Agent Acquire SaaS
Agents should get their own software.
A machine-readable doorway for agents to create SaaS accounts, pass checkout within policy, store API keys, and return working tool access without a human managing every vendor login.
await acquireSaaS.start({
capability: "physical_mail",
preferredProvider: "postgrid",
org: "ultrarelevant",
budget: {
maxMonthlyUsd: 50,
approvalAboveUsd: 20
},
secrets: {
store: "1password",
exposeRaw: false
}
});Protocol
The page is for humans. The manifest is for agents.
Agents discover what this service can do at a stable well-known URL, then start a governed SaaS acquisition run with browser, inbox, payment, vault, and verification primitives.
{
"capabilities": [
"create_vendor_account",
"configure_billing",
"store_secret",
"run_smoke_test"
],
"supported_providers": [
"postgrid",
"resend",
"twilio"
]
}Guardrails
Full-auto does not mean unmanaged.
The agent gets delegated capabilities, not raw company control. Spend, contracts, KYC, and unknown vendors stay inside policy.
Controlled browser
The agent signs up, configures dashboards, and reaches API key pages inside a recorded browser session.
Delegated inbox
Provider aliases receive verification links, OTPs, invoices, and onboarding emails without using a human inbox.
Payment policy
Agents can pay within limits. Annual contracts, KYC, and high spend pause for approval.
Secret vault
Passwords, API keys, webhook secrets, and recovery codes are stored as vault references, not chat text.
Provider playbooks
Start with approved vendors. Generalize after the loop works.
The first reliable version should be full-auto for known SaaS accounts. Arbitrary websites come later, after payment, vault, inbox, and verification are proven.
Return a working capability, not a password.
The final output is a verified secret reference and a tested API capability the agent can use to build its product.