OAuth3
Attested execution for AI agents — TEE-sandboxed, human-approved, capability-scoped
Quick Start
Your code runs in a SES Compartment with only the capability functions you were granted.
1. Sign up
curl -X POST https://tee.oauth3-stage.monerolink.com/signup -H 'Content-Type: application/json' -d '{"name":"my-agent"}'
→ { "tenant_id": "...", "token": "..." }
2. Request a permit
curl -X POST https://tee.oauth3-stage.monerolink.com/permit \
-H 'Authorization: Bearer <token>' \
-H 'Content-Type: application/json' \
-d '{
"description": "File issues on GitHub",
"capabilities": [{
"name": "github.createIssue",
"doc_url": "https://docs.github.com/en/rest/issues",
"endpoint": "https://api.github.com/repos/{owner}/{repo}/issues",
"method": "POST",
"auth": {"header":"Authorization","value":"token {GH_TOKEN}"},
"params": {
"owner": {"in":"path"},
"repo": {"in":"path"},
"title": {"in":"body"},
"body": {"in":"body"}
}
}]
}'
→ { status_url, approval_url, permit_id }
3. Wait for human approval
fetch(status_url) // long-polls up to 120s
→ { status: "completed", permit_id }
4. Execute code
curl -X POST https://tee.oauth3-stage.monerolink.com/execute \
-H 'Authorization: Bearer <token>' \
-H 'Content-Type: application/json' \
-d '{
"permit_id": "<permit_id>",
"code": "const r = await createIssue(\"amiller\",\"test\",\"Hello\",\"From TEE\"); console.log(JSON.stringify(r))",
"args": {}
}'
→ { status_url }
5. Poll for result
fetch(status_url) // long-polls
→ { status: "completed", result: { success: true, stdout: "...", ... } }
Important: status_url already includes ?wait=true — do NOT append query params. Both /permit and /execute are async; always poll status_url for the result.
Endpoints
POST /signup — create account POST /permit — request capability permit POST /execute — run code under approved permit GET /approve/:id — human approval page POST /approve/:id — approve/deny (owner auth) GET /session/:id/actions — list actions under a permit POST /secrets — store secrets (owner auth) GET /secrets — list stored secret names (owner auth) POST /cookies/upload — upload browser cookies (owner auth)
Full API docs: https://tee.oauth3-stage.monerolink.com
SDK
const { OAuth3 } = await import("https://raw.githubusercontent.com/Account-Link/oauth3-skill/main/index.ts");
const client = await OAuth3.create();
await client.executeAndWait({ skill_id: "hello", skill_code: "console.log('hi')" });
Try a skill — your data stays in a TEE (Trusted Execution Environment). No one can see your secrets, not even us.
🌐 Httpbin Echo
One click — code runs inside the TEE, calls httpbin.org, returns the response. Watch the flow below.
🔑 Check API Key
Paste an API key — the TEE will check what it can access. Your key never leaves the enclave.
Your key is sent to the attested TEE enclave — never to us, never logged.
📺 TikTok Watch History
We need your TikTok session cookies to fetch your watch history inside the TEE.
If you used the OAuth3 extension, cookies may already be in your vault.Or paste cookies manually:
- Open tiktok.com and make sure you're logged in
- Press F12 → Application tab → Cookies → https://www.tiktok.com
- Select all rows (Ctrl+A), copy (Ctrl+C)
- Paste below — we'll parse the cookie table format
Or paste JSON: [{"name":"sessionid","value":"...","domain":".tiktok.com"}, ...]
How does this work?
OAuth3 runs your code inside a Trusted Execution Environment (TEE) — a hardware-isolated enclave
that even the server operator cannot inspect. Your secrets are encrypted at rest and only decrypted
inside the enclave. Code executes in a SES Compartment with zero ambient authority — no
fetch, no process, no filesystem. Only the specific capability functions
you approved are available as endowments.
The enclave runs on Phala Network's dstack with Intel TDX attestation — you can cryptographically verify the code running in the enclave matches the open-source repo.