Secure, local-first connective tissue between AI agent runtimes.
AgentLink is a platform for linking AI agent ecosystems across devices and runtimes through a shared trust, routing, policy enforcement, and audit layer. It sits above individual agent frameworks and below end-user task flows β enabling trusted-circle collaboration between nodes without forcing everyone into one runtime.
Multi-user MVP. Open-source release candidate.
What works today:
- Multi-user organizations with RBAC (owner/admin/operator/viewer)
- Invite-based onboarding with short-lived tokens
- Trust link foundation for peer-to-peer node relationships
- Node enrollment, heartbeat, and capability discovery
- Task creation, routing, policy evaluation, and approval gating
- Artifact storage (inline and file-backed) with retention policies
- Immutable audit trail with keyset pagination
- Operator dashboard with real-time node activity and task lifecycle views
- Retry semantics with exponential backoff (automatic and manual)
- WebSocket dispatch channel for live task notifications
The public stable release is not yet cut. Expect breaking changes.
Most AI agent ecosystems are powerful within a single environment but weak at interoperating across environments. AgentLink provides:
- a normalized task and artifact model across runtimes
- zero-trust enrollment, linking, and policy enforcement
- an operator-visible audit trail
- adapters that translate external runtimes into AgentLink primitives
- a local-first execution model that does not require cloud routing for all work
The initial focus is trusted-circle collaboration: two or more users securely linking their agent ecosystems under explicit permission controls.
| Path | What it is |
|---|---|
apps/api/ |
FastAPI control-plane server β enrollment, task dispatch, policy, audit, operator auth |
apps/web/ |
Next.js operator UI β task queue, audit log, node detail, approval views |
apps/node/ |
Node runtime β enrollable agent peer process |
packages/protocol/ |
Shared TypeScript types and wire-format definitions |
packages/config/ |
Shared vitest/tsconfig base configuration |
packages/utils/ |
Shared utilities |
adapters/openclaw/ |
Adapter for OpenClaw-compatible agent backends |
adapters/generic-rest/ |
Adapter for generic REST-based agent services |
docs/ |
Architecture notes, milestone specs, API docs, security notes |
scripts/release-gate.js |
Full-stack validation script (single source of CI truth) |
.github/workflows/ci.yml |
CI pipeline |
Planned (not yet present):
packages/sdk-js/andpackages/sdk-python/β public SDKsadapters/generic-websocket/β WebSocket adapterapps/desktop/β optional desktop shellservices/relay/β relay service for NAT traversal- Cross-peer task routing and federation
- Per-node capability-aware routing
- Production deployment guides
agentlink/
βββ apps/
β βββ api/ FastAPI control-plane server
β βββ web/ Next.js operator dashboard
β βββ node/ Node runtime
βββ packages/
β βββ protocol/ Shared TypeScript types (wire format)
β βββ config/ Shared build/test config
β βββ utils/ Shared utilities
βββ adapters/
β βββ openclaw/ OpenClaw runtime adapter
β βββ generic-rest/ Generic REST adapter
βββ docs/ Architecture, API, security, release notes
βββ scripts/
β βββ release-gate.js Full-stack validation (CI entry point)
βββ infra/
β βββ docker/ Docker files
βββ .github/
β βββ workflows/ci.yml
β βββ ISSUE_TEMPLATE/
βββ docker-compose.dev.yml
βββ Makefile
βββ turbo.json
βββ pnpm-workspace.yaml
+--------------------------------------------------------------+
| AgentLink Web |
| Dashboard Β· Approvals Β· Audit Β· Tasks |
+-----------------------------+--------------------------------+
|
v
+--------------------------------------------------------------+
| AgentLink Control Plane (API) |
| Enrollment Β· Auth Β· Node Registry Β· Policy Β· Tasks Β· Audit |
+-----------------------------+--------------------------------+
|
+-----------------+-----------------+
| |
v v
+---------------------------+ +---------------------------+
| AgentLink Node A | | AgentLink Node B |
| Identity Β· Policy engine | | Identity Β· Policy engine |
| Task execution | | Task execution |
| Artifact handling | | Artifact handling |
+-------------+-------------+ +-------------+-------------+
| |
v v
+--------------------------+ +--------------------------+
| OpenClaw / REST Agent | | Custom Runtime / Tools |
+--------------------------+ +--------------------------+
The control plane coordinates identity, trust, routing metadata, and audit. Execution stays local where possible.
