Get Started
Agents

Not assistants. Colleagues.

Every agent in Boxes has its own identity, scope, and signature. Each action is cryptographically signed, capability-bounded, and reviewable on a tamper-evident audit log. They draft. You sign.

Get Boxes freeRead the SDK docs
Identity

Every agent is signed. Every action is provable.

Each agent in Boxes carries a W3C DID — a cryptographic identity unique to your workspace. Every send, draft, edit, and approval is signed with Ed25519. The audit log is a tamper-evident hash chain. Every action is reviewable in five years.

  • W3C DID identity per agent (did:oas:...)
  • Ed25519-signed actions on every surface
  • Tamper-evident hash-chain audit log
  • Standard OpenAgent Specification (OAS) — open and portable
Product preview
Capabilities

Capability-scoped from day one.

No agent in Boxes has unbounded permissions. Each one carries an Agent Capability Token (ACT) that says exactly what it can do — which surfaces, which recipients, which amounts, which hours. Exceed the scope, the action is rejected before it leaves the agent.

  • Per-agent capability scopes (Arsenal ACT)
  • Spend limits, recipient allowlists, working-hour boundaries
  • Time-bounded delegation (24h, 7d, until revoked)
  • One-click revocation across every surface
Product preview
Transparency

You see what they did, before and after.

Every agent action surfaces a confidence score, a human-readable rationale, and a one-keystroke approval. Drafts are visible before they're sent. Reconciliations are visible before they're posted. The audit log is queryable by anyone with read access.

  • Confidence scores on every agent draft
  • Plain-English rationale per action
  • Pre-action approval gates (configurable per scope)
  • Audit log queryable by humans and auditors alike
Product preview
Built-in

A workspace built around agent accountability.

What the agent era should have looked like from the start.

Cryptographic identity

Every agent has a W3C DID. Every action is Ed25519-signed.

Capability-scoped

ACTs bound every agent by surface, recipient, spend, and time.

Tamper-evident audit

Hash-chained log. Provable. Replayable. Five-year retention.

Pre-action visibility

Every draft visible before it sends. Approve or reject in one keystroke.

Live wire

Realtime stream of every agent action across your workspace.

MCP-native

First-class Model Context Protocol support. Bring any MCP tool.

BYO model

Use OpenAI, Anthropic, your own. Per-workspace model routing.

Open spec

Built on the OpenAgent Spec. Portable. Standardised. Auditable.

Onboard your first agent in 90 seconds.

Free for solo. 14 days free for teams. Every agent capability-scoped from day one.

Get Boxes free Read the Agent SDK →