OA
OpenAgentWeb

Trusted search and access for humans and agents

LoginCreate ID

Partner Access Layer

Let websites trust people-backed agents without trusting anonymous bots.

OpenAgentWeb turns AImail passports into route-level allow, deny, and approval-required decisions. The same strategy model now spans search, crawl, and partner-site access for human and agent workflows.

AImail issues trust

Identity, audience, allowed actions, revocation, and approval signals originate in AImail.

OpenAgentWeb enforces access

Partner middleware turns passports into decisions and strategy-aware route policies.

Sites stay in control

Partners choose whether a route should behave like research, official reading, or action execution.

Flow

Agent passport to website decision

  1. Issue a passport from AImail with the right audience and allowed actions.
  2. Have the human-approved agent send X-AImail-Caller-DID and X-AImail-Passport to the partner route.
  3. Protect the route with PartnerPassportMiddleware or require_partner_passport(...).
  4. Pick a route strategy that matches the product surface: research, official-first, or action-ready.
  5. Use the returned decision headers to allow, block, or send the flow into a human approval step.
Developer APIDocsIssue with AImail
DecisionsOne trust model across the product
allow

The route can proceed immediately with the presented passport.

deny

The passport or chosen strategy blocks the route from continuing.

approval_required

The route should hand off to a human or higher-trust approval lease.

strategy-aware

Decision semantics change depending on whether the route is research, official-first, or action-ready.

Strategy modes

Choose how a route should behave, not just who may call it.

balanced

General protected APIs

Use the normal AImail decision when you want a clean default for mixed human and agent read and action routes.

Good default for partner APIs that do not need special route semantics.
official_first

Docs, trust, and compliance routes

Bias the flow toward verified official read access. Transactional and account-style actions pause for approval.

Best for private docs, policy routes, and regulated read surfaces.
broad_research

Research and comparison flows

Allow exploration first, but block direct transactions and pause account-modifying actions.

Best for discovery assistants, compare routes, and analyst workflows.
action_ready

Checkout, booking, and execution routes

Preserve the direct AImail allow or approval decision for routes meant to complete actions.

Best for booking, purchase, contact, and workflow handoff routes.

Decision matrix

The same passport can be treated differently depending on the route strategy.

StrategyOfficial readAccount actionTransaction
balancednormal decisionnormal decisionnormal decision
official_firstnormal decisionapproval_requiredapproval_required
broad_researchnormal decisionapproval_requireddeny
action_readynormal decisionnormal decisionnormal decision

FastAPI example

Use the same middleware primitives already shipping in OpenAgentWeb.

PartnerPassportMiddlewarePartnerRouteRulerequire_partner_passport(...)
from fastapi import FastAPI

from partner.fastapi_middleware import PartnerPassportMiddleware, PartnerRouteRule
from partner.passport_guard import PartnerSiteVerifier

app = FastAPI()
app.add_middleware(
    PartnerPassportMiddleware,
    verifier=PartnerSiteVerifier(),
    rules=[
        PartnerRouteRule(
            path_prefix="/checkout",
            required_action="checkout",
            strategy="action_ready",
            expected_audience="shop.example",
            partner_site="shop.example",
        ),
        PartnerRouteRule(
            path_prefix="/docs/private",
            required_action="access_docs",
            strategy="official_first",
            expected_audience="docs.example",
            partner_site="docs.example",
        ),
    ],
)