Ever tried building an AI agent and wondered "Am I doing this right?". You're not alone. There is very little consensus on how to build AI Agents correctly - developers are left navigating through sometimes over bloated, spaghetti-code frameworks with no clear guidance on the “how”.
Well that was the case up until now - meet AgentUp, and instead see results in minutes!
AgentUp is an open-source framework that cuts through the steep learning curve and lets you build ready to roll, interoperable AI agents at speed, yet with all the customisation capabilities you need to extend over time.
The Problem: AI Agent Development, full of footguns 🔫 and very little guidance.
If you've tried building AI agents, you know the pain:
- Writing authentication from scratch (and doing it with no security bugs)
- Implementing rate limiting and caching
- Policy around Tool and MCP Access.
- Getting agents talk to each other
- Managing state across conversations
- Integrating different LLMs and tools
- Plugging in MCP Servers
Most frameworks either give you too little or too much (analysis paralysis, anyone?). There's no consensus on the "right way" to build agents, leaving developers to figure it out themselves.
💡 The Solution: Configuration-Driven AI Agents
🏃♂️ Developer Experience: From Zero to Agent in seconds.
AgentUp takes a different approach, a CLI drives rapid creation of agents and the tools needed to maintain, and deploy them.
> agentup agent create
----------------------------------------
Create your AI agent:
----------------------------------------
? Agent name: DevTo
? Description: AI Agent DevTo Project.
? Would you like to customize the features? Yes
? Select features to include: done (8 selections)
? Select middleware to include: done (3 selections)
? Select cache backend: Valkey/Redis (production, persistent)
? Select state management backend: Valkey/Redis (production, distributed)
? Select authentication method: API Key (simple, good for development)
? Select push notifications backend: Valkey/Redis (production, persistent)
? Enable webhook URL validation? Yes
? Enable development features? (filesystem plugins, debug mode) Yes
? Enable filesystem plugin loading? (allows loading plugins from directories) Yes
? Plugin directory path: ~/.agentup/plugins
? Generate Docker files? (Dockerfile, docker-compose.yml) Yes
? Docker registry (optional): ghcr.io
? Generate Helm charts for Kubernetes deployment? Yes
? Default Kubernetes namespace: default
? Please select an AI Provider: OpenAI
Creating project...
Initializing git repository...
Git repository initialized
✓ Project created successfully!
Location: /Users/joedev/agents/devto
Next steps:
1. cd linkedin
2. uv sync # Install dependencies
3. agentup agent serve # Start development server
Config-driven
Your agents start out as pure configuration. Everything can be declared in a YAML file that drives the Agents runtime:
agent:
name: DevTo
version: 1.0.0
organization: https://dev.to
plugins:
- plugin_id: web_search
input_mode: text
output_mode: text
- capability_id: brave_api
enabled: true
required_scopes: ["api:read"]
- plugin_id: image_vision
input_mode: multimodal
output_mode: text
- capability_id: generate_image
enabled: true
required_scopes: ["image_write"]
middleware:
- name: cache
params: {ttl: 300}
- name: rate_limited
params: {requests_per_minute: 100}
security:
enabled: true
type: bearer
bearer:
jwt_secret: "${JWT_SECRET:secret-key}"
issuer: "${JWT_ISSUER:test-issuer}"
audience: "${JWT_AUDIENCE:agentup-jwt-test}"
jwks_url: "${JWKS_URL}"
public_key: "${JWT_PUBLIC_KEY}"
scope_hierarchy:
# Universal admin access
admin: ["*"]
files:admin: ["files:write", "files:read"]
files:write: ["files:read"]
mcp:
enabled: true
client:
enabled: true
servers:
- name: filesystem
command: npx
args: ['-y', '@namespace/mcp_server', 'somevalue']
tool_scopes:
read_file: ["files:read"]
write_file: ["files:write"]
Note, this is just a few of many configuration capabilities in AgentUP
That's it. Your agent now has web search capabilities, content analysis, MCP, caching, security and rate limiting.
