AgentDOM is an open-source protocol that gives AI agents structured, typed access to any software interface — web, desktop, and CLI. Instead of screenshot-based interaction, it creates a machine-readable schema that agents use to call named functions.

How is AgentDOM different from screenshot-based agents?

Screenshot agents take a picture of the screen and use vision models to guess where to click. AgentDOM creates a structured schema — forms become typed functions like login(email, password). This is faster (milliseconds vs seconds), cheaper (no vision API costs), and deterministic.

What platforms does AgentDOM support?

AgentDOM supports web (via script tag or npm), desktop (macOS and Windows via native APIs), and CLI. It integrates with OpenAI, Google Gemini, Claude/MCP, HTTP API, A2A Protocol, and has a Chrome Extension.

Open Standard · MIT License · v3.2

The machine-readable
interface for AI agents

Name: AgentDOM
Author: AgentDOM

Agents shouldn't click buttons. dispatch_intent() gives them a typed, transport-agnostic primitive over any API, CLI, browser, or desktop — with OAuth resolved automatically and zero human interaction at runtime.

terminal

// One command. Any software.
$ agentdom auth linear.app         # one-time OAuth consent
$ agentdom auth resend.com          # API key, stored in Keychain

// Then let the agent do the work
$ agentdom goal "Create a Linear ticket for the login crash
  and send a Slack summary to #engineering"

Get Started

Star on GitHub

[ 01 / 06 ] · The Problem

Browser automation is the wrong abstraction

Vision model + CDP screenshot loop = 3–8 s/action, brittle on every deploy, and no structured result to verify. Agents need a stable API contract — not pixel coordinates.

Today — designed for humans

Agent sees a form → takes screenshot → sends to vision model → guesses coordinates → clicks → waits → repeats

Agents click buttons in a browser designed for humans
Screenshots cost $$$, break on any UI change
5+ seconds per action through a vision model
Auth requires a human to log in each time

AgentDOM — built for agents

Agent declares intent → wallet provides token → one HTTP call → structured result

Machine-readable interface: dispatch_intent("contacts.create")
Polyfill registry covers 50+ SaaS with zero vendor cooperation
~120ms per API action, no LLM vision call needed
One-time OAuth consent stored in OS Keychain forever

[ 02 / 06 ] · dispatch_intent()

One function. Any transport.

Agents pass intent + args + provider. AgentDOM selects the lowest-latency transport — REST API, CLI bridge, Browser CDP, or Desktop AX — and injects the resolved credential automatically.

Agent calls this

// Agent says what it wants — AgentDOM figures out how
dispatch_intent("issues.create", {
  title:    "Login crash on iOS 17",
  priority: 1,
  teamId:   "ENG"
}, "linear.app")

// → looks up wallet token → POST https://api.linear.app/graphql
// → { success: true, issue: { id: "ENG-42", url: "..." } }
// Total latency: ~120ms. No browser. No screenshot.

Transport priority
① REST/GraphQL API    ~120ms ✓ cheapest
② CLI bridge          ~200ms
③ Browser CDP         ~300ms
④ Desktop AX (macOS) ~100ms
⑤ Coordinate click    last resort

[ 03 / 06 ] · secrets.resolve()

7-source credential waterfall

Agent Token Protocol → env var → base64 wallet → wallet file → OS Keychain → AWS SSM → HashiCorp Vault. Local-first: no cloud token proxy, no escrow service, tokens never leave your infrastructure.

How it works
// First time: browser opens, human approves OAuth once
$ agentdom auth hubspot.com
  → Stored in macOS Keychain. Never leaves your machine.

// All future calls: silent, auto-refreshed, zero prompts
dispatch_intent("contacts.create", { email: "alice@acme.com" })
// → token fetched from Keychain → 1 API hop → done

Storage backend

macOS  → Keychain Access
Windows → Credential Manager
Linux   → libsecret / KWallet
Auto-refresh: 5min before expiry
Offline: bundled manifests + cached tokens

[ 04 / 06 ] · Manifest Registry

50+ providers. Zero vendor buy-in.

Polyfill manifests auto-generated from public OpenAPI specs. Each maps semantic intent IDs to REST endpoints, auth headers, side-effect classes, and optional Agent Token Protocol endpoints for M2M token issuance.

