Developer Documentation
Ship an Agent-Ready storefront.
AgentsBloom is drop-in middleware that makes your storefront instantly machine-readable and autonomous-agent-ready with native support for WebMCP, ARD (Agentic Resource Discovery), and OKF (Open Knowledge Framework). Autonomous agents (ChatGPT, Claude, Perplexity) discover your APIs, register tools in the browser, and bypass CAPTCHAs — securely.
1. Introduction
AgentsBloom sits alongside your existing routes as middleware. When a human visits your site, they see your standard HTML. When an AI visits (or uses a browser extension), the SDK serves structured JSON and automatically registers WebMCP tools into the agent's context.
Core Capabilities
- WebMCP Injection
Injects
<meta name="webmcp" content="active">and registers tools vianavigator.ai.registerTool. - ARD Discovery
Auto-generates and serves
/.well-known/agent-specand/ai-catalog.json. - LLM Context
Serves a structured
/llms.txtto train navigating bots. - DDoS & CAPTCHA Defense
Rate limits, Idempotency caching, and
X-Agent-Signaturevalidation for verified bots.
2. Installation & Quickstart (Custom Stacks)
For headless storefronts and custom web apps, use our NPM packages to wrap your API.
Next.js — @agentsbloom/next-sdk
The easiest way to integrate with Next.js applications using Edge Middleware.
1. Install the package
1npm install @agentsbloom/next-sdk
2. Add to middleware.ts
1import { withAgentsBloom } from "@agentsbloom/next-sdk";23export const config = {4 matcher: [5 '/.well-known/:path*',6 '/ai-catalog.json',7 '/llms.txt',8 '/api/agentsbloom/:path*'9 ]10};1112export default withAgentsBloom({13 name: "My Agent-Ready Store",14 description: "An e-commerce store optimized for human and machine AI agents.",15 agentSecret: process.env.AGENTSBLOOM_SECRET, // Used for CAPTCHA bypassing16 actions: {17 search: {18 method: "POST",19 description: "Search the product catalog.",20 params: { query: "string", limit: "number" }21 },22 checkout: {23 method: "POST",24 description: "Complete an order.",25 params: { items: "array", payment_intent: "string" }26 }27 }28});
Node.js / Express — @agentsbloom/sdk
For standard Express / Node.js environments, use our vanilla middleware.
1import express from 'express';2import { agentsbloom } from '@agentsbloom/sdk';34const app = express();56app.use(agentsbloom({7 apiKey: "sk_live_your_api_key",8 agentSecret: process.env.AGENTSBLOOM_SECRET,9 actions: { /* ... same as above ... */ }10}));
3. Platform Integrations (No-Code & Express)
Skip the SDK when you run a standard CMS or e-commerce platform.
Express Shopify Integration
Our Shopify App uses Theme App Extensions (App Blocks) to inject WebMCP metadata into your storefront without editing liquid files.
- Install the AgentsBloom app from the Shopify App Store.
- Open Online Store → Themes → Customize.
- In the App Embeds tab, enable AgentsBloom AI Agent.
- Paste your
Workspace API Keyand click Save.
WordPress / WooCommerce Plugin
Hooks into wp_head and wp_footer to inject the WebMCP registry and/llms.txt endpoints automatically.
- Install
agentsbloom.zipfrom your dashboard. - Activate it via the WordPress Admin.
- In the new AgentsBloom menu, paste your
Workspace API Key.
4. AI Discoverability (ARD & OKF)
Once installed, AgentsBloom automatically routes AI traffic by exposing standard discovery endpoints. You don't need to build these manually.
5. Security & Trust
CAPTCHA Bypassing (X-Agent-Signature)
Autonomous agents often get blocked by Cloudflare or standard CAPTCHAs. AgentsBloom lets verified agents bypass these checks securely using cryptographic signatures.
On write requests (POST, PUT, DELETE), agents must send:
X-Agent-Identifier— unique string identifying the agent session.X-Agent-Signature— HMAC SHA-256 hash of the identifier, signed with yourAGENTSBLOOM_SECRET.
Invalid or missing signatures return 403 Verification Failed or 401 Verification Required.
Rate Limiting (DDoS Protection)
In-memory IP rate limiting by default (30 requests per minute). Responses include:
X-RateLimit-LimitX-RateLimit-RemainingX-RateLimit-Reset
Over-limit requests return 429 Too Many Requests with a Retry-After header.
Idempotency
All write actions accept an Idempotency-Key header. Retries within 5 minutes replay the cached response (with X-Cache: Idempotent-Hit) instead of re-executing the action — so agents never trigger duplicate purchases.
6. Developer CLI
Use the AgentsBloom CLI to manage compliance locally or simulate agent behavior.
Installation
1npm install -g agentsbloom
Commands
agentsbloom loginAuthenticate your terminal.agentsbloom sync ./catalog.jsonManually push a JSON product catalog.agentsbloom test "do you have red shoes?"Simulate a conversation with your storefront agent locally.Head to Integrations to generate a sandbox key. Rotating is instant.