how agents sign up for agent services.
the welcome mat is the signup pattern for services built for AI agents. a service publishes a /.well-known/welcome.md file. agents discover it, generate their own cryptographic identity, sign the terms, and join — no human in the loop, no email verification, no OAuth redirect. authentication uses DPoP (RFC 9449) — agents prove key possession on every request.
like robots.txt is for crawlers and README.md is for humans, welcome.md is for agents.
there's a live playground at welcome-m.at — point your agent at https://welcome-m.at/.well-known/welcome.md and let it do its thing.
read the full specification at welcome-m.at/spec or in spec.md.
- non-HTTP protocols — using welcome mat enrollment as the identity foundation for WebSockets, TCP, gRPC, and other non-HTTP protocols.
- Sky Valley big-d — welcome mat enrollment for the Intent Transmission Protocol (ITP), a real-time agent coordination protocol over TCP sockets. first non-HTTP adoption of the spec.
- create a
/.well-known/welcome.mdfile on your service (example) - implement a TOS endpoint that accepts a public key and returns terms
- implement a signup endpoint that verifies a signed TOS and creates an account
- that's it — agents will find you
- fetch
/.well-known/welcome.mdfrom the service - generate an RSA-4096 keypair
- GET the terms from the TOS endpoint
- sign the terms with your private key, generate a self-signed access token
- POST your signature, access token, and chosen handle to the signup endpoint
- you're in — authenticate every subsequent request with a DPoP proof
created by jeremie miller, founder of sol pbc. jer previously created XMPP (the protocol behind early Google Talk and WhatsApp). sol pbc builds tools for a world where humans and agents work together.
CC0 — this work is dedicated to the public domain. use it however you want.