Modei
PricingDocsBlog

Documentation

Theme
Log inSign up

No-Code Setup Guide

Understand what Modei does, why it matters, and how to get running, step by step.

··

What Modei Does

Modei gives your AI agents a verifiable identity and enforceable rules, so every action is authenticated, bounded, and auditable.

Think of it like a driver's license and an insurance policy combined. The passport is the license, it proves who the agent is and what it's allowed to do. The gate is the checkpoint, it checks the license before granting access, and enforces the policy (speed limits, spending caps, allowed routes) in real time.

Passport

A cryptographic credential that proves who an agent is and what it's authorized to do. Think of it as the agent's ID.

Gate

A checkpoint that verifies passports and enforces rules before granting access to a resource. Nothing gets through without passing the gate.

Attestation

A tamper-proof record of every access decision, who asked, what was allowed or denied, and when. Your audit trail.

Without a trust layer, your AI agent operates without accountability. With Modei, every action is verified, logged, and governed by rules you set.

Why This Matters

AI agents are taking real actions, booking travel, sending emails, making purchases, calling APIs. Every one of those actions carries risk: overspending, accessing the wrong data, or operating beyond what was intended.

The core question is straightforward: can you prove your agent stayed within bounds?

Without a trust layer, the answer is no. Modei provides that proof automatically, cryptographic identity, real-time policy enforcement, and a tamper-proof record of every decision.

Key terms

TermWhat it means
IssuerYour organization's signing identity, the root of trust that authorizes agents
PassportAn agent's cryptographic credential, proves identity and authorized permissions
Private KeyThe secret that makes signatures valid, save it immediately, never share it
GateA security checkpoint that verifies passports and enforces rules before granting access
GuardrailA policy rule enforced at a gate: spend caps, rate limits, domain restrictions, etc.
AttestationA signed, tamper-proof record of every access decision, your audit trail
Trust TierThe verification level: L1 (Baseline), L2 (Trusted), L3 (Verified)
TemplateA pre-built set of guardrail rules for common agent types (30 available)

How setup works

The entire setup takes about 10 minutes and can be done entirely through the dashboard.

Just need spend caps or rate limits? You can skip Step 4 (Gate setup) entirely. Issue a passport with guardrails built in and call POST /api/enforce before each action, no gate required. Learn about passport-only enforcement →

1

Create your account

Sign up at modei.ai. Email and password, you'll land on the dashboard.

2

Create an Issuer

Your signing identity. Name it after your team or project. You typically only need one.

3

Issue a Passport

Create a credential for your agent. Set permissions, constraints, and an expiry date.

4

Set up a Gate

Create a checkpoint for your resource. Configure guardrails (spend caps, rate limits, domain rules) or pick a template.

5

Connect & Test

Connect via MCP, SDK, or system prompt. Verify the passport, check your attestation log.

Full step-by-step walkthrough →

Common Questions

How do I connect a passport to Claude or another AI assistant?

Most AI assistants don't have built-in passport support yet. Three integration patterns:

  • MCP Integration (Recommended): Connect Modei's MCP server to Claude Desktop or any MCP-compatible client. Full cryptographic verification, no custom code.
  • SDK Wrapper: For production agents, use the Python or TypeScript SDK to handle passport presentation and signature verification in your agent's runtime.
  • System Prompt: For quick testing, add your agent's ID to the system prompt. This associates identity with the session but doesn't provide cryptographic verification.

What happens if a private key is lost?

Private keys are generated on your device and never stored on Modei's servers. If lost, the passport can't be recovered. Recovery steps:

  1. Go to Dashboard → Passports
  2. Find the affected passport and click Revoke (invalidates immediately)
  3. Issue a new passport for the same agent
  4. Update your agent configuration with the new credentials

Best practice: save private keys to a password manager or secrets vault immediately at issuance. They cannot be recovered later.

What's the difference between a Passport and a Gate?

PassportGate
PurposeProves agent identity and authorized permissionsVerifies passports and enforces policies at a resource
Who holds itThe AI agentThe API, service, or tool being protected
Can work alone?Yes, passport-only enforcement via the enforcement layerYes, gates accept any valid passport

Agents carry passports. Resources are protected by gates. They work together, but each can also work independently.

What is an attestation?

An attestation is a cryptographically signed record of an access decision. Every time an agent presents its passport, at a gate or via the enforcement layer, the outcome is recorded: who requested access, what they requested, the decision (allow, block, or request_hold), and the exact timestamp.

Attestations are your audit trail:

  • Trace any incident back to the exact decision point
  • Prove what your agent did and didn't do
  • Meet compliance requirements with exportable, verifiable records

Which trust tier should I start with?

  • L1 (Baseline): Self-issued passports, no managed account needed. Use for testing, personal automation, and internal tools.
  • L2 (Trusted): Managed issuers, strict replay protection, revocation checked on every request. Use for production deployments and team agents.
  • L3 (Verified), Coming Soon: Proof-of-Possession required, real-time CRL checks. Planned for regulated environments, finance, healthcare, legal.

Start with L1 to get familiar. Upgrade to L2 when moving to production. L3 will land for high-stakes environments.

One passport per agent, or per project?

Issue one passport per agent (or per agent role). Three agents, an email assistant, a research bot, and a scheduler, each get their own passport with distinct permissions.

You can reuse the same issuer and gates across all of them. Orchestrator agents can also issue short-lived passports for sub-agents with reduced permissions.

Ready to Get Started?

Go to Dashboard →Developer Quickstart

Don't have an account yet? Create one free →

OverviewQuickstart