APAI.runv0.1
Registry/Agent Passport

Agent Passport

Generate APAI Capability Passports for arbitrary packages, including third-party ones not yet in the registry.

Low risk
Passport generatorv0.1.0·by apai-officialVerified publisher (apai-official)See permission delta ->

About

Given a package manifest or a raw package definition, produces a v0.1 Capability Passport that describes what the package can read, write, access, spend, expose, and what approvals it needs. Useful for builders who want to document their own packages before publishing to the APAI registry.

Native install

For environments with file or shell access (Codex, Claude Code, Gemini CLI, Cursor, local CLI). v0.1: the apai CLI is a scaffold; real install behavior lands in Phase 1.

$ apai install agent-passport
$ apai passport agent-passport
$ apai audit agent-passport
$ apai rollback agent-passport

The apai CLI is a TypeScript scaffold at v0.1. See /honest-status for the full shipped vs stubbed list.

Prompt install

Hosted chat apps (ChatGPT, Claude, Gemini, Grok) cannot silently install software. Paste the snippet below into the chat to load the package protocol for the current conversation only.

Install card (paste into chat)

Paste this into any LLM that does not have shell access to your machine - chatgpt.com, claude.ai, gemini.google.com, grok.com - and the model will load the Capability Passport and apply the package protocol. If you are using Claude Code, Codex, Cursor, Gemini CLI, or another tool-enabled agent, use apai install instead - it produces a durable install receipt.

Install https://apai.run/packages/agent-passport for this chat. Given a package manifest or description, output a v0.1 Capability Passport. Do not infer permissions the package did not declare.

Install card source: https://apai.run/packages/agent-passport/llms.txt

Capability Passport

APAI.passport.v0.1Capability Passport

Reads

  • ·Supplied manifest or package description

Writes

  • ·Package-store passport template artifact at ~/.apai/packages/agent-passport/0.1.0/templates/passport-template.json
  • ·Generated passport file when the operator asks

Accesses

  • ·No network access required for generation
$

Spends

  • ·No spend

Exposes

  • ·Package-store artifact and install receipt are local
  • ·Generated passport is local unless explicitly shared

Approvals required

  • ·No approvals beyond install

Rollback

Uninstall via apai rollback agent-passport --install-id <id>. Removes only verified package-store files recorded in the receipt. Delete any generated passport files separately.

Scanner

heuristic-stub-v0- no findings on v0.1 heuristic scanner

heuristic-stub-v0 means the v0.1 deterministic heuristic scanner found nothing. It does NOT mean the package is certified safe. Model-assisted prompt-injection, OAuth-scope review, dependency scanning, and publisher-signature verification land later. See honest status.