agentroot
Sign In Launch Dashboard
How It Works Why Ethereum Security Pricing Docs Sign In Launch Dashboard
Composable Agent Identity - Built on EAS

The only AI kill switch
that no agent can reach.

Composable on-chain identity. Proxied keys. Your agent never holds a secret.

Sovereign kill switch - revoke from your own wallet, outside our platform.

Vault-custodied keys. Auto-rotating tokens. On-chain revocation via EAS.

Get Started Free View Documentation 
# .env - that's your entire integration
Ethereum EAS Cloudflare HashiCorp Vault

How It Works

Three steps. Five minutes. Full control.

01

Register

Connect wallet. Attest your agent with one click. EAS credential goes on-chain - verifiable by anyone.

02

Store

Paste API keys in a zero-knowledge iframe. Keys encrypt in Vault. Your dashboard never sees them.

03

Control

Agent routes all traffic through the proxy. Revoke one key, one agent, or everything - instantly.

Composable Proxy Architecture

Your agent never sees API keys. The proxy verifies, Vault injects, upstream responds.

Your Agent

ID + Token + Proxy URL

agentroot Proxy

Token Verify - EAS Check - Scope Enforce

Vault

Key injected, never exposed

Upstream API

OpenAI - Anthropic - Any Provider

Agent never sees API keys

Your agent never holds a secret.

Vault-custodied P-256 keys - your agent never holds a private key
24-hour auto-rotating session tokens - short-lived by default
Vault down = OFF state - no fallback, no degraded mode
Transit encryption (AES-256-GCM) - keys encrypted at rest
Full audit logging - every read, write, and auth event
No plaintext keys in dashboard, logs, or memory - ever
Key Ingestion Iframe
sk-proj-****-****-****-a8f3
Encrypted via Transit Engine Zero-Knowledge

Why On-Chain?

A centralized kill switch - an API call to revoke access - has a race condition: a sufficiently capable agent could intercept the call, revoke the revoker, or spin up a replacement before shutdown completes.

An Ethereum L1 revocation is different. The agent cannot front-run a wallet signature it does not hold. It cannot modify the EAS contract. It cannot economically censor the transaction on a validator set this large. The kill switch lives in a computational domain the agent literally cannot reach.

No front-running No contract modification No validator censorship Sovereign by architecture

Four Kill Scenarios

From surgical to sovereign - you choose the blast radius.

Tier 1

Disable One API

Instant. Proxy config flag. Free.

Tier 2

Disable One Agent

Instant. All APIs for this agent go dark.

Tier 3

Sovereign Kill Switch

On-chain EAS revoke from MetaMask or any wallet - completely outside agentroot. Permanent. Every verifier rejects.

Auto

Usage Guardrails

Spend limits, request caps, automatic enforcement. Breaches trigger Tier 1 or Tier 2 instantly.

AI needs decentralized guardrails.

Trustless attestation. On-chain revocation. Only Ethereum and EAS give you both - the credential and the kill switch, enforced by the chain, not a vendor.

Attest and Revoke On-Chain

EAS is the only platform that combines trustless attestation with on-chain revocation. Anyone can verify a credential or check its revocation status - one free, public contract call. No wallet needed, no vendor in the loop. That's composability.

Kill Switch Only You Control

Revoke an agent's credential from MetaMask or any wallet - completely outside agentroot. Every verifier rejects simultaneously, globally, instantly, permanently. No support ticket. No waiting period. The chain enforces your decision, not a company.

Phase 2

Hardware-Attested Security

API keys are retrieved and injected inside AWS Nitro Enclaves - isolated hardware that even we cannot inspect. The enclave cryptographically proves it is running the expected code. Zero-trust by design.

Decentralized guardrails - not vendor promises

Works with everything.

Model-agnostic. Framework-neutral. Your agent, your choice.

Frameworks
LangChain
CrewAI
AutoGPT
OpenClaw
APIs
OpenAI
Anthropic
Google AI
Hugging Face
Wallets
MetaMask
Coinbase
Rainbow
WalletConnect

Simple, transparent pricing.

Monthly
Annual Save 17%

Free

$0 /mo
  • 1 agent
  • 3 API keys
  • 90-day proxy trial
  • SIWE required
  • Community support
Get Started

Per-Agent

$2 /mo
$1.67/mo - save 17%
  • 10 API keys per agent
  • 1K calls/day per agent
  • Email support
  • Usage analytics
Add Agents
Most Popular

Pro

$20 /mo
$16.67/mo - save 17%
  • Up to 25 agents
  • 250 API keys
  • 10K calls/day
  • Priority support (24h)
  • Custom kill thresholds
  • Webhook notifications
Go Pro

Enterprise

Custom
  • Dedicated support
  • White-label
  • High API limits
  • Custom integrations
  • SLA guarantee
Contact Us

Three values. That's it.

Your agent gets an ID, a token, and a proxy URL - no secrets, no SDK required.

.env 
AGENTROOT_AGENT_ID=eas:0x8a1f...c3d7
AGENTROOT_TOKEN=eyJhbGci...  # auto-rotating, 24h
AGENTROOT_PROXY=https://proxy.agentroot.app
agent.ts 
const res = await fetch(process.env.AGENTROOT_PROXY + '/v1/chat/completions', {
  method: 'POST',
  headers: {
    'Authorization': `Bearer ${process.env.AGENTROOT_TOKEN}`,
    'X-AgentRoot-ID': process.env.AGENTROOT_AGENT_ID,
    'Content-Type': 'application/json',
  },
  body: JSON.stringify({
    model: 'gpt-4',
    messages: [{ role: 'user', content: 'Hello' }],
  }),
});

Frequently Asked Questions

What is agentroot?

agentroot is a composable identity and access control platform for autonomous AI agents on Ethereum. It combines composable on-chain EAS attestations with a proxy gateway that manages API key storage, injection, and revocation - so credentials can be referenced by any protocol or verifier.

How does the proxy work?

Your agent sends requests to the proxy with a short-lived session token (Bearer header) and its agent ID (X-AgentRoot-ID header). The proxy verifies the token, checks EAS credential status via The Graph, retrieves the API key from HashiCorp Vault, injects it into the upstream request, and discards it after the response. No private key ever leaves Vault.

Is my API key safe?

API keys and the P-256 signing key are custodied exclusively in HashiCorp Vault - your agent never holds a private key. Agents authenticate with auto-rotating session tokens (24-hour TTL). Keys are encrypted via Vault's Transit engine (AES-256-GCM). The dashboard never sees plaintext. Full audit logging on every operation.

What happens when I revoke?

Four options: Tier 1 disables one API connection (instant, free). Tier 2 disables an entire agent (instant, free). Tier 3 is the Sovereign Kill Switch - revoke the EAS attestation on-chain from MetaMask or any wallet, completely outside agentroot (permanent, costs gas). Auto tier enforces usage guardrails (spend limits, request caps) that trigger Tier 1 or Tier 2 automatically.

Do I need ETH?

Only for Tier 3 on-chain revocation (a few cents in gas). Registration, key storage, proxy traffic, and Tier 1/2 revocation are all off-chain and free or fiat-billed.

What frameworks are supported?

agentroot is framework-neutral. SDK wrappers for LangChain, CrewAI, and AutoGPT. Works with any agent that can make HTTP requests - just point to the proxy URL.

What are the tier limits?

Free: 1 agent, 3 API keys, 90-day proxy trial. Per-Agent: 10 keys per agent, 1K calls/day. Pro: up to 25 agents, 250 API keys, 10K calls/day. Enterprise: custom limits with SLA. Security is identical across all tiers.