You can then start your agent and off you go!
agentup agent start
INFO: Uvicorn running on http://127.0.0.1:8000 (Press CTRL+C to quit)
INFO: Registered capability system_info from plugin sys_tools [PluginService]
INFO: Loaded plugin: sys_tools with 1 capabilities
INFO: Plugin service initialized with 1 plugins
INFO: ✓ Initialized PluginService
INFO: Initializing PushNotificationService
INFO: Using memory push notifier [PushNotificationService]
INFO: Push notification service initialized with redis backend
INFO: ✓ Initialized PushNotificationService
INFO: Security manager attached to app.state.security_manager
INFO: AI Agent Dev.To Test Project initialized
INFO: ==================================================
INFO:Active Services (5):
INFO: ✓ SecurityService
INFO: ✓ MiddlewareManager]
INFO: ✓ CapabilityRegistry
INFO: ✓ PluginService
INFO: ✓ PushNotificationService
INFO: Enabled Features:
INFO: ✓ Security (OAuth2)
INFO: ✓ Capabilities (4)
INFO: ==================================================
INFO: Application startup complete
Verify your config at any point!
# Comprehensive validation with detailed feedback
agentup agent validate --config agentup.yml
Validating agentup.yml...
✓ Valid YAML syntax
✓ Agent configuration valid
✓ Found 1 plugin(s)
✓ Routing configuration valid
✓ AI requirements validated
✓ Security configuration valid
✓ Middleware configuration validated (3 middleware items)
✓ System prompt validated
✓ No plugin system prompts found
Validation Results:
Warnings:
• AI is enabled but no plugins use AI routing. Consider disabling AI or adding AI-routed plugins
✓ Configuration is valid with warnings
You now have an agent that is now running with:
- ✅ AI capabilities (openai, anthropic, ollama, local models)
- ✅ A2A protocol compliance (agents can talk to each other!)
- ✅ Enterprise authentication (API key, JWT, OAuth2)
- ✅ Automatic OpenAPI documentation
- ✅ State management with persistence
- ✅ Multi-modal support (text, images, documents)
- ✅ Real-time streaming and webhooks
- ✅ Comprehensive security and audit logging
But wait! It gets even better?!
Plugins FTW!
Some of you may be thinking, "sure config-driven is nice, but I am going to want to customise and build features like I do with a traditional framework".
Plugins in AgentUp are where you get to develop custom features, but they are also reusable, shareable components. No more copy and pasting from your (or someone else's) old code.
Plugins can be anything: OS Tools (coding agents), Web Search, Image Processing, RAG - to be honest, anything you can dream up!
Best of all, they're managed as standard Python dependencies. So the community and teams can share capabilities across projects, version them properly, and collaborate like you do with most modern software. You can literally uv / pip install AgentUp plugins, and then pin them in your pyproject.toml dependency file!
> agentup plugin list
Loaded Plugins
╭──────────────┬───────────────────┬─────────┬────────╮
│ Plugin │ Name │ Version │ Status │
├──────────────┼───────────────────┼─────────┼────────┤
│ agentup_rag │ Index Document │ 0.1.0 │ loaded │
│ sys_tools │ File Read │ 0.3.1 │ loaded │
│ image_vision │ Image Analysis │ 0.2.0 │ loaded │
│ scopecheck │ Scope Check Debug │ 0.1.0 │ loaded │
│ brave │ Brave Web Search │ 0.1.0 │ loaded │
╰──────────────┴───────────────────┴─────────┴────────╯
This then means some really cool things can be done! You could have dependabot manage your plugins and keep them up to date! You can make Agent builds and deployments more reproducible!
Plugins: Your Agent's Superpowers
AgentUp's plugin system has been designed for maximum developer productivity and working in a modern development environment.
Plugins are Python packages that provide capabilities, and they can be easily installed, configured, and extended.
Plugin Developers
Quick start tools are available to help you get started with plugin development:
agentup plugin create
AgentUp Plugin Creator
Lets create a new plugin!
? Plugin name: WhoAmI
? Display name: Who am I?
? Description: A plugin that provides Who am I functionality
? Author name: Ronnie Pickering
? Primary capability ID: whoami
? Coding Agent Memory: Claude Code
? Include GitHub Actions? (CI/CD workflows) Yes
Creating plugin in /Users/lhinds/dev/agentup-workspace/whoami...
✓ Plugin created successfully!
Location: /Users/lhinds/dev/agentup-workspace/whoami
Next steps:
1. cd /Users/lhinds/dev/agentup-workspace/whoami
2. pip install -e .
