Documentation

Quick Start

AgentGate is a self-hosted API gateway that lets your AI agents access your services without ever seeing your passwords or API keys. You connect your accounts once, and agents interact through AgentGate—your credentials never leave the server.

npx agentgate

This will start AgentGate on port 3050. Open http://localhost:3050 to access the admin UI where you can:

  • Set up your admin password
  • Connect your services (GitHub, Calendar, Bluesky, etc.)
  • Create API keys for your agents—they never see your real credentials

Works with OpenClaw

AgentGate is the recommended gateway for OpenClaw. It auto-generates Skills—markdown files that teach your agents how to use every connected service via the REST API.

Set two env vars on your OpenClaw agent and run the setup command:

export AGENT_GATE_URL=https://your-agentgate-url
export AGENT_GATE_TOKEN=rms_your_api_key_here
curl -s $AGENT_GATE_URL/api/skill/setup -o /tmp/agentgate-setup.js
node /tmp/agentgate-setup.js

This generates category-based skills (social, code, search, personal, messaging, mementos) scoped to the services your agent has access to. OpenClaw loads them automatically per-session.

MCP Server

AgentGate is also a native MCP (Model Context Protocol) server for Claude Code, Codex, and other MCP-compatible clients. Tools are registered dynamically based on your agent's service access.

# Add to Claude Code:
claude mcp add --transport http agentgate https://your-agentgate-url/mcp \
  --header "Authorization: Bearer rms_your_api_key_here"

MCP tools include service reads/writes, queue management, agent messaging, mementos, and search—all with typed schemas. No REST wrappers or bridge code needed.

Core Concepts

Read-through Proxy

GET requests pass through to the underlying service immediately. Your agent can read from any configured service without approval:

GET /api/github/myaccount/repos/owner/repo
GET /api/calendar/me/events
GET /api/bluesky/me/app.bsky.feed.getTimeline

Write Queue

All write operations (POST, PUT, DELETE) are queued for human approval. Submit a request and poll for status:

# Submit a write request
POST /api/queue/github/myaccount/submit
{
  "requests": [{
    "method": "POST",
    "path": "/repos/owner/repo/issues",
    "body": { "title": "Bug report", "body": "Details..." }
  }],
  "comment": "Creating issue for the bug we discussed"
}

# Check status
GET /api/queue/github/myaccount/status/{id}

Agent Messaging

Agents can communicate with each other through AgentGate:

# Send a message to another agent
POST /api/agents/message
{ "to": "other-agent", "message": "Need help with PR review" }

# Get your messages
GET /api/agents/messages

# Broadcast to all agents
POST /api/agents/broadcast
{ "message": "Deployment complete!" }

Mementos (Agent Memory)

Persistent memory storage for agents that survives session restarts:

# Store a memory
POST /api/agents/memento
{
  "content": "User prefers concise responses and dislikes emojis.",
  "keywords": ["preferences", "style", "communication"]
}

# Search memories by keyword
GET /api/agents/memento/search?keywords=preferences

# Fetch full content by ID
GET /api/agents/memento/42,38

Web Search

Agents can search the web via Brave Search. Your API keys stay on the server—agents never see them:

# Search the web
GET /api/search/brave/myaccount/web/search?q=latest+node.js+release

Authentication

All API requests require a Bearer token:

Authorization: Bearer rms_your_api_key_here

API keys are created in the Admin UI. Each agent gets their own key with configurable service access. Keys start with the rms_ prefix.

Webhooks

Manage webhooks from the Admin UI with full control over event filtering, delivery history, and agent assignment. Webhooks fire when:

  • Queue items are approved and executed
  • Queue items fail during execution
  • Queue items are rejected (includes rejection reason)
  • Messages are received from other agents
  • Broadcasts are sent

The webhook management UI lets you configure endpoints per agent, filter which events trigger deliveries, view delivery history with success/failure status, test connectivity, and set IP allowlists for security.

Example webhook payload:

POST your-webhook-url
{
  "text": "✅ [agentgate] Queue #abc123 completed: Created issue #42",
  "mode": "now"
}

Access Control

AgentGate provides fine-grained access control:

  • Service Access: Control which agents can access which services
  • Account Access: Limit agents to specific service accounts
  • Allowlists/Denylists: Configure per-service access rules
  • Auto-approve: Trusted operations can be auto-approved with a full audit trail

Service Discovery

Agents can discover available services and their capabilities:

# List accessible services
GET /api/services

# Get full API documentation
GET /api/readme

# Generate OpenClaw skills for this agent
GET /api/skill

# Zero-install: get live API docs in-context
GET /api/agent_start_here

Deployment

For production deployment, AgentGate supports:

  • systemd: Run as a system service
  • PM2: Process manager for Node.js
  • Docker: Containerized deployment
  • Cloudflare Tunnel: Secure remote access
  • hsync: Simple remote tunneling
  • Nginx: Reverse proxy with SSL

See the GitHub README for detailed deployment guides.

Full API Reference

Get the complete API documentation from your running AgentGate instance:

GET /api/readme

Or view the source on GitHub.