About
Agents need infrastructure,
not more tools.
Agent frameworks give you the runtime to build agents. But the layer underneath — credential management, cryptographic identity, audit trails, a kill switch — that infrastructure doesn't exist yet. We're building it.
The problem space
Real failure modes, not theoretical ones.
These are the agent failure modes we see teams running into today.
Prompt injection leading to credential exfiltration. An agent with a raw Stripe key in its environment gets manipulated into leaking it. With STACK, the agent never had the key — it proxied through STACK, so there's nothing to exfiltrate.
Rogue agents with no kill switch. An agent starts behaving unexpectedly at 2 AM. Without centralized identity, you're grepping through config files hoping you find every key it had access to. With STACK, one API call kills its passport in 60 seconds, globally.
No forensics after an incident. Something went wrong, but there's no log of what the agent accessed, when, or on whose authority. STACK's audit trail is hash-chained and append-only — you get full forensics, and you can prove the log hasn't been tampered with.
Agents that can't prove who they are. An agent calls an external service. The service has no way to verify who authorized it, what scope it has, or whether that authorization is still valid. STACK passports solve this with offline-verifiable, cryptographically signed identity.
Design principles
Design decisions.
Hard gates, not suggestions
Schema validation rejects non-conforming data at the boundary. Audit logging is always on — there's no flag to disable it. Revocation kills the passport, it doesn't send an advisory. We made these decisions at the infrastructure level so individual applications don't have to.
Zero trust between agents
Handoffs are schema-validated and encrypted. Skills can run in sealed sandboxes where neither party sees the other's data. Passports are verified cryptographically by the receiving service, not by calling back to STACK. The default assumption is that the other side could be compromised.
Proxy over share
When possible, the agent shouldn't hold the credential at all. In proxy mode, STACK makes the outbound request and injects the auth header — the agent gets the response without ever seeing the key. That makes revocation instant, because there's nothing to chase down on the agent side.
Cryptographic verification, not callbacks
Any service can verify a STACK passport offline using the public key. No network call to STACK, no dependency on STACK being up, no added latency. The passport carries its own proof.
Framework-agnostic
STACK doesn't dictate how you build agents. It provides the layer underneath — credential management, identity, audit, commerce, and a sealed execution runtime for skills. Use any framework, any language, any model. STACK handles the infrastructure concerns so your agents can focus on their actual job.
Positioning
Where STACK fits.
Framework-agnostic
Use LangChain, CrewAI, Claude, AutoGPT — STACK provides the infrastructure layer underneath.
MCP-native
The primary interface is MCP and the REST API. The dashboard is for management and oversight.
Integrated payments
STACK is the merchant of record: one USD wallet for buyers, direct payouts to publishers via Stripe Connect.
Built in Stockholm · Servers in the EU · Designed for teams shipping agents to production