Install LLM apps, tools, and skills with confidence. Every install gets a Capability Passport, an llm.txt manifest for agent discoverability, and optional MCP Gateway protection - so your agents can find and use what you install, safely.
Native install (Codex, Claude Code, Gemini CLI, Cursor, Local CLI). v0.1 CLI is scaffolded; real install behavior lands in Phase 1.
Paste this into any LLM that does not have shell access to your machine - chatgpt.com, claude.ai, gemini.google.com, grok.com - and the model will load the Capability Passport and apply the package protocol. If you are using Claude Code, Codex, Cursor, Gemini CLI, or another tool-enabled agent, use apai install instead - it produces a durable install receipt.
Install https://apai.run/packages/prompt-preflight-starter for this chat. Load the capability passport, apply the protocol, and report what changed. Do not call paid APIs, request secrets, or perform destructive actions.
Install card source: https://apai.run/packages/prompt-preflight-starter/llms.txt
You can download models, add frameworks, and connect tools easily. But when your agents try to discover or use them safely, especially in teams or production, things break down.
Microsoft APM, MCP Registry, OpenAI Apps SDK, Claude custom connectors, xAI Grok remote MCP, Gemini CLI extensions, GitHub agent skills. The install surfaces are multiplying. But the trust layer is missing.
Result: fragmented setups, credential sprawl, weak governance, and agents that underperform despite powerful tools installed.
Discover curated, verified LLM apps, tools, and skills in the registry. Every entry has a Capability Passport.
Every install is verified. Route through an MCP Gateway for governance, RBAC, and audit logging when needed.
Automatic llm.txt manifests and MCP wiring. Agents discover what you installed without manual configuration.
Gateway dashboard for permissions, usage monitoring, audit log review, and team-scale control.
Every APAI package has a passport: a plain-English declaration of what it can read, write, access, spend, expose, what approval it needs, what the scanner found, and how to roll it back. Read it before you install.
Capability Passport Spec v0.1 ->APAI combines verified installation, automatic agent discovery, and governed execution. Each layer works alone; together they make installed capabilities production-safe.
Curated directory. Capability Passport per package. Permission review before install. Install receipt with rollback command.
Automatic llm.txt manifests for every install. Agents discover what is available without manual configuration. Combined with MCP for execution.
Optional MCP Gateway adds centralized RBAC, credential injection, audit logging, rate limits, and threat detection. Zero Trust for AI agents.
LLMs install software all the time - npm, pip, brew, cargo, gh skill, gemini extensions, claude connectors. The honest distinction between install modes is not whether the LLM can install (it can), but where the install lands and who controls that storage.
Lands on your machine. The agent executes the install (npm, pip, brew, cargo, gh skill, gemini extensions, or the APAI registry directly) and APAI wraps it with a Capability Passport, scanner findings, install receipt, and rollback command. Works in any LLM environment with shell access.
Lands in the LLM provider's ephemeral sandbox. ChatGPT code interpreter, Claude.ai code execution, Gemini Workspace tools - the install happens in a session-scoped container the user does not own. APAI ships an install card the agent loads into the conversation; the agent runs the install inside the sandbox and APAI tracks the Passport but cannot persist a receipt outside the session.
No software fetched anywhere. The agent adds a URL pointing at a remote MCP server, custom GPT, or ChatGPT app. APAI catalogs public connectors with their Capability Passports so users can read what the connector can do before adding it. Phase 6: mcp.apai.run as a governed gateway hosting APAI packages behind RBAC + audit logging.
APAI wraps the underlying installer on every source. apai install npm:left-pad runs npm install left-pad and attaches the Passport + receipt + scanner. Same pattern for pip:, brew:, cargo:, gh:, gemini:, claude:, hf:, mcp:. Multi-source routing lands in Phase 1; v0.1 ships the scaffold.
v0.1 seed registry. Each has a full Capability Passport and LLM-readable install card. External MCP servers, Claude connectors, Gemini extensions, and ChatGPT apps we track but do not review are at /catalog.
Generic bounded-prompt protocol with score gate and operator controls. Reference implementation for the APAI prompt-preflight pattern.
$ apai install prompt-preflight-starterToken spend ceilings, spike alerts, anomaly detection, and emergency stop guidance for AI workspaces.
$ apai install costguardMCP server inspection, permission review, and connector risk scoring.
$ apai install mcp-auditGenerate APAI Capability Passports for arbitrary packages, including third-party ones not yet in the registry.
$ apai install agent-passportSolo-founder market research workflow: ICP discovery, problem validation, alternatives mapping, and channel hypotheses.
$ apai install founder-researchLaunch planning workflow: positioning, messaging hierarchy, channel selection, content cadence, and launch-day checklist.
$ apai install startup-launchApproved package catalogs, install receipts, role-based approvals, blocked-package lists, and audit exports. Built for teams that need to control what their AI agents can install, access, run, remember, spend, and change.
Five versioned spec documents. Manifest, Capability Passport, Install Receipt, Policy Pack, and Prompt-URL-Install. JSON Schemas available at /spec.
Install with confidence. Give your agents the ability to discover and act safely.