Secure, local-first connective tissue between AI agent runtimes.
AgentLink is a platform for linking AI agent ecosystems across devices and runtimes through a shared trust, routing, policy enforcement, and audit layer. It sits above individual agent frameworks and below end-user task flows — enabling trusted-circle collaboration between nodes without forcing everyone into one runtime.
Multi-user MVP. Open-source release candidate.
What works today:
- Multi-user organizations with RBAC (owner/admin/operator/viewer)
- Invite-based onboarding with short-lived tokens
- Trust link foundation for peer-to-peer node relationships
- Node enrollment, heartbeat, and capability discovery
- Task creation, routing, policy evaluation, and approval gating
- Artifact storage (inline and file-backed) with retention policies
- Immutable audit trail with keyset pagination
- Operator dashboard with real-time node activity and task lifecycle views
- Retry semantics with exponential backoff (automatic and manual)
- WebSocket dispatch channel for live task notifications
The public stable release is not yet cut. Expect breaking changes.
Most AI agent ecosystems are powerful within a single environment but weak at interoperating across environments. AgentLink provides:
- a normalized task and artifact model across runtimes
- zero-trust enrollment, linking, and policy enforcement
- an operator-visible audit trail
- adapters that translate external runtimes into AgentLink primitives
- a local-first execution model that does not require cloud routing for all work
The initial focus is trusted-circle collaboration: two or more users securely linking their agent ecosystems under explicit permission controls.
| Path | What it is |
|---|---|
apps/api/ |
FastAPI control-plane server — enrollment, task dispatch, policy, audit, operator auth |
apps/web/ |
Next.js operator UI — task queue, audit log, node detail, approval views |
apps/node/ |
Node runtime — enrollable agent peer process |
packages/protocol/ |
Shared TypeScript types and wire-format definitions |
packages/config/ |
Shared vitest/tsconfig base configuration |
packages/utils/ |
Shared utilities |
adapters/openclaw/ |
Adapter for OpenClaw-compatible agent backends |
adapters/generic-rest/ |
Adapter for generic REST-based agent services |
docs/ |
Architecture notes, milestone specs, API docs, security notes |
scripts/release-gate.js |
Full-stack validation script (single source of CI truth) |
.github/workflows/ci.yml |
CI pipeline |
Planned (not yet present):
packages/sdk-js/andpackages/sdk-python/— public SDKsadapters/generic-websocket/— WebSocket adapterapps/desktop/— optional desktop shellservices/relay/— relay service for NAT traversal- Cross-peer task routing and federation
- Per-node capability-aware routing
- Production deployment guides
agentlink/
├── apps/
│ ├── api/ FastAPI control-plane server
│ ├── web/ Next.js operator dashboard
│ └── node/ Node runtime
├── packages/
│ ├── protocol/ Shared TypeScript types (wire format)
│ ├── config/ Shared build/test config
│ └── utils/ Shared utilities
├── adapters/
│ ├── openclaw/ OpenClaw runtime adapter
│ └── generic-rest/ Generic REST adapter
├── docs/ Architecture, API, security, release notes
├── scripts/
│ └── release-gate.js Full-stack validation (CI entry point)
├── infra/
│ └── docker/ Docker files
├── .github/
│ ├── workflows/ci.yml
│ └── ISSUE_TEMPLATE/
├── docker-compose.dev.yml
├── Makefile
├── turbo.json
└── pnpm-workspace.yaml
+--------------------------------------------------------------+
| AgentLink Web |
| Dashboard · Approvals · Audit · Tasks |
+-----------------------------+--------------------------------+
|
v
+--------------------------------------------------------------+
| AgentLink Control Plane (API) |
| Enrollment · Auth · Node Registry · Policy · Tasks · Audit |
+-----------------------------+--------------------------------+
|
+-----------------+-----------------+
| |
v v
+---------------------------+ +---------------------------+
| AgentLink Node A | | AgentLink Node B |
| Identity · Policy engine | | Identity · Policy engine |
| Task execution | | Task execution |
| Artifact handling | | Artifact handling |
+-------------+-------------+ +-------------+-------------+
| |
v v
+--------------------------+ +--------------------------+
| OpenClaw / REST Agent | | Custom Runtime / Tools |
+--------------------------+ +--------------------------+
The control plane coordinates identity, trust, routing metadata, and audit. Execution stays local where possible.
