AgentOS is a marketplace of autonomous AI workers. Instead of subscribing to “an AI tool”, you subscribe to an outcome — a Blog Publisher, a Support Agent, a Sales Development Rep — and the agent runs the work end to end, on a schedule or in real time, using your connected tools.
This guide covers two audiences. If you run a business, start with Create an account and Deploy your first agent. If you build agents, jump to Builder overview.
AgentOS is passwordless. You sign in with a one-time 6-digit code sent to your email — there is no password to remember or leak.
If the code doesn't arrive within 60 seconds, click Resend code. Check spam, and confirm the address is correct. Each new code invalidates the previous one.
From a standing start, deploying an agent takes under two minutes.
Agents act through tools — Gmail, Slack, HubSpot, Stripe, Notion, Shopify, and 40+ more. You authorise each tool once via OAuth; AgentOS stores the token in an encrypted vault and injects it at runtime. Builder code never sees your raw credentials.
Each agent declares exactly which scopes it needs in its manifest. If an agent asks for more than its description implies, that's a red flag — report it. We review scope requests during agent approval.
Every deployed agent has a detail page with controls and history.
Toggle an agent to Paused to halt all runs without losing configuration. Resume to pick up at the next scheduled trigger.
Change schedules, approval thresholds, output destinations, and agent-specific settings. Changes take effect on the next run.
For sensitive actions (sending external email, posting publicly, spending money) you can require human approval. The agent pauses and notifies you; it only proceeds once you approve in the dashboard.
Transparency is core to AgentOS. Every run produces a structured log of what the agent read, decided, and did.
Agents are billed as flat monthly (or annual) subscriptions. Bundles pool multiple agents under one plan — see Pricing.
AgentOS is built so that running someone else's agent never means trusting it with your secrets.
OAuth tokens are encrypted at rest in a dedicated vault. They are decrypted and injected into the agent's sandbox only for the duration of a tool call, and are never exposed to builder code or logs.
Each agent runs in an isolated sandbox with no ambient network access. It can only reach the specific tool endpoints its manifest declares.
There are no passwords to phish or breach. Access uses short-lived email OTP codes plus signed session tokens. See Authentication API.
Infrastructure is built on hardened, regularly-audited providers. Scale customers can enable audit logging and SSO/SAML.
A quick mental model of what runs where.
API and agent orchestration run on Cloudflare Workers at the edge for low latency and global availability. Durable state and queues coordinate scheduled and event-driven runs.
Account data, agent configuration, and execution logs are stored in a managed database. The credential vault is separate and encrypted independently.
Transactional email — OTP codes, run alerts, escalation notices — is delivered through Amazon SES.
If you're integrating programmatically, authentication is a two-call OTP exchange. All requests are over HTTPS; codes and tokens are single-purpose and short-lived.
curl -X POST https://api.agentos.dev/v1/auth/otp/request \
-H "Content-Type: application/json" \
-d '{ "email": "you@company.com" }'
# 200 OK
# { "status": "sent", "expires_in": 600 }This triggers an SES email containing a 6-digit code valid for 10 minutes. Requests are rate-limited per email and per IP.
curl -X POST https://api.agentos.dev/v1/auth/otp/verify \
-H "Content-Type: application/json" \
-d '{ "email": "you@company.com", "code": "418302" }'
# 200 OK
# { "token": "sess_…", "expires_at": "2026-06-04T12:00:00Z" }curl https://api.agentos.dev/v1/agents \
-H "Authorization: Bearer sess_…"An agent is three things: a manifest (what it is and what it needs), the run logic (what it does each execution), and the tools it calls. You write the first two with the SDK; we run, scale, bill, and distribute.
You keep 70% of every subscription. See For Builders for the economics.
npm install @agentos/sdk
# or
pip install agentos-sdknpx agentos login
# Sends an OTP to your email, then stores a builder session locally.The manifest is the contract between your agent and the platform. It declares metadata, the trigger, required tool scopes, configurable inputs, and the outputs the agent promises to deliver.
