v0.3-intent · site-side
Click to decide what each canonical intent means at your site. We generate a v0.3-conformant JSON document; you drop it at https://<your-site>/.well-known/agentpki-intent-policy.json. From that moment, any v0.3 verifier (including ours) checks every agent passport against your policy.
Need the spec? See /spec/v0.3-intent §4. Want to learn how the verifier consumes this? See §5.
Bot mints a passport with an intent claim → request reaches your site →
verifier matches intent against your policy → decision + audit-log entry. Click Play.
marketplace.example. The marketplace also gets thousands of scalper bots trying the same thing. AgentPKI Intent is how the honest shopping bot gets through and the scalpers don't.
Why this matters
Today — heuristic bot defense only
With AgentPKI Intent
purchasescrape-bulk or refusing to identify get denied cryptographicallyCycle through untouched → allow → throttle → deny → untouched by clicking.
Try an agent declaring this intent. We apply the §4.5 match rules locally.
agentpki-intent-policy.json(start clicking intents on the left)
Host this at https://<your-site>/.well-known/agentpki-intent-policy.json with Content-Type: application/json. Cache-Control recommended: public, max-age=300, stale-while-revalidate=3600.
Cloudflare Pages
Drop the file in public/.well-known/agentpki-intent-policy.json and add an entry to _headers:
/.well-known/agentpki-intent-policy.json Content-Type: application/json
Nginx
location = /.well-known/agentpki-intent-policy.json {
alias /etc/site/intent-policy.json;
add_header Content-Type application/json;
} Anywhere static
Vercel, Netlify, S3 + CloudFront, GitHub Pages, plain Nginx — anything that serves a static JSON file at a well-known URL works. Just verify Content-Type.
Verify it landed correctly
After publishing, test the live verifier picks it up:
# Mint a token declaring purchase intent, verify against your site
TOKEN=$(curl -s 'https://demo.agentpki.dev/mint?intent=purchase' | jq -r .token)
curl -s -X POST 'https://verify.agentpki.dev/v1/verify' \
-H 'content-type: application/json' \
-d "{\"token\":\"$TOKEN\",\"intent_check\":{\"site\":\"<your-site>\"}}" | jq .intent_match