Requester → Control Plane → Policy gate → Target Node → Adapter → Agent
↑ | | |
└─────────────┴───── Audit ───┴─── Progress ─┘
- Task created and normalized into a standard envelope
- Policy gate: deny or allow (with optional operator approval)
- Dispatched to target node over authenticated WebSocket channel
- Node executes or delegates to adapter/runtime
- Artifacts produced and stored (inline or file-backed)
- Audit events written for all meaningful state transitions
| Primitive | Description |
|---|---|
| Node | An installed AgentLink runtime on a device |
| Agent | A discoverable execution entity exposed by an adapter |
| Capability | A structured declaration of what a node or agent can do |
| Task | A routable unit of work |
| Artifact | A produced output or referenced object from a task |
| Policy | Rules governing visibility, access, and execution |
| Audit Event | A structured record of a meaningful system action |
Full type definitions live in packages/protocol/src/.
Prerequisites: Node >= 20, pnpm >= 9, Python >= 3.11, Docker (for PostgreSQL).
# 1. Clone and install
git clone https://github.com/jakesterns/AgentLink.git
cd agentlink
pnpm install
pip install -r apps/api/requirements.txt
# 2. Start PostgreSQL (or use an existing instance)
docker compose -f docker-compose.dev.yml up -d postgres
# 3. Apply database migrations
cd apps/api && alembic upgrade head
# 4. Seed demo data (nodes, agents, tasks, audit events)
python scripts/seed_demo.py
# 5. Start the API server
uvicorn main:app --reload --host 0.0.0.0 --port 8000 &
# 6. Start the web dashboard (from repo root)
cd ../.. && pnpm --filter @agentlink/web devOpen http://localhost:3000 to see the dashboard with seeded demo data.
| Field | Value |
|---|---|
| Operator ID | demo |
| API Key | dev-operator-key-change-in-production |
Log in at /operator/login to access approvals, audit log, and org management.
- Dashboard — See enrolled nodes, active tasks, and pending approvals
- Nodes — View node status (online/offline), capabilities, and queue health
- Submit Task — Create a task at
/tasks/newwith typeresearchand any instruction - Approvals — Approve or reject tasks requiring human approval
- Audit Log — View the full audit trail of system actions
- Task Detail — Click any task to see its lifecycle, artifacts, and routing decisions
pnpm run build
pnpm run typecheckRun tests:
# JS/TS (web + node + packages)
pnpm run test
# API
cd apps/api && python -m pytestWhere to look first:
- Protocol types:
packages/protocol/src/ - API routes:
apps/api/app/routers/ - Web pages:
apps/web/src/app/ - Node runtime:
apps/node/src/ - Adapters:
adapters/
The release gate is the canonical validation step for the entire stack. All three of the following are equivalent:
node scripts/release-gate.js # direct
pnpm run release:gate # via package.json
make release-gate # via MakefileIt runs sequentially:
pnpm install --frozen-lockfilepnpm run build— all TS packagespnpm run typecheck— all TS packagespnpm run coverage— JS/TS tests with coverage thresholds enforcedpip install -r apps/api/requirements.txtpython -m pytest— API tests with coverage threshold enforced
Exit code 0 means the repo is in release-candidate shape.
CI runs this script directly via .github/workflows/ci.yml (job name: MVP release gate). Local and CI execution are identical — run the gate locally before opening a PR.
- Do not commit secrets,
.envfiles, or tokens to source control. - Do not add unauthenticated API endpoints.
- Do not bypass the policy gate or audit layer.
- Node enrollment, operator auth, and task dispatch are the most sensitive code paths.
See SECURITY.md for the vulnerability reporting process.
AgentLink supports multiple operators working in shared workspaces:
- Organizations — shared scoping for all resources (nodes, tasks, artifacts, audit events)
- RBAC roles — owner, admin, operator, viewer with hierarchical permissions
- Invite flow — admin creates a short-lived invite token; recipient accepts to join the org
- Trust links — directional peer trust between nodes (foundation for cross-node routing)
See docs/auth/rbac.md and docs/auth/organizations.md for details.
Post-MVP directions include:
- Cross-peer task routing via trust links
- Full trust-link federation between orgs
- Public JS and Python SDKs (
packages/sdk-js/,packages/sdk-python/) - Additional adapters (LangGraph, MCP, WebSocket)
- Smarter routing (cost-aware, latency-aware, privacy-aware dispatch)
- Richer org management UI (org switcher, member management dashboard)
- Per-node capability-aware routing
- Desktop shell (
apps/desktop/) - Relay service for NAT traversal
- Production deployment guides
Major additions should be proposed via a GitHub Discussion or issue before implementation.
See CONTRIBUTING.md for setup, workflow, PR expectations, and what not to change casually.
See CODE_OF_CONDUCT.md for community standards.
Apache-2.0. See LICENSE.