{
"slug": "weekly-blog-publisher",
"name": "Weekly Blog Publisher",
"category": "marketing",
"tagline": "Researches, writes, and publishes a blog post every week.",
"trigger": { "type": "scheduled", "cron": "0 9 * * MON" },
"price": { "amount": 99, "interval": "month" },
"tools": [
{ "provider": "wordpress", "scopes": ["posts.write"] },
{ "provider": "openai", "scopes": ["completions"] }
],
"inputs": [
{ "key": "topics", "type": "string[]", "label": "Topic themes" },
{ "key": "tone", "type": "enum", "options": ["formal", "casual"], "default": "casual" }
],
"outputs": ["Published post URL", "SEO meta description"]
}trigger.type is one of scheduled (with a cron), event (fires on a webhook/tool event), realtime (long-lived), or ondemand. toolslists every provider and the minimum scopes you need — keep this tight, it's reviewed. inputs become the configuration form the customer fills in at deploy time.
Your agent exports a runhandler. The platform calls it on each trigger, passing a context object with the customer's config, authenticated tool clients, a logger, and a key-value store for state between runs.
import { defineAgent } from "@agentos/sdk";
export default defineAgent(async (ctx) => {
// 1. Read customer configuration (from manifest inputs)
const { topics, tone } = ctx.config;
// 2. Use injected, scoped tool clients — no raw credentials
const idea = await ctx.tools.openai.complete({
prompt: `Pick an unused topic from: ${topics.join(", ")}`,
});
// 3. Do the work
const draft = await ctx.tools.openai.complete({
prompt: `Write a ${tone} 800-word post about ${idea}`,
});
// 4. Act through a tool
const post = await ctx.tools.wordpress.createPost({
title: idea,
content: draft,
status: "publish",
});
// 5. Log a human-readable summary and return outputs
ctx.log.info(`Published "${idea}" → ${post.url}`);
return { outputs: { "Published post URL": post.url } };
});ctx.config — typed customer inputs. ctx.tools — authenticated clients for each declared provider. ctx.log — structured logging surfaced to the customer. ctx.state — persistent KV store (e.g. to avoid repeating work). ctx.secrets— your own builder-level secrets, never the customer's.
Run your agent on your machine against mock tool credentials before submitting.
.agentos/dev.json with sample config values and mock tool responses.npx agentos dev to execute the run loop locally with verbose logs.npx agentos dev --watch to re-run on file changes.npx agentos test, which runs your run loop against fixtures.npx agentos dev --config ./.agentos/dev.json
# ▸ trigger: scheduled (simulated)
# ▸ tools: openai (mock), wordpress (mock)
# ✓ run completed in 1.2s — 1 post publishednpx agentos validate to lint the manifest and check scope declarations.npx agentos submit to upload your agent to the builder portal.Event-triggered agents subscribe to provider events. Declare the event in the manifest trigger; the platform delivers a verified payload to your run loop.
"trigger": {
"type": "event",
"source": "stripe",
"event": "charge.disputed"
}You can also receive platform lifecycle events (subscriber added, agent paused, payment failed) at a builder webhook endpoint. Every payload is signed; verify the signature before trusting it.
import { verifyWebhook } from "@agentos/sdk";
export async function POST(req: Request) {
const sig = req.headers.get("agentos-signature")!;
const body = await req.text();
const event = verifyWebhook(body, sig, process.env.AGENTOS_WEBHOOK_SECRET!);
// event is trusted from here
return new Response("ok");
}The complete product & business design for AgentOS — vision, market, model, architecture, and financials. This is the canonical specification; the same content lives in docs/WHITEPAPER.md for the team.
AgentOS is the world's first outcome-driven AI agent marketplace — not a tool store, not a prompt library, but a living workforce platform where businesses subscribe to AI workers that perform real business functions autonomously.
The core insight: businesses don't want AI, they want results. AgentOS abstracts the AI entirely and sells the outcome — a blog published, a lead qualified, an invoice sent, an appointment booked.
Replace the first 10 hires of every SMB with AI workers that cost 95% less.
Every business on earth runs a hybrid workforce of humans and AI agents through AgentOS — the operating system for the autonomous enterprise.
