agent-deepweb

curl-with-auth for AI agents

Language
Go
Version
0.6.0
License
MIT
Category
CLI Tool
View on GitHub

Authenticated HTTP for LLM agents. The user registers profiles (bearer tokens, basic auth, cookies, form logins) under names; the agent invokes them by name and never sees the secret values. Structured JSON envelopes, response redaction, audited requests, and frozen-shape templates for the highest-safety flows.

Features

01

Profiles by name — LLM says --profile github, never sees the token

02

Five auth types — bearer, basic, cookie, custom header, form-login with cookie harvest

03

macOS Keychain + encrypted cookie jars — AES-256-GCM with per-profile keys

04

Request allowlists — per-profile host and path guards; redirects can't escape

05

Response redaction — headers, JSON fields, and literal-byte echoes masked in output

06

Templates — frozen request shapes authored by the human; LLM only fills parameters

07

Import sources — OpenAPI v3 / Swagger 2.0, GraphQL introspection, Postman, HAR, .http, curl

08

First-class JSON-RPC 2.0 verb alongside REST and GraphQL

09

Classified errors — every error includes fixable_by: agent|human|retry

10

Append-only audit log — every request written to ~/.config/agent-deepweb/audit.log

11

Passphrase-gated escalation — mutations and visibility toggles require a short friendly phrase

Install

Homebrew

>_ 
$ brew install shhac/tap/agent-deepweb

AI Agent Skill

>_ 
$ npx skills add shhac/agent-deepweb

GitHub Release (macOS)

>_ 
$ curl -L https://github.com/shhac/agent-deepweb/releases/latest/download/agent-deepweb-darwin-arm64.tar.gz | tar xz

Go Install

>_ 
$ go install github.com/shhac/agent-deepweb/cmd/agent-deepweb@latest

Build from Source

>_ 
$ git clone https://github.com/shhac/agent-deepweb.git && cd agent-deepweb && make build

Getting Started

The human registers profiles once; the LLM references them by name forever after. Secrets live in macOS Keychain when available, or in a mode-0600 file on Linux/Windows.

01 · Register a profile

>_ 
$ agent-deepweb profile add github --type bearer --token ghp_xxx --domain api.github.com

One-time setup by the human. The LLM never sees --token.

02 · Test it

>_ 
$ agent-deepweb profile test github

03 · Fetch as the agent

>_ 
$ agent-deepweb fetch https://api.github.com/user

Profile auto-resolves by host. Output is a structured JSON envelope with status, headers, and body.

Usage

>_ Authenticated GET 
$ agent-deepweb fetch https://api.github.com/user
>_ POST JSON with an explicit profile 
$ agent-deepweb fetch https://api.example.com/v1/items --method POST --json '{"name":"x"}' --profile myapi
>_ GraphQL query 
$ agent-deepweb graphql https://api.github.com/graphql --profile github --query 'query { viewer { login } }'
>_ JSON-RPC call 
$ agent-deepweb jsonrpc https://node.example/rpc --profile chain --method eth_blockNumber
>_ Import an OpenAPI spec into templates 
$ agent-deepweb template import-openapi ./api.json --prefix github --profile github
>_ Run a frozen template (highest safety) 
$ agent-deepweb template run github.get_user --param username=octocat
>_ Explicit anonymous fetch (no profile) 
$ agent-deepweb fetch https://example.com/healthz --profile none
>_ Tail the audit log 
$ agent-deepweb audit tail -n 20