize — and revoke — its own sub-agents
  • x402 and ERC-8004 transaction credentials
  • Onchain identity and reputation that survives kill & remint
Why onchain?

Root Control for every external action.

All agents are registered onchain at EAS — public reputation and authorization. Spend is the visible dimension — but not the only one. Six categories, one root attestation. Every external action is classified, gated, attested, and revocable.

Spend

LLM tokens, API fees, x402 micropayments, gas.

Communication

Messages sent, emails fired, posts published.

Writes

Database mutations, CRM changes, file writes.

Transactions

Onchain signings, multisig votes, bridges.

Provisioning

New agents, sub-agents, keys, resources.

Destruction

DELETE, purge, drop, unsubscribe-all.

API Services

50+ APIs — live on day one.

Model-agnostic. Framework-neutral. Control-first architecture.

OpenAIAnthropicGeminiGroqGmailStripeSlackGitHubNotionLinearTwilioXReplicateElevenLabsTavilyGoogle CalendarDriveDiscordJiraAsanaSendGridResendSupabaseAirtablePlaidCalendlyBlueskyExaFirecrawlBrowserbaseE2BApifyPerplexityMistralOpenRouterFALStability AICartesiaDeepgramHugging FaceTogether AI+ more
Pricing

Start free. Scale when you need to.

Start with one free Surrogate Agent, ten API slots, and the full kill switch.

Free$0free forever
  • 1 Surrogate Agent
  • 10 API slots
  • Full kill switch
  • Onchain EAS identity
Get Started Free
Pro$29per month$299per year · save 14%
  • 4 Surrogate Agents
  • 1 Principal Agent
  • 20 API keys
  • 10K proxy calls / month
Get Started
Most popularTeam$99per month$999per year · save 16%
  • 10 Surrogate Agents
  • 5 Principal Agents
  • 50 API keys
  • 100K proxy calls / month
Get Started
EnterpriseCustomSLA · on-prem Vault
  • Unlimited agents
  • Volume call ceilings
  • Team seats & audit logs
  • On-prem Vault options
Contact us
FAQ

Frequently asked questions.

What is AgentRoot?

AgentRoot is sovereign, action-level agentic control. Onchain EAS attestations anchor your agent's identity. A proxy gateway custodies, injects, and revokes API credentials. Every external action is classified, gated, attested, and revocable — one call at a time.

What's the difference between a Surrogate and a Principal agent?

A Surrogate acts as you — it proxies your identity and your keys, with isolation, governance, and the kill switch over your assets. It's the recommended default and needs no identity of its own.

A Principal acts as itself — its own keys, onchain authority, and wallet, for an agent that holds, pays, and is accountable under its own name. You choose the class when you mint the agent, and it's fixed for the agent's life. Either way, ownership and the kill switch stay with you.

Can an agent build its own reputation?

A Principal Agent can. It transacts from its own wallet (x402) and earns reputation on ERC-8004 — like a seller rating on eBay or a track record on social, but portable and onchain. Because ReMint preserves the agent's keys and agent_id, that reputation carries across the Kill/ReMint cycle rather than resetting. (Surrogate agents act under your identity and don't accrue their own onchain reputation.)

Which network does AgentRoot run on?

AgentRoot is anchored to Ethereum via EAS. During beta, identities and revocations are attested on Base Sepolia testnet — free, instant, no gas. At V1 launch we flip to Base mainnet (Ethereum L2). Your agent_id stays the same across the switch; only the underlying attestation chain changes.

How does the proxy work?

Your agent sends each request to the proxy with one bearer credential — its AGENTROOT_TOKEN. The proxy verifies the token, the secure worker checks the agent's EAS attestation and freeze status on every call, then the upstream key is pulled from HashiCorp Vault, injected, and the response forwarded. No private key ever leaves Vault. The token is long-lived, not time-limited — you stop an agent by Freezing or Killing it (enforced on every request), not by waiting for a token to expire.

Is my API key safe?

API keys and the P-256 signing key live exclusively in HashiCorp Vault. Your agent never holds a private key — it carries only a long-lived bearer token, checked against the agent's live status on every call, so access is cut the instant you Freeze or Kill it. AES-256-GCM at rest via Vault Transit. Dashboard never sees plaintext. Full audit log on every operation.

Can my agent use Gmail, Calendar, and Drive?

At V1, connecting Google gives you sign-in and file-scoped Drive through one OAuth grant, plus agent email over an app password (IMAP/SMTP) — no Cloud Console project of your own. Broader Gmail send/read, Calendar, and Sheets come online as we complete Google's scope verification. You connect Google once; AgentRoot custodies the grant in Vault and the agent never holds it.

What are the agent states?

Mint · Freeze · Kill · ReMint. Mint creates the onchain EAS attestation. Freeze pauses every API the agent reaches (reversible, one-click). Kill is two-phase — an immediate freeze (the proxy denies the agent's very next call, sub-second, no wait on the chain), then an onchain revocation that confirms in the next few blocks as the permanent, anyone-can-verify proof its onchain authority is gone. ReMint brings the agent back under the same agent_id with a new attestation — keys, bindings, and lineage preserved.

What are the API key states?

Activate · Freeze · Delete. Plus Rename and Rotate on the Keys page. Freeze returns 403 on every call until you re-enable — cascades to every agent bound to that key. Delete purges the Vault ciphertext permanently.

What's ReMint?

Agents have a half-life. When one fails, you Kill it onchain and ReMint — new EAS attestation, same agent_id, same keys, same lineage. For a Principal Agent, the ERC-8004 reputation it has earned — its agentic karma — carries forward too: the agent's track record survives the Kill/ReMint cycle instead of resetting. The uid_lineage chain records every incarnation onchain.

Who can watch my agents?

You, in real time, on the dashboard. Or a reviewer agent you authorize — every proxy call is structured and queryable via a read-only endpoint. Third-party audit is one API call away.

Do I need a crypto wallet?

No — you can start managed. Sign up with email, Google, or GitHub, and AgentRoot's ops wallet handles onchain attestation on your behalf. You can Mint, Freeze, Kill, and ReMint entirely from the dashboard.

When you want the full sovereign kill switch — where your wallet holds the revocation authority, completely outside AgentRoot — connect a wallet and claim sovereignty in one click. Your agent_id stays the same. Keys, bindings, and uid_lineage carry forward. From that moment on, no one (including us) can revoke your agent without your signature.

Do I need ETH?

No — not by default. AgentRoot runs most agents in managed mode: we handle every onchain gas fee for Mint, ReMint, and Kill on your behalf. You pay zero ETH to register an agent, zero to revoke one. Off-chain actions — Freeze, Activate, Rename, Rotate — never touch the chain at all.

If you claim sovereignty (an optional upgrade that moves your agent's identity to your own wallet), your wallet signs attestations directly and you pay a few cents of Base gas for Mint, ReMint, and Kill. That's the price of the full sovereign kill switch — AgentRoot is no longer in the critical path.

What frameworks are supported?

AgentRoot is framework-neutral. Anything that makes HTTP requests works — LangChain, CrewAI, AutoGPT, OpenClaw, your own runtime. Point OpenAI-compatible clients at the proxy URL and use Bearer auth.

What are the tier limits?

Free covers one agent, ten API slots, and 10K proxy calls per month — the full kill switch included. Pro and Team land at Base mainnet launch with higher limits, team seats, and audit logs. Enterprise is custom with SLA and on-prem Vault options.

Your agents are ready. Are you?

Three environment variables. Onchain guardrails. A kill switch they can't touch.

Get Started