That evening I kept thinking about what agents actually need to operate in the real world and eventually landed on the same answer as every spy movie ever: basically, a passport suitable for the mission and clever drop-off locations. So I built STACK. True story.
- The passport: a signed JWT (EdDSA) that proves which agent is acting, who authorized it, and what it's allowed to do. Works offline - any service can verify it without calling STACK. Agents can delegate to sub-agents but the scope ever only narrows. Max 4 hops.
- The drop-off: is an encrypted handoff between agents. Agent A drops off a package with a JSON schema contract, encryption at rest, and a TTL. Agent B collects it, the custody transfers, and the payload gets deleted. Neither agent needs to trust the other. Just like in the movies!
All credentials are KMS-encrypted. In proxy mode they are injected at the network boundary so the agents can make API calls through STACK without ever seeing the raw key.
To try it, sign up at https://getstack.run, grab your API key, and connect:
claude mcp add stack --transport http https://mcp.getstack.run/mcp --header "Authorization: Bearer YOUR_API_KEY"
I want to provide a generous free tier and I hope people get value out of it.
Keycard ($38M, a16z) does scoped agent credentials, Descope ($88M) does auth flows, Composio ($29M) does tool integrations. I'm a solo founder in Stockholm without funding, but I'm betting the full control plane is where the market is heading. I may be naive about that, but that's the bet. I like betting. Docs at https://getstack.run/docs.