3. Edit src/whoami/plugin.py
4. Test with your AgentUp agent
AgentUp Plugin Registry
Plugins can be shared with the community via the AgentUp Plugin Registry
With the AgentUp Registry, I wanted security to be front and centre. After spending many years seeing communities play catchup, I wanted to get ahead. So security is baked in!
Every plugin submitted, is quarantined until the Author is trusted, until then its manual review each time something looks suspicious.
Every plugin is deep scanned for insecure code, vulnerabilities or malware using textual and binary analysis. We also give Plugin authors lots of feedback on secure plugin development best practises.
Context-Aware Middleware
Plugins automatically receive optimized middleware based on their classification:
plugins:
- plugin_id: web_search # NETWORK plugin
# Automatically gets: retry, rate_limit, cache, timeout
- plugin_id: file_processor # LOCAL plugin
# Automatically gets: validation, audit_log
- plugin_id: ai_analyzer # AI_FUNCTION plugin
# Automatically gets: model_routing, token_management
Override when needed:
plugins:
- plugin_id: expensive_api
middleware_override:
- name: cache
config: {ttl: 3600} # 1 hour cache for expensive calls
Example Plugin use
Let's grab Sys Tools plugin:
plugins:
- plugin_id: sys_tools
name: System Tools
description: System tools for basic operations
input_mode: text
output_mode: text
- capability_id: file_hash
enabled: true
required_scopes: ["files:read"]
- capability_id: system_info
enabled: true
required_scopes: ["system:read"]
- capability_id: working_directory
enabled: true
required_scopes: ["system:read"]
config:
# Optional: Restrict operations to specific directory (defaults to cwd)
workspace_dir: "./workspace"
# Optional: Maximum file size in bytes (default 10MB)
max_file_size: 10485760
# Optional: Allow safe command execution (default true)
allow_command_execution: true
AgentUp automatically converts this to function calls that your LLM can use.
We can then use the tools, selected by the LLM using natural language.
Let's get the SHA256 of a file:
curl -s -X POST http://localhost:8000/ \
-H "Content-Type: application/json" \
-d '{
"jsonrpc": "2.0",
"method": "message/send",
"params": {
"message": {
"role": "user",
"parts": [{"kind": "text", "text": "What is the sha256 hash of important_file.md"}],
"messageId": "msg-001",
"kind": "message"
}
},
"id": "req-001"
}' | jq -r '.result.artifacts[].parts[] | select(.kind=="text") | .text' | jq
{
"success": true,
"data": {
"path": "./workspace/test-directory/important_file.md",
"hashes": {
"sha256": {
"algorithm": "sha256",
"digest": "fce1ea5cc17366e32ff0e89298771bb3e03db09616208ba15853a7a00bc287af",
"format": "hex"
}
},
"algorithms_used": [
"sha256"
],
"output_format": "hex",
"file_info": {
"name": "important_file.md",
"size": 3094,
"size_human": "3.02 KB",
"modified": 1751787043.0422595
}
},
"operation": "hash_file",
"message": "Successfully computed 1 hash(es) for file"
}
Plugins: Extend Without Limits
Need custom functionality? Create a plugin:
class MyCustomPlugin:
def register_plugin(self) -> PluginInfo:
return PluginInfo(
id="sentiment_analyzer",
name="Sentiment Analysis"
)
def execute_plugin(self, context) -> PluginResult:
# Your plugin automatically gets all middleware!
# Access to multi-modal helpers, caching, etc.
sentiment = analyze_sentiment(context.input)
return PluginResult(content=f"Sentiment: {sentiment}")
The best part? Plugins inherit all your configured middleware, authentication, and features automatically. No manual wiring needed.
State Management Made Simple
state:
backend: valkey
url: '${VALKEY_STATE_URL:valkey://localhost:6379}'
ttl: 7200 # 2 hours
Your agent now remembers conversations.
Push Notifications (webhooks) for Async Operations
push_notifications:
enabled: true
backend: valkey
retry_attempts: 3
timeout: 30
Webhooks, retries, and validation - all handled for you.
🔐 Advanced Security: Scope Hierarchy & Fine-Grained Permissions
AgentUp features a comprehensive scope-based authorization system that provides
fine grained security with hierarchical permissions.
