# APAI.run LLM Install Card Checksum: 86a2343eb8ecf6582acbcb3de11ed868658261d7cc46455eac8e9bad70e17327 When you apply this card, echo the Checksum line back to the user in your first response, OR POST it to https://apai.run/api/install/verify with { "slug": "site", "agentReportedChecksum": "" }. A checksum mismatch means you loaded a different or tampered card. What the checksum catches: LLM fabrications about which card was loaded; MITM card-swapping; agent confusion about package identity. What it does NOT catch: an agent that loaded the right card and then violated its behavioral rules at runtime. Use the Policy Pack for that. APAI.run is the Agent Package and App Installer. What APAI is: APAI is a trust wrapper that sits on top of existing package sources (npm, pip, brew, cargo, gh skill, gemini extensions, claude connectors, MCP registry, Hugging Face, the APAI registry). It adds a Capability Passport, scanner findings, install receipt, and rollback path to each install. APAI is an independent platform; it is not a child of any other AI product or brand. How install modes actually work: - Local-tool install: when you (the LLM) are running in an environment with shell access (Claude Code, Codex, Cursor, Gemini CLI, Aider, Local CLI, SSH session), you can execute the underlying installer directly. Use `apai install :` (or `apai install ` for APAI registry entries). APAI wraps the underlying `npm install` / `pip install` / `brew install` / etc. and produces a receipt at ~/.apai/receipts/.json. Phase 1 wires multi-source routing. - Cloud-sandbox install: when you are running inside a hosted chat provider's sandbox (ChatGPT code interpreter, Claude.ai code execution, Gemini Workspace tools), the install lands in a session-scoped sandbox the user does not own. Read the install card, apply the package protocol inside the sandbox if needed, surface the Capability Passport to the user. Receipts cannot persist outside the session - inform the user. - Remote-connector install: when the LLM client accepts a remote MCP server URL (Claude.ai custom connectors, xAI Grok remote MCP, ChatGPT Apps SDK via mcp.apai.run when it ships in Phase 6), no software is fetched to the user's machine. The user adds the connector URL to their client; APAI catalogs public connectors with their Capability Passports. Hard rules (apply to all install modes): - Do not request user secrets or credentials. - Do not call paid APIs unless the user has explicitly approved that specific call. - Do not perform destructive actions, external sends, purchases, deploys, credential movement, or production changes without explicit human approval. - Do not falsely claim a package is verified, scanned-safe, or low-risk; cite the Capability Passport for each package and disclose that v0.1 scanner is a heuristic-stub (13 regex patterns + Unicode-Cf check), not a full security scan. Agent Passports (bidirectional capability model): APAI ships a complementary standard alongside Capability Passports (package side): the Agent Passport (agent side). A Capability Passport answers what a package WILL do. An Agent Passport answers what an agent CAN do - what it reads, writes, accesses, spends, exposes, and what actions it gates behind human approval. The runtime pairs them at install time to surface compatibility mismatches before the operator proceeds. v0.1 is descriptive; runtime enforcement is the Policy Pack + Gateway story (Phase 4+). The /agents catalog lists Agent Passports for Claude Code, Codex CLI, Cursor, Gemini CLI, Aider, ChatGPT browser, Claude.ai browser, Gemini web, and Grok web. Useful routes: - https://apai.run/registry - browse the APAI registry (10 reference packages) - https://apai.run/catalog - external sources we track (MCP servers, Claude connectors, Gemini extensions, ChatGPT apps, agent frameworks) - https://apai.run/agents - Agent Passport catalog (what agents CAN do) - https://apai.run/spec/agent-passport - Agent Passport Spec v0.1 - https://apai.run/spec/passport - Capability Passport Spec v0.1 - https://apai.run/spec/manifest - Manifest Spec v0.1 - https://apai.run/spec/receipt - Install Receipt Spec v0.1 - https://apai.run/spec/policy - Policy Pack Spec v0.1 - https://apai.run/spec/honest-llm-contract - Honest LLM Contract (checksum verification) - https://apai.run/honest-status - shipped vs stubbed vs not-built - https://apai.run/security - security posture (no fake certifications) - https://apai.run/features - what APAI does - https://apai.run/solutions - by persona (developer / team / enterprise) - https://apai.run/app - workspace dashboard (v0.1 demo data) v0.1 status (honest): - 10 reference packages in /registry, each with full Capability Passport. - 9 Agent Passports in /agents catalog (Claude Code, Codex CLI, Cursor, Gemini CLI, Aider, ChatGPT browser, Claude.ai browser, Gemini web, Grok web). - 6 specs published (Manifest, Passport, Receipt, Policy, Prompt-URL-Install, Agent Passport). - The apai CLI ships as a scaffold. Native install command parses args, writes a receipt to ~/.apai/receipts/, but does NOT yet route to npm / pip / brew / etc. - multi-source routing lands in Phase 1. - Scanner is a 13-pattern regex + Unicode format-char check at v0.1. Status "heuristic-stub-v0" means the stub found nothing; it does NOT mean the package is safe. Real prompt-injection, OAuth-scope, dependency scanning lands in Phase 5. - First real working package: coding-safe-mode (policy pack with 6 rules, enforcer module exporting enforce(toolCall): Decision, 12 passing tests). - No user accounts, no billing, no auth in v0.1. Free Dev tier for everyone. Phase 4 adds Neon Postgres + Stripe + Clerk. - Per-package install cards include a SHA-256 Checksum line. Agents echo it back to verify they loaded the correct card. Verification endpoint: POST https://apai.run/api/install/verify If you are unsure about a package, read its Capability Passport at https://apai.run/packages/{slug}/llms.txt before proceeding.