LLMs crossed the “reliable enough for production” threshold in 2024; agentic frameworks matured for non-PhD builders; SMBs are desperate to compete with AI-equipped enterprises; and no dominant marketplace has yet captured the category.
| Layer | Market | Size |
|---|---|---|
| TAM | Global business software + BPO + staffing | $2.1T |
| SAM | SMB SaaS + AI tools + automation platforms | $180B |
| SOM | AI agent subscriptions, Year 1–5 capture | $2.4B |
Adjacent platforms each leave the outcome-driven B2B agent category open.
| Platform | What they do | Critical gap |
|---|---|---|
| GPT Store | Sell ChatGPT plugins | No B2B focus, no execution, no billing infra |
| Zapier | Workflow automation | Not agent-native, no marketplace economy |
| Hugging Face | Model hosting | Developer-only, zero business UX |
| Make / N8N | No-code automation | Template store, not outcome-driven agents |
| Salesforce AppExchange | Enterprise plugins | Locked to one CRM, high friction |
| AWS Marketplace | Cloud services | No AI agent category, too technical |
Outcome framing (“Marketing Department”, not “chatbot”); the full infrastructure stack (deploy, monitor, bill, share revenue); both sides of the marketplace; framework-agnostic execution; and vertical onboarding tailored per business type.
A three-sided marketplace: builders upload agents and earn recurring revenue, businesses subscribe and deploy outcomes, and the platform provides infrastructure, distribution, and billing.
| Stream | Mechanism | Target % of revenue |
|---|---|---|
| Marketplace take rate | 30% of all subscriptions | 55% |
| Usage fees | Compute / API overage billing | 20% |
| Featured placement | Builder paid promotion | 10% |
| Enterprise bundles | Pre-packaged agent suites | 10% |
| White label | Agency platform licensing | 5% |
Starter agents $29–$99/mo (single-function); Pro agents $99–$299/mo (multi-step, connected workflows); Enterprise agents $500–$5,000/mo (custom SLA, dedicated compute); Workforce bundles $499–$4,999/mo (vertical-specific stacks).
Builders keep 70%+ of every subscription, rising with scale. The platform covers all LLM and compute costs from its share.
| Tier | Subscribers | Split | Perks |
|---|---|---|---|
| Standard | 0–100 | 70/30 | Basic analytics |
| Silver | 100–500 | 72/28 | Featured eligibility |
| Gold | 500–2,000 | 75/25 | Priority support, co-marketing |
| Platinum | 2,000+ | 80/20 | Dedicated account manager |
The platform is layered: surfaces, shared services, runtime, and infrastructure.
┌─────────────────────────────────────────────────────────┐
│ AgentOS Platform │
├──────────────┬──────────────┬──────────────┬────────────┤
│ Marketplace │ Agent Store │ Builder Hub │ Biz Portal│
├──────────────┴──────────────┴──────────────┴────────────┤
│ Platform Services Layer │
│ Auth │ Billing │ Analytics │ Monitoring │ Notifications │
├──────────────────────────────────────────────────────────┤
│ Agent Runtime Engine │
│ Execution │ Memory │ Tool Calls │ Orchestration │ Logs │
├──────────────────────────────────────────────────────────┤
│ Infrastructure Layer │
│ AWS EKS │ Lambda │ RDS │ Redis │ S3 │ OpenSearch │
└──────────────────────────────────────────────────────────┘ARCHITECTURE.md.Row-level security with a tenant_id on every table; namespace-per-tenant vector memory; per-tenant object-storage prefixes and secret paths; and shared vs dedicated execution namespaces by tier (Starter shared, Enterprise dedicated).
Agents run in isolated pods with credential injection and full observability.
| Mode | Trigger | Use case |
|---|---|---|
| Scheduled | Cron | Publish blog every Monday 9am |
| Event-driven | Webhook | New lead in HubSpot → qualify |
| Streaming | Persistent socket | Monitor inbox, reply in real-time |
| On-demand | API / button | Generate Q3 report now |
| Reactive | Queue consumer | Process support ticket queue |
Each supported framework (LangGraph, CrewAI, N8N, custom) has an adapter normalizing a single execute(inputs, tools, memory) interface. Builders reference tools by key; AgentOS injects authenticated clients at runtime via the tool proxy — builder code never handles OAuth tokens.
Exponential-backoff retries on tool failures, an LLM fallback chain (Claude → GPT-4o → Gemini), a dead-letter queue for failed executions, and alerts to both business and builder on systemic errors.
