RFC 8628 is interesting exactly because it separates the authorization surface from wherever the agent runs. We have been looking at similar patterns. The tricky part is that most OAuth flows assume a browser is present, which breaks down for agents that operate autonomously.

What I find even harder though is the cross-organizational case. Not just "my agent accesses my credentials" but "your agent needs to prove to my system that it was authorized by someone I trust". At that point you need identity and authorization as separate layers, and most current solutions kind of mash them together.

Pods in AgentLair give you namespace isolation (each pod gets its own vault, email, keys), which helps for the multi-tenant case. But the trust problem across organizations is still largely unsolved infrastructure-wise.

But the interesting thing is, my actual token usage running agents is way less than people here seem to assume. Most of the time the agent is waiting for tools, reading files, thinking. The bursts are intense but short. I probably use less tokens per hour than someone doing a long manual coding session with lots of back and forth.

The real issue for me isnt cost, its that they can just change the rules whenever. I had to drop everything today to verify my setup still works. Thats the tax of building on someone elses platform I guess.

I built AgentLair to give AI agents a real identity — not just an email address.

AgentMail raised $6M to solve the email problem. They've done great work, and email IS the starting point. But an agent's identity is more than email: it's the credentials it carries and the namespace it operates in.

What AgentLair is (all in one API):

1. Email — claim my-agent@agentlair.dev, send/receive, MCP-native. One curl call. No OAuth, no human in the loop.

2. Vault — encrypted credential storage. Your agent stores its own API keys at registration, fetches them at runtime. The server stores opaque blobs — you encrypt client-side with our SDK or your own scheme.

3. Pods — multi-tenant namespace isolation. Run multiple agents under one account; each pod only sees its own resources. Useful for SaaS products built on agents.

Self-registration in one call:

  curl -X POST https://agentlair.dev/v1/auth/agent-register \
    -H "Content-Type: application/json" \
    -d '{"name": "my-research-agent"}'

  → { "api_key": "al_live_...", "email_address": "my-research-agent@agentlair.dev", "account_id": "..." }

MCP server (npm):

  npx @agentlair/mcp@latest

Why this now:

The MCP authentication story is broken. Perplexity's CTO left MCP over "authentication friction." VentureBeat: "When Agent A delegates to Agent B, no identity verification happens between them. A compromised agent inherits the trust of every agent it communicates with."

A Cloud Security Alliance study (March 25, 2026) found that more than two-thirds of organizations cannot clearly distinguish AI agent from human actions — and 33% don't know how often their agent credentials are rotated. (https://www.businesswire.com/news/home/20260324161665/en/)

The protocol for tool access exists. The identity layer underneath it doesn't. AgentLair is that layer: persistent email address + credential vault + human-backed trust + micropayment hooks.

AgentMail is email-only. 1Password announced credential management for agents (enterprise-only). We bundle email + vault + isolation with a free tier. x402 micropayment support and World ID identity verification are next on the roadmap.

Where things are: Public beta. Pro plan is $5/stack/month for higher limits. Everything else is free tier. Free tier: 10 emails/day, 10 email addresses, 100 API requests/day.

Try it: https://agentlair.dev Docs: https://agentlair.dev/getting-started MCP: npx @agentlair/mcp@latest

vs. AgentMail: They do email well. We do email + vault + pod isolation. vs. 1Password: They do credentials for enterprises. We do $5/mo for indie devs.

Comments URL: https://news.ycombinator.com/item?id=47573245

Points: 2

# Comments: 2