Phlow is authentication middleware for AI agents that's evolving into the Agent Marketplace Platform - enabling agents to discover, authenticate, and monetize their capabilities.
Current: A2A Protocol + Supabase β’ JWT Auth β’ Middleware Vision: The "App Store for AI Agents"
Phase 1: Authentication Middleware (Current)
β
Phase 2: Agent Discovery & Registry
β
Phase 3: Agent Marketplace Platform
We're building the foundational trust layer that will enable agents to securely discover, interact with, and monetize their capabilities - creating the first true marketplace for AI agent services.
pip install phlowfrom phlow import PhlowMiddleware, AgentCard, PhlowConfig
config = PhlowConfig(
agent_card=AgentCard(
name="My Agent",
description="Agent description",
service_url="https://my-agent.com",
skills=["chat", "analysis"],
metadata={"agent_id": "my-agent-id", "public_key": "public-key-here"}
),
private_key=os.environ["PRIVATE_KEY"],
supabase_url=os.environ["SUPABASE_URL"],
supabase_anon_key=os.environ["SUPABASE_ANON_KEY"]
)
phlow = PhlowMiddleware(config)# Use A2A authentication with Supabase features
@app.post("/api/chat")
async def chat_endpoint(context: PhlowContext = Depends(auth_required)):
# Access agent info and Supabase client
agent = context.agent
return {"message": f"Hello from {agent.name}"}- π JWT Authentication - Verify A2A Protocol JWT tokens
- π Agent Storage - Store and retrieve agent cards in Supabase
- π‘οΈ RLS Helpers - Generate basic Supabase Row Level Security policies
- π Basic Audit - Log authentication events to Supabase
- π Python Package - Pure Python implementation
- π§ FastAPI Integration - Complete middleware with dependency injection
sequenceDiagram
participant A as Agent A
participant B as Agent B
participant S as Supabase Registry
A->>A: Generate JWT with private key
A->>B: Send request + JWT + Agent ID header
B->>S: Lookup Agent A's public key
S->>B: Return AgentCard with public key
B->>B: Verify JWT signature
B->>A: Return response
phlow/
βββ src/phlow/ # Python authentication library
βββ tests/ # Test suite
βββ examples/ # Example implementations
βββ docs/ # Documentation
βββ getting-started.md # Quick setup guide
βββ a2a-compatibility.md # A2A Protocol integration
βββ api-reference.md # API documentation
Phlow is a lightweight middleware that connects A2A Protocol JWT authentication with Supabase storage:
- JWT Verification - Validates A2A Protocol tokens
- Agent Lookup - Retrieves agent cards from Supabase
- Context Creation - Provides agent info and Supabase client to your app
- Basic Logging - Optionally logs auth events
See Getting Started for setup instructions.
- Install:
pip install phlow - Configure: Set up Supabase project and environment variables
- Initialize: Register your agent card in Supabase
- Authenticate: Add Phlow middleware to your A2A agent
Detailed Setup Instructions β
# A2A + Phlow Integration
from phlow import PhlowMiddleware, AgentCard, PhlowConfig
config = PhlowConfig(
agent_card=AgentCard(
name="My Agent",
description="A2A-compatible agent",
service_url="https://my-agent.com",
skills=["chat", "analysis"],
metadata={"agent_id": "my-agent-id", "public_key": "public-key-here"}
),
private_key=os.environ["PRIVATE_KEY"],
supabase_url=os.environ["SUPABASE_URL"],
supabase_anon_key=os.environ["SUPABASE_ANON_KEY"]
)
phlow = PhlowMiddleware(config)
# Use with FastAPI
from phlow.integrations.fastapi import create_phlow_dependency
auth_required = create_phlow_dependency(phlow)
@app.post("/api/a2a/message")
async def handle_message(context: PhlowContext = Depends(auth_required)):
# Process A2A message using phlow context
return {"status": "received"}- Getting Started - Quick setup guide
- A2A Compatibility - A2A Protocol integration
- API Reference - Complete API docs
| Language | Package | Framework Support |
|---|---|---|
| Python | phlow |
FastAPI |
- β JWT authentication for A2A Protocol
- β Agent card storage in Supabase
- β Basic middleware for FastAPI
- π Enhanced security and testing
- π― Central agent registry with search capabilities
- π― Agent capability matching and discovery
- π― Enhanced agent profiles and metadata
- π― Agent network visualization
- π― Agent monetization and billing
- π― Usage analytics and performance metrics
- π― Agent rating and reputation systems
- π― Developer tools and SDK ecosystem
Our North Star: Create the first true marketplace where AI agents can discover, authenticate, and monetize their capabilities - making agent-to-agent commerce as simple as an API call.
Pull requests welcome! We're building towards our marketplace vision:
Current Focus Areas:
- Authentication middleware improvements
- Supabase integration enhancements
- Agent registry and discovery features
- Developer experience improvements
Future Contribution Areas:
- Agent marketplace features
- Monetization and billing systems
- Analytics and metrics
- Community tools and governance
Scope: Please keep contributions focused on authentication, agent registry, discovery, and marketplace features. Communication protocols should be contributed to the A2A Protocol directly.
# Install dependencies
uv sync --dev
# Run all quality checks
uv run task quality
# Run tests
uv run task test
# Run E2E tests (requires Docker)
uv run task test-e2euv sync --dev # Install all dependencies
uv run task test # Run all tests with coverage
uv run task test-unit # Run unit tests only
uv run task test-e2e # Run end-to-end tests (Docker required)
uv run task lint # Run linting with auto-fix
uv run task format # Format code
uv run task type-check # Run type checking
uv run task quality # Run all quality checks
uv run task build # Build distribution packages
uv run task clean # Clean build artifacts- Unit Tests:
uv run task test-unit- Fast, mocked, runs in CI - E2E Tests:
uv run task test-e2e- Full stack, Docker required
MIT License - see LICENSE file for details.
Built with β€οΈ for the A2A ecosystem