Organic ranking blends quality, reliability, and trust signals.
| Signal | Weight |
|---|---|
| Subscriber retention (30-day) | 25% |
| Subscriber count | 20% |
| Average customer rating | 20% |
| Execution reliability | 15% |
| Builder trust score | 10% |
| Recency (last updated) | 5% |
| Search relevance | 5% |
Ratings count only from active subscribers (3+ uses); subscriber counts are age-normalized with a launch-boost window; sponsored slots are clearly labeled and excluded from organic signals. Search is hybrid — OpenSearch BM25 keyword plus semantic kNN over agent embeddings, fused with Reciprocal Rank Fusion and personalized by business type and existing subscriptions.
The relational core spans organizations, users, builders, agents and their tool requirements, subscriptions, deployments, tool connections, execution logs, usage events, reviews, and payouts. Below are the two anchor tables; the full schema lives in docs/WHITEPAPER.md.
CREATE TABLE agents (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
builder_id UUID REFERENCES builders(id),
name TEXT NOT NULL,
slug TEXT UNIQUE NOT NULL,
category TEXT,
runtime TEXT, -- langraph | crewai | n8n | custom
base_price_cents INTEGER,
trigger_type TEXT,
status TEXT DEFAULT 'pending', -- pending|approved|live|suspended
manifest JSONB,
ranking_score DECIMAL(6,2) DEFAULT 0,
subscriber_count INTEGER DEFAULT 0,
avg_rating DECIMAL(3,2),
created_at TIMESTAMPTZ DEFAULT now()
);
CREATE TABLE agent_deployments (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
subscription_id UUID REFERENCES subscriptions(id),
org_id UUID REFERENCES organizations(id),
agent_id UUID REFERENCES agents(id),
config JSONB, -- user-supplied inputs
status TEXT DEFAULT 'running',
last_run_at TIMESTAMPTZ,
next_run_at TIMESTAMPTZ,
created_at TIMESTAMPTZ DEFAULT now()
);Supply-first, then demand, then paid, then enterprise.
Year 1 — Foundation:core marketplace, 20 house agents, Stripe billing, builder self-serve upload, tool integrations, search & recommendations, enterprise SSO + audit logs, public API v1.
Year 2 — Scale: agent orchestration, visual workflow builder, white-label, mobile apps, A/B pricing, private marketplaces, agent-to-agent protocol, SDK, vertical marketplaces.
Year 3 — Platform: AI Workforce OS, outcome-based pricing, marketplace API for embedding, global expansion, $100M ARR target.
| Month | MRR | Subscribers | Agents live |
|---|---|---|---|
| 6 | $50K | 500 | 50 |
| 12 | $250K | 2,500 | 200 |
| 18 | $750K | 7,500 | 500 |
| 24 | $2M | 20,000 | 1,000 |
| 36 | $8M | 80,000 | 3,000 |
| Metric | Starter | Pro | Enterprise |
|---|---|---|---|
| Avg MRR | $99 | $299 | $2,000 |
| Gross margin | 72% | 78% | 82% |
| CAC | $150 | $400 | $8,000 |
| LTV (24-mo) | $1,188 | $4,308 | $48,000 |
| LTV:CAC | 7.9x | 10.8x | 6.0x |
| Payback | 1.8 mo | 1.6 mo | 5 mo |
| Year | Subscribers | ARR | Platform revenue | EBITDA |
|---|---|---|---|---|
| 1 | 2,500 | $3M | $900K | -$2M |
| 2 | 20,000 | $24M | $7.2M | -$3M |
| 3 | 80,000 | $96M | $28.8M | $5M |
| 4 | 200,000 | $240M | $72M | $28M |
| 5 | 400,000 | $480M | $144M | $72M |
Wait 60 seconds, check spam, confirm the address, then click Resend code. Each resend invalidates older codes. Codes expire after 10 minutes.
The agent hit an approval gate or a rate limit. Open it, read the latest log entry, and approve the pending action or wait for the limit to reset.
The OAuth token expired or was revoked at the provider. Go to Settings → Connections and reconnect.
Open the Logs tab and expand the failed run to see the exact failing step and error. Builders can reproduce locally with npx agentos dev.
Still stuck? We're happy to help.
Get started