HN Showcase
Back to browse
Stack – the control plane for AI agents

Stack – the control plane for AI agents

by tiel88·Apr 16, 2026·2 points·0 comments
Visit ProjectView on HN

AI Analysis

●●●BangerBig BrainBold Bet

JWT passports with 4-hop delegation chains and 60-second revocation for agent identity.

Strengths
  • Offline JWT verification means services validate without calling STACK
  • Credential proxy mode injects auth at boundary, agents never see raw keys
  • Skills marketplace with sealed execution sandbox for agent-to-agent commerce
Weaknesses
  • Early stage, depends on broader agent ecosystem adoption
  • Enterprise security space is well-funded with established competitors
Category
Security
Target Audience

Teams deploying AI agents with API access and credentials

Similar To

Twingate · Zscaler · HashiCorp Vault

Post Description

Dear diary, this is my story: I'd been sharing MCP configs with other devs at work a lot - templates in shared repos, credentials in Bitwarden, everyone cowboying their own env vars. That's a lot of manual wiring and lack of any real control, so there was already a problem statement forming in my mind. Then three weeks ago I was putting my kids to sleep and reading about Jensen Huang saying every company will run 100 agents per employee, and the math started mathing.

That evening I kept thinking about what agents actually need to operate in the real world and eventually landed on the same answer as every spy movie ever: basically, a passport suitable for the mission and clever drop-off locations. So I built STACK. True story.

- The passport: a signed JWT (EdDSA) that proves which agent is acting, who authorized it, and what it's allowed to do. Works offline - any service can verify it without calling STACK. Agents can delegate to sub-agents but the scope ever only narrows. Max 4 hops.

- The drop-off: is an encrypted handoff between agents. Agent A drops off a package with a JSON schema contract, encryption at rest, and a TTL. Agent B collects it, the custody transfers, and the payload gets deleted. Neither agent needs to trust the other. Just like in the movies!

All credentials are KMS-encrypted. In proxy mode they are injected at the network boundary so the agents can make API calls through STACK without ever seeing the raw key.

To try it, sign up at https://getstack.run, grab your API key, and connect:

claude mcp add stack --transport http https://mcp.getstack.run/mcp --header "Authorization: Bearer YOUR_API_KEY"

I want to provide a generous free tier and I hope people get value out of it.

Keycard ($38M, a16z) does scoped agent credentials, Descope ($88M) does auth flows, Composio ($29M) does tool integrations. I'm a solo founder in Stockholm without funding, but I'm betting the full control plane is where the market is heading. I may be naive about that, but that's the bet. I like betting. Docs at https://getstack.run/docs.

Similar Projects