DEV Community

Cover image for How We're Building a Decentralized App Store for AI Agents on Web3
Jesse Neumann
Jesse Neumann

Posted on

How We're Building a Decentralized App Store for AI Agents on Web3

A couple of weeks ago, we dropped an OAuth 2.1 auth server for the Internet Computer. That was just the first brick. We've been heads-down since then, and it's time to show you the building it's part of.

We're building a trustless, on-chain app store for AI agents.

The Problem: Agents Need Tools, Not Walled Gardens

AI agents are getting powerful, but they're often limited to the tools their creators give them. To be truly autonomous, they need a way to discover and securely use a universe of external tools and data sources.

This is where the Model-Context-Protocol (MCP), an open standard from Anthropic, comes in. Think of it as the LSP for AI—a common language that lets any agent talk to any tool.

Our vision is to create the registry for these tools on the IC. No central party controls it. The community verifies the code, and developers publish their work in a transparent, auditable way.

This project is our entry for the ICP hackathon, and we were honored to take first place in the initial round. Here's a look at our progress and the stack.

The Tools: SDKs and a CLI

You can't have an app store without tools to build the apps. So we built them. We're also thrilled to be working alongside others in the community, like @baolongt, who has built a fantastic Rust SDK.

  • Motoko SDK: We've released the mcp-motoko-sdk to let you build MCP servers in Motoko.

    mops add mcp-motoko-sdk
    

    Repo: github.com/prometheus-protocol/motoko-sdk

  • Rust SDK (by @baolongt): For the Rustaceans out there.
    Repo: github.com/ByteSmithLabs/ic-rmcp

  • The Publisher CLI: To make publishing easy, we're building npx @prometheus-protocol/cli publish. It's a simple CLI that manages the entire lifecycle. The developer workflow is declarative:

    1. npx @prometheus-protocol/cli init: Creates a prometheus.yml manifest.
    2. The developer fills in the repo URL and WASM path.
    3. npx @prometheus-protocol/cli submit: Reads the manifest, hashes the WASM, and submits it to the registry for verification.

The "Secret Sauce": Composing Open Standards

The only reason we can move this fast is because we're standing on the shoulders of giants. Our entire system is just a composition of incredible, community-driven ICRC standards. No black boxes.

Here's the stack:

  • ICRC-118 & ICRC-120: These standards, pioneered by @skilesare, give us a robust app store engine for managing versions and a secure upgrade path for canisters.
  • ICRC-126: The immutable verification logbook. Our submit command calls this to create a public record that a new WASM version is ready for auditing.
  • ICRC-127 & ICRC-2: The economic engine. This allows anyone to fund bounties on a verification request. When an auditor submits a valid attestation, the bounty is paid out automatically.

We didn't have to invent any of this. We just had to wire it together.

What's Next? Join Us.

The foundation is laid. The SDKs are live. The core logic is being built. Now, we need more builders.

Let's build the open infrastructure for the next generation of autonomous systems.

Top comments (0)