Requester β Control Plane β Policy gate β Target Node β Adapter β Agent
β | | |
βββββββββββββββ΄βββββ Audit ββββ΄βββ Progress ββ
- Task created and normalized into a standard envelope
- Policy gate: deny or allow (with optional operator approval)
- Dispatched to target node over authenticated WebSocket channel
- Node executes or delegates to adapter/runtime
- Artifacts produced and stored (inline or file-backed)
- Audit events written for all meaningful state transitions
| Primitive | Description |
|---|---|
| Node | An installed AgentLink runtime on a device |
| Agent | A discoverable execution entity exposed by an adapter |
| Capability | A structured declaration of what a node or agent can do |
| Task | A routable unit of work |
| Artifact | A produced output or referenced object from a task |
| Policy | Rules governing visibility, access, and execution |
| Audit Event | A structured record of a meaningful system action |
Full type definitions live in packages/protocol/src/.
Prerequisites: Node >= 20, pnpm >= 9, Python >= 3.11, Docker (for PostgreSQL).
# 1. Clone and install
git clone https://github.com/jakesterns/AgentLink.git
cd agentlink
pnpm install
pip install -r apps/api/requirements.txt
# 2. Start PostgreSQL (or use an existing instance)
docker compose -f docker-compose.dev.yml up -d postgres
# 3. Apply database migrations
cd apps/api && alembic upgrade head
# 4. Seed demo data (nodes, agents, tasks, audit events)
python scripts/seed_demo.py
# 5. Start the API server
uvicorn main:app --reload --host 0.0.0.0 --port 8000 &
# 6. Start the web dashboard (from repo root)
cd ../.. && pnpm --filter @agentlink/web devOpen http://localhost:3000 to see the dashboard with seeded demo data.
| Field | Value |
|---|---|
| Operator ID | demo |
| API Key | dev-operator-key-change-in-production |
Log in at /operator/login to access approvals, audit log, and org management.
- Dashboard β See enrolled nodes, active tasks, and pending approvals
- Nodes β View node status (online/offline), capabilities, and queue health
- Submit Task β Create a task at
/tasks/newwith typeresearchand any instruction - Approvals β Approve or reject tasks requiring human approval
- Audit Log β View the full audit trail of system actions
- Task Detail β Click any task to see its lifecycle, artifacts, and routing decisions
pnpm run build
pnpm run typecheckRun tests:
# JS/TS (web + node + packages)
pnpm run test
# API
cd apps/api && python -m pytestWhere to look first:
- Protocol types:
packages/protocol/src/ - API routes:
apps/api/app/routers/ - Web pages:
apps/web/src/app/ - Node runtime:
apps/node/src/ - Adapters:
adapters/
The release gate is the canonical validation step for the entire stack. All three of the following are equivalent:
node scripts/release-gate.js # direct
pnpm run release:gate # via package.json
make release-gate # via MakefileIt runs sequentially:
pnpm install --frozen-lockfilepnpm run buildβ all TS packagespnpm run typecheckβ all TS packagespnpm run coverageβ JS/TS tests with coverage thresholds enforcedpip install -r apps/api/requirements.txtpython -m pytestβ API tests with coverage threshold enforced
Exit code 0 means the repo is in release-candidate shape.
CI runs this script directly via .github/workflows/ci.yml (job name: MVP release gate). Local and CI execution are identical β run the gate locally before opening a PR.
- Do not commit secrets,
.envfiles, or tokens to source control. - Do not add unauthenticated API endpoints.
- Do not bypass the policy gate or audit layer.
- Node enrollment, operator auth, and task dispatch are the most sensitive code paths.
See SECURITY.md for the vulnerability reporting process.
AgentLink supports multiple operators working in shared workspaces:
- Organizations β shared scoping for all resources (nodes, tasks, artifacts, audit events)
- RBAC roles β owner, admin, operator, viewer with hierarchical permissions
- Invite flow β admin creates a short-lived invite token; recipient accepts to join the org
- Trust links β directional peer trust between nodes (foundation for cross-node routing)
See docs/auth/rbac.md and docs/auth/organizations.md for details.
Post-MVP directions include:
- Cross-peer task routing via trust links
- Full trust-link federation between orgs
- Public JS and Python SDKs (
packages/sdk-js/,packages/sdk-python/) - Additional adapters (LangGraph, MCP, WebSocket)
- Smarter routing (cost-aware, latency-aware, privacy-aware dispatch)
- Richer org management UI (org switcher, member management dashboard)
- Per-node capability-aware routing
- Desktop shell (
apps/desktop/) - Relay service for NAT traversal
- Production deployment guides
Major additions should be proposed via a GitHub Discussion or issue before implementation.
See CONTRIBUTING.md for setup, workflow, PR expectations, and what not to change casually.
See CODE_OF_CONDUCT.md for community standards.
Apache-2.0. See LICENSE.