Manifest schema — serve at GET /.well-known/agentdom.json

// .well-known/agentdom.json (any vendor publishes this)
{
  "version": "1.0",
  "host": "yourapp.com",
  "auth": { "method": "oauth2", ... },
  "capabilities": [{
    "intent":      "contacts.create",
    "transport":   "api",
    "endpoint":    "https://api.yourapp.com/contacts",
    "side_effects": ["external"]
  }]
}

Auth methods supported by the protocol

oauth2_pkceBrowser redirect

S256 code_challenge — no client_secret required

oauth2_deviceDevice code poll

RFC 8628 — no browser redirect, works headless

api_keyHeader injection

Authorization / x-api-key — stored in OS Keychain

agent_tokensM2M provisioning

Agent self-provisions scoped token — no human needed

oauth2_ccClient credentials

Machine-to-machine — no user context

dispatch_intent() — full parameter reference

field	type	example	description
intent	string	"contacts.create"	Semantic action ID — provider-scoped, versioned
args	object	{ email, name, ... }	Typed parameters — validated against manifest schema
provider	string?	"api.hubspot.com"	Optional — auto-resolved from intent registry if omitted
transport	enum	"api" \| "cli" \| "browser"	Override dispatch priority — default: auto
side_effects	string[]	["external", "send"]	Effect classes — gates policy engine before execution
verify	string?	"result.data.id != null"	JS expression evaluated post-execution for correctness
timeout_ms	number?	15000	Per-step timeout — default 15s, overridable per intent
dry_run	boolean?	true	Plan-only mode — validate + cost-estimate, no execution

[ 05 / 06 ] · Agent Runtime

Plan → execute → verify → replan

LLM emits a structured JSON plan. Each step runs through policy check → dispatch_intent → result verification. Failed steps trigger LLM replanning. Session state checkpointed to disk.

Dispatch Router

Intent → cheapest available transport. API < CLI < CDP/browser < AX/desktop < coordinate. Agents always get the fastest path.

Auth Wallet

OS Keychain (macOS/Windows/Linux) stores OAuth tokens. One consent, then silent forever. Auto-refreshes before expiry.

Polyfill Registry

50+ SaaS manifests hosted at agentdom.dev/manifests/. Agents work with HubSpot, Stripe, Linear, Slack — before vendors do anything.

Episodic Memory

Cross-session memory stores what worked and what failed per provider. Agents learn and improve over time.

Policy Engine

Per-effect allow/prompt/deny. read=allow, send=prompt, delete=deny by default. Human approves sensitive actions.

Plan-Execute-Verify

Explicit JSON plan → policy check → execute → verify result → replan on failure. Not greedy one-shot calls.

Universal Surfaces

REST/GraphQL, Web CDP (Shadow DOM, iframes, React), Electron, macOS AX, CLI — all behind the same intent interface.

.well-known Standard

Open spec. Vendors publish agentdom.json to declare capabilities. Agents discover and use new tools without any code changes.

[ 06 / 06 ] · Agent Token Protocol

Zero-human auth for autonomous agents

ATP replaces OAuth browser redirects with a cryptographic machine-to-machine handshake. Your agent authenticates at 3am — no human needed.

OAuth (The Old Way)

1Agent needs API access

2Opens browser window

3Human clicks “Allow”

4Redirect back with code

5Exchange code for token

⏱️ 30+ seconds · Breaks overnight · Requires human

ATP (The AgentDOM Way)

1Agent sends HMAC-signed request

2Server verifies signature

3Scoped token returned

⚡ 80ms · Works at 3am · Fully autonomous

agent code

// No browser. No human. Just math.
const token = await requestToken('stripe.com', {
  scopes:  ['charges.read', 'refunds.create'],
  purpose: 'Process refund for order #4821'
});

// → { access_token: "at_...", expires_in: 3600 }
// Stored in OS Keychain. Auto-refreshes before expiry.

HMAC-SHA256 Signed

Every request signed with a pre-shared secret. Constant-time verification prevents timing attacks.

Stable Device Identity

Hardware UUID fingerprint — same identity across reboots. No registration required.

80ms Round-Trip

Direct handshake. No browser, no redirect, no cloud proxy.

Read ATP Docs

Protocol Compatibility

Implements open standards. No lock-in.

AgentDOM exposes a native MCP server (stdio + SSE) and implements OpenAI function-calling and Anthropic tool-use schemas out of the box. Any framework that speaks these protocols connects with zero glue code.

MCP (stdio)

MCP (SSE)

OpenAI Function Calling

Anthropic Tool Use

JSON Schema v7

OpenAPI 3.x

OAuth 2.0 + PKCE

RFC 8628 Device Flow

MCP stdio server (Claude Code / Cursor)

claude mcp add agentdom -- node \
  $(npm root -g)/agentdom/desktop-mcp-server.js

OpenAI function-calling schema

const tools = await agentdom.toOpenAI('contacts.create');
// → { type: "function", function: { name, parameters } }

HTTP SSE server (any MCP client)

node $(npm root -g)/agentdom/mcp-api-server.js
# Listens on http://localhost:3001/mcp

For API Publishers

Serve one JSON file. Every agent finds you.

Serve GET /.well-known/agentdom.json — declare intents, auth method, and an Agent Token Protocol endpoint for M2M credential issuance. Zero SDK required. Works with every AgentDOM client immediately.

Generate from OpenAPI

npx agentdom-publisher init \
  --openapi=./openapi.json \
  --host=api.yourapp.com

Publish to your domain

# Deploy to:
https://yourapp.com/.well-known/agentdom.json

Agents discover you instantly

dispatch_intent("contacts.create", {...},
  "yourapp.com")
# → works immediately, no code changes

The machine-readableinterface for AI agents