This approach was selected as it pairs well with token scope based authentication systems,
such as OAuth2, JWT.
Declarative Security Model
The key aspect is declarative plugin security - plugins declare what scopes they need, and the framework enforces them:
plugins:
- plugin_id: sys_tools
capabilities:
- capability_id: file_read
required_scopes: ["files:read"]
- capability_id: file_write
required_scopes: ["files:write"]
- capability_id: delete_file
required_scopes: ["files:admin"]
- capability_id: execute_command
required_scopes: ["system:admin"]
security:
enabled: true
scope_hierarchy:
# Universal admin access
admin: ["*"]
# File system hierarchy
files:admin: ["files:write", "files:read", "files:sensitive"]
files:write: ["files:read"]
# System hierarchy
system:admin: ["system:write", "system:read"]
system:write: ["system:read"]
Automatic AI Tool Filtering
Here's the magic: AgentUp automatically filters which tools are available to AI based on the user's permissions.
- User with
files:read→ AI only sees file reading capabilities - User with
files:admin→ AI sees all file operations including deletion - User with
admin→ AI sees everything
The AI doesn't even know about tools does not allow, creating
fine grained security without complex prompt engineering.
Enterprise Authentication Integration
AgentUp supports enterprise authentication systems with automatic scope mapping:
security:
enabled: true
auth:
oauth2:
provider: github
client_id: "${GITHUB_CLIENT_ID}"
client_secret: "${GITHUB_CLIENT_SECRET}"
# Scopes from OAuth2 token automatically apply to hierarchy
jwt:
secret_key: "${JWT_SECRET}"
# Scopes embedded in JWT claims are enforced
scope_hierarchy:
developer: ["files:write", "system:read", "web:search"]
analyst: ["files:read", "web:search"]
readonly: ["files:read"]
With JWT authentication, scopes come directly from your existing auth system - no duplication needed.
🎨 Multi-Modal AI: Beyond Text
AgentUp provides comprehensive multi-modal support that lets your agents work with text, images, and documents seamlessly. This isn't just image analysis - it's a complete multi-modal framework.
Server-Sent Events Streaming
Get real-time AI responses as they're generated:
# Enable streaming in your agent
streaming:
enabled: true
buffer_size: 1024
flush_interval: 0.1 # 100ms
# Stream endpoint automatically available at /stream
Client-side streaming (Python example):
import requests
def stream_ai_response():
response = requests.post(
"http://localhost:8000/stream",
json={
"jsonrpc": "2.0",
"method": "message/send",
"params": {
"message": {
"role": "user",
"parts": [{"kind": "text", "text": "Write a long story"}]
}
}
},
stream=True,
headers={"Accept": "text/event-stream"}
)
for line in response.iter_lines():
if line.startswith(b'data: '):
chunk = line[6:].decode('utf-8')
print(chunk, end='', flush=True)
Push Notifications for Long-Running Tasks
For tasks that take longer than a typical request timeout, AgentUp provides webhook-based push notifications:
push_notifications:
enabled: true
backend: valkey # or memory
retry_attempts: 3
timeout: 30
endpoints:
- url: "https://api.myapp.com/webhooks/agent-complete"
headers:
Authorization: "Bearer ${WEBHOOK_TOKEN}"
- url: "https://backup.myapp.com/webhooks/agent-complete" # Fallback
Start a long-running task:
curl -X POST http://localhost:8000/ \
-H "Content-Type: application/json" \
-d '{
"jsonrpc": "2.0",
"method": "message/send",
"params": {
"message": {
"role": "user",
"parts": [{"kind": "text", "text": "Analyze this 1000-page document"}]
},
"webhook_url": "https://api.myapp.com/webhooks/task-complete"
},
"id": "long-task-001"
}'
Webhook payload when complete:
{
"task_id": "long-task-001",
"status": "completed",
"result": {
"artifacts": [
{
"kind": "message",
"parts": [{"kind": "text", "text": "Document analysis complete..."}]
}
]
},
"completion_time": "2024-01-15T10:30:00Z"
}
🤝 Interoperability: Agents That Play Well Together
Every AgentUp agent speaks the A2A (Agent-to-Agent) protocol. This means:
- Your agents can communicate with any A2A-compliant agent
- Standardized JSON-RPC messaging
- Built-in AgentCard serving for discovery
- Multi-modal content support via DataPart types
🔗 Model Context Protocol (MCP) Integration
AgentUp provides comprehensive MCP support that works both ways - your agents can consume external MCP servers AND expose their capabilities as MCP endpoints for other systems.
