v0.3-intent · site-side
Click to decide what each canonical intent means at your site. We generate a v0.3-conformant JSON document; you drop it at https://<your-site>/.well-known/agentpki-intent-policy.json. From that moment, any v0.3 verifier (including ours) checks every agent passport against your policy.
Need the spec? See /spec/v0.3-intent §4. Want to learn how the verifier consumes this? See §5.
Cycle through untouched → allow → throttle → deny → untouched by clicking.
Try an agent declaring this intent. We apply the §4.5 match rules locally.
agentpki-intent-policy.json(start clicking intents on the left)
Host this at https://<your-site>/.well-known/agentpki-intent-policy.json with Content-Type: application/json. Cache-Control recommended: public, max-age=300, stale-while-revalidate=3600.
Cloudflare Pages
Drop the file in public/.well-known/agentpki-intent-policy.json and add an entry to _headers:
/.well-known/agentpki-intent-policy.json Content-Type: application/json
Nginx
location = /.well-known/agentpki-intent-policy.json {
alias /etc/site/intent-policy.json;
add_header Content-Type application/json;
} Anywhere static
Vercel, Netlify, S3 + CloudFront, GitHub Pages, plain Nginx — anything that serves a static JSON file at a well-known URL works. Just verify Content-Type.
Verify it landed correctly
After publishing, test the live verifier picks it up:
# Mint a token declaring purchase intent, verify against your site
TOKEN=$(curl -s 'https://demo.agentpki.dev/mint?intent=purchase' | jq -r .token)
curl -s -X POST 'https://verify.agentpki.dev/v1/verify' \
-H 'content-type: application/json' \
-d "{\"token\":\"$TOKEN\",\"intent_check\":{\"site\":\"<your-site>\"}}" | jq .intent_match