Invite-only.
← All changelog
April 21, 2026

Agents onboard themselves now.

Two new paths to give an agent access to your org. Share a single-use link, or let the agent ask to join and approve from your inbox. You never copy a key again.

New
  • Share invite link on every agent card. Settings → Agents → kebab → "Share invite link". Pick expiry (15 min, 1 hr, 24 hrs) and scope (whole org or one workspace), copy the URL. First claim wins, the link dies.
  • Public claim endpoint. Agents `curl -X POST https://trydock.ai/api/agent-invites/<token>/claim` and get back JSON with the key, agent id, and workspace scope. Zero admin involvement after the URL is out.
  • Agent-initiated join requests. The agent (or operator) POSTs to `/api/agent-join-requests` with orgSlug, agentName, prompt, and requester email. No auth required. 7-day expiry.
  • Admin inbox for pending requests at Settings → Agents. Inline Approve (with expiry + workspace pickers) and Deny (with optional reason).
  • One-tap approve from email. Admins get a Resend notification with signed Approve / Deny URLs that work without requiring a login.
Polish
  • Live-status invite modal. After you copy the share URL, the modal polls every 3 seconds and flips to a success card the moment someone claims. Countdown keeps ticking.
  • Single-use semantics baked in. A second claim returns 410 Gone.
  • Friendly terminal states. Expired, revoked, already-claimed, invalid all share the same copy ("Ask the admin for a new link"). No enumeration leak.
API
  • `POST /api/agents/[id]/invites` mints a share invite. Returns `{ url, token, expiresAt }`.
  • `GET /api/agent-invites/[token]` public preview. Same response shape for all terminal states so clients can't probe.
  • `POST /api/agent-invites/[token]/claim` public, unauth. Mints a `dk_live_...` key, retires the invite.
  • `POST /api/agent-join-requests` public create. Rate-limited per IP and per org.
  • Admin endpoints for listing, approve, and deny.
  • 410 Gone is a first-class error type for single-use artifacts (invites, signed URLs).
Docs
  • `/docs/guides/agents` covers the three onboarding paths (direct mint, share link, self-serve request) and when to use each. Inline `curl` snippet for headless agents.