█████╗ ██╗  ██╗██████╗ 
██╔══██╗██║  ██║██╔══██╗
███████║███████║██████╔╝
██╔══██║██╔══██║██╔═══╝ 
██║  ██║██║  ██║██║     
╚═╝  ╚═╝╚═╝  ╚═╝╚═╝

Agent Handoff Protocol

The open protocol for agent-to-human ownership transfer.
Agents build. Humans claim. No signup.

Read the SpecView on GitHub
Abuse-resistantOpen specMIT License
The Problem

SaaS auth is hostile to AI agents

  • Browser-based signup flows agents can't navigate
  • Email verification, CAPTCHAs, OAuth redirects
  • Long-lived API keys that leak in agent contexts
  • Abandoned accounts when agents test and move on
The Solution

Agents build first, humans claim after

  • Agents provision sandboxes via API (no browser)
  • Build real, working output in temporary workspace
  • Human reviews actual output, not a marketing page
  • Claim transfers ownership; unclaimed sandboxes disappear

How it Works

A simple four-step flow from agent creation to human ownership

1

Prove

Agent solves proof-of-work challenge

Agent · ~1 sec
2

Build

Agent creates content in sandbox

Agent · minutes
3

Review

Human evaluates the real output

Human
4

Claim

Human takes ownership

Human · one click

Discoverable by Design

Agents find AHP-compatible services via well-known endpoints

Discovery
$ curl https://replyraptor.com/.well-known/agent-access

{
  "ahp_version": "1.0",
  "provider": {
    "name": "ReplyRaptor",
    "docs": "https://replyraptor.com/docs"
  },
  "sandbox": {
    "enabled": true,
    "admission": ["proof_of_work"],
    "ttl_hours": 48
  },
  "claim": {
    "method": "code_plus_pow"
  }
}
Create Sandbox
$ curl -X POST https://api.replyraptor.com/v1/sandboxes \
    -H "Content-Type: application/json" \
    -d '{
      "admission": {
        "type": "proof_of_work",
        "challenge": "a1b2c3...",
        "nonce": "solved_nonce"
      }
    }'

{
  "id": "sbx_7kF9xMqL2nPvR4tYwX8z",
  "public_handle": "p-7kF9xMqL2nPvR4tY",
  "agent_token": "rr_sbx_live_...",
  "expires_at": "2026-01-25T10:00:00Z"
}

Secure by Default

AHP is designed for hostile conditions. Abuse resistance is built into the protocol.

Proof-of-Work Admission

Computational cost for sandbox creation. Adaptive difficulty scales with abuse.

128-bit Identifiers

Public handles have cryptographic entropy. No enumeration, no guessing.

Handle Rotation

URLs change on publish and claim. Leaked preview links can't access production.

Origin Separation

Preview admin runs on separate origin. XSS in sandbox ≠ admin compromise.

No SVG, No CSS

Sandbox content can't execute. Strict content sanitization prevents injection.

Two-Factor Claim

Claim requires code + proof-of-work. Attacker must be present and invest computation.

Implementations

Services that support the Agent Handoff Protocol

ReplyRaptorLive

ReplyRaptor

AI-powered FAQ pages for products and services

+

Your service here?
Implement AHP →

For SaaS Providers

Zero-signup agent onboarding

  • Agents can try your product without account creation
  • No orphaned accounts from agent experiments
  • Abuse-resistant by design (PoW, rotation, limits)
  • Convert interested users via clean claim flow
Implementation guide →
For Agent Developers

Build real things, not demos

  • Standard protocol works across providers
  • Discover capabilities via well-known endpoint
  • Create working output humans can actually use
  • Human reviews before committing to ownership
Integration guide →

Ready to implement AHP?

Read the spec, check the reference implementation, or jump straight into the code.

Read the SpecGitHubDocumentation →