Open Standard · v0.2.0

Your agent
in a file.

The open packaging standard for AI agents. One .agent file. Any framework. Any runtime. With a trust score that proves the manifest is honest.

terminal

$pip install agentpk

$agent init fraud-detector

$agent pack ./fraud-detector --analyze

✓ Manifest validated      Level 1 +20 pts
✓ AST analysis            Level 2 +30 pts
✓ Semantic check          Level 3 +25 pts
───────────────────────────────────
fraud-detector-1.0.0.agent trust: 91 · Verified

View on GitHub → Read the Spec PyPI ↗

The Problem

Software packages describe themselves.
AI agents don't.

npm has package.json. Python has wheel metadata. Docker has inspectable layers. An AI agent with access to your production database ships as a folder of files with nothing.

Without .agent

✗No standard description of capabilities or permissions

✗No integrity check — modified files, no warning

✗No way to verify the manifest matches the code

✗No signing — anyone can claim anything

✗Framework-locked — move platforms, start over

✗No diff — can't see what changed between versions

With .agent

✓Declarative manifest — capabilities, permissions, runtime

✓SHA-256 checksums — tamper detection built in

✓Trust score — 4-level analysis, manifest vs. actual code

✓Ed25519 signing — cryptographic authorship proof

✓Framework-agnostic — one file, any runtime

✓agent diff — inspect exactly what changed

The Format

Inside a .agent file

A single portable archive. Four components. Everything a runtime needs to verify an agent before executing it.

fraud-detector-1.0.0.agent ZIP archive · portable · inspectable

📄manifest.yaml

Declarative identity

Name, version, author, runtime, entry point, capabilities, permissions, dependencies.

Open spec

🔒checksums.sha256

Integrity verification

SHA-256 hash over all manifest content. Detects any modification after packaging.

Tamper-evident

⭐trust_score

Behavioral trust score

0–100 from multi-level code analysis. Does the manifest match what the code actually does? No other packaging format has this.

Unique to .agent

📁source/

Agent source

Your code. Python, Node, TypeScript, Go, Java, or anything else. Runtime-declared in manifest.yaml.

Any runtime

Trust Score

The manifest that
proves itself.

A self-reported manifest says what the developer wrote. The trust score runs actual analysis against the code and produces a score based on evidence — not claims.

Schema validation

Manifest parses, required fields present, format valid. Table stakes.

+20

points

Static AST analysis

Full AST on Python, Node, TypeScript. Pattern-based on Go and Java. What APIs does it call? What does it actually access?

+30

points

LLM semantic check

Does this manifest accurately describe what the code does? Citation-required output. Needs an API key you supply.

+25

points

Runtime sandbox

Execute in isolation. Observe actual behavior. Compare against manifest claims. Catches what static analysis misses.

+25

points

90–100

Verified

75–89

High

60–74

Moderate

40–59

Low

0–39

Unverified

CLI & SDK

Pack. Sign. Diff. Ship.

Terminal. Python SDK. REST API. Browser UI. Every interface for every workflow.

Pack with trust scoreCore

$ agent pack ./my-agent --analyze
# trust: 87 (High)

$ agent pack ./my-agent --analyze --level 3
# includes LLM semantic check

$ agent inspect my-agent-1.0.0.agent
# view manifest + trust score

Sign & verifySecurity

$ agent keygen --out my-key.pem
# Ed25519 key pair

$ agent sign my-agent-1.0.0.agent --key my-key.pem
# → my-agent-1.0.0.agent.sig

$ agent verify my-agent-1.0.0.agent --key my-key.pub.pem
✓ Signature valid

Diff two versionsAudit

$ agent diff v1.0.0.agent v1.1.0.agent

manifest.yaml
+ capabilities: [read, write, query]
- capabilities: [read, query]

trust: 87 → 91 (+4)

Python SDKSDK

from agentpk import pack, analyze

result = pack("./my-agent", analyze=True)
print(result.trust_score) # 87
print(result.trust_label) # "High"
print(result.package_path) # .agent file

Capabilities

Everything you need.
Nothing you don't.

📦

Single portable file

One .agent file. Email it, drop it in a CI pipeline, upload to a registry. Travels without a git repo attached.

Core

⭐

Behavioral trust score

The only packaging format that analyzes whether the manifest matches the code. 0–100, four levels, honest by design.

Unique

🔐

Ed25519 signing

Cryptographic authorship. Recipients verify before they run anything. A .sig file travels with the package.

Core

🌐

Multi-language

Full AST for Python, Node.js, TypeScript. Pattern-based for Go and Java. Structural packaging for any language.

Core

↔

Version diffing

agent diff shows exactly what changed between any two .agent files — manifest, capabilities, trust score delta.

Core

🖥

Browser UI + REST API

Package and certify without a terminal. REST API for CI/CD. agent serve starts both on localhost.

v0.2

🔗

Framework-agnostic

LangGraph, CrewAI, AutoGen, OpenAI SDK, custom Python, Go, Java. The format doesn't care how you built it.

Open

⚡

Zero required deps

Core packaging needs only five Python packages. Level 3 needs an LLM key. Level 4 needs Docker. Everything else works offline.

Core

📋

Manifest generation

agent generate analyzes your code and produces manifest.yaml with REVIEW markers on fields it couldn't determine automatically.

Core

Open Standard

Built to be
adopted, not owned.

The spec is CC BY 4.0 — implement it, fork it, build registries on top of it. The CLI and SDK are MIT. The goal is an ecosystem, not a product monopoly.

The .agent format is to AI agents what .whl is to Python packages. A portable, self-describing, verifiable unit anyone can implement.

SPEC.md — Agent Package Format

SPEC.mdFull format specificationCC BY 4.0

TRUST.mdTrust score referenceCC BY 4.0

WHY.mdDesign rationaleMIT

schema/JSON Schema for manifestMIT

examples/16 example packagesMIT

Your agentin a file.

Software packages describe themselves.AI agents don't.

Inside a .agent file

The manifest thatproves itself.

Pack. Sign. Diff. Ship.

Everything you need.Nothing you don't.

Single portable file

Behavioral trust score

Ed25519 signing

Multi-language

Version diffing

Browser UI + REST API

Framework-agnostic

Zero required deps

Manifest generation

Any framework.Any runtime.

Built to beadopted, not owned.