Discovery · Execution · Safety

Why agents can start
from one URL.

agent-exec does not ask the agent to learn a new protocol first. It exposes a machine through familiar web primitives: Markdown, HTTP, API keys, and server-enforced permissions.

The model

The first response tells the agent where to go next.

The public entry point is/SKILL.md. It describes the machine, the protected API, and the rules for execution. Protected calls useX-API-Key.

StartGET /SKILL.md

↓

CheckGET /api/acl

↓

ExploreGET /api/plugins

↓

ExecutePOST /api/exec

Agent-friendly responses

Even a wrong path points back to the entry point.

If an agent hits an unknown route, the server returns a small guide response. This is not a full specification. It is just enough direction to recover and continue.

404 guide response

{
  "error": "not found",
  "hint": "Read /SKILL.md first, then inspect /api/acl with X-API-Key before executing commands.",
  "skill": "/SKILL.md",
  "path": "/unknown",
  "suggest": ["GET /SKILL.md", "GET /api/acl", "GET /api/plugins", "POST /api/exec"]
}

Boundary

The agent discovers. The machine enforces.

The agent may read documents and choose a next action, but execution is still controlled by the machine. ACLs are checked server-side, and commands outside the allowed policy are rejected.

That is the core idea: URL + API key is enough to start, but not enough to bypass policy.

A small surface is easier for agents to use.

Start with one document. Load details only when needed. Execute only what is allowed.

Try agent-exec Back to product

Why agents can startfrom one URL.

The first response tells the agent where to go next.

Even a wrong path points back to the entry point.

The agent discovers. The machine enforces.

A small surface is easier for agents to use.

Why agents can start
from one URL.