MCP Client: Connect to External Tools
Integrate with the growing MCP ecosystem by connecting to external MCP servers:
mcp:
client:
enabled: true
servers:
- name: "filesystem-server"
type: "stdio"
command: "uvx"
args: ["mcp-server-filesystem", "/workspace"]
tool_scopes:
read_file: ["files:read"]
write_file: ["files:write"]
delete_file: ["files:admin"]
- name: "database-server"
type: "http"
url: "http://localhost:3001/mcp"
tool_scopes:
query_database: ["data:read"]
update_database: ["data:write"]
- name: "github-server"
type: "stdio"
command: "npx"
args: ["-y", "@modelcontextprotocol/server-github"]
env:
GITHUB_PERSONAL_ACCESS_TOKEN: "${GITHUB_TOKEN}"
tool_scopes:
create_or_update_file: ["github:write"]
search_repositories: ["github:read"]
MCP tools automatically become agent capabilities with full scope enforcement and middleware application.
MCP Server: Expose Your Agent's Capabilities
Other MCP-compatible systems can use your agent's capabilities:
mcp:
server:
enabled: true
transport: "http" # or "stdio"
port: 8001
# Expose specific capabilities as MCP tools
exposed_capabilities:
- capability_id: "analyze_document"
mcp_tool_name: "analyze_document"
description: "Analyze documents using advanced AI"
- capability_id: "web_search"
mcp_tool_name: "search_web"
description: "Search the web and return results"
External systems can now use your agent's capabilities:
# From another MCP client (like Claude Desktop)
import mcp
client = mcp.Client("http://localhost:8001/mcp")
# Use your agent's capabilities remotely
result = await client.call_tool("analyze_document", {
"document_path": "/path/to/report.pdf",
"analysis_type": "summary"
})
Bidirectional MCP Architecture
AgentUp's MCP integration creates a federated AI ecosystem:
┌─────────────────┐ MCP ┌─────────────────┐
│ External │◄──────────►│ AgentUp │
│ MCP Server │ Client │ Agent │
│ (filesystem) │ │ │
└─────────────────┘ └─────────────────┘
▲
│ MCP
│ Server
▼
┌─────────────────┐
│ Claude │
│ Desktop │
│ (or other │
│ MCP client) │
└─────────────────┘
Your agent becomes a hub in the MCP ecosystem, both consuming and providing capabilities.
Security-First MCP Integration
All MCP interactions respect AgentUp's security model:
- Scope enforcement - MCP tools require appropriate scopes
- Audit logging - All MCP operations are logged with user context
- Rate limiting - Apply middleware to external MCP calls
- Authentication - MCP server endpoints respect agent authentication
# MCP tools inherit agent security
mcp:
client:
servers:
- name: "sensitive-server"
command: "sensitive-mcp-server"
tool_scopes:
sensitive_operation: ["admin"] # Requires admin scope
middleware_override:
- name: rate_limit
config: {requests_per_minute: 10} # Extra rate limiting
🎨 Real-World Example: Enterprise Research Assistant
Let's build a production-ready research assistant that showcases AgentUp's comprehensive capabilities:
name: "Enterprise Research Assistant"
description: "AI agent with secure multi-modal research capabilities"
version: "2.0.0"
organization: "https://mycompany.com"
# Multi-modal AI with automatic provider detection
services:
llm:
- name: openai
model: gpt-4o # Automatic vision support
api_key: ${OPENAI_API_KEY}
- name: ollama
model: llava # Local vision fallback
base_url: http://localhost:11434
# Enterprise plugins with scope-based security
plugins:
- plugin_id: brave_search
required_scopes: ["web:search"]
config:
api_key: ${BRAVE_API_KEY}
safe_search: strict
- plugin_id: sys_tools
capabilities:
- capability_id: file_read
required_scopes: ["files:read"]
- capability_id: file_write
required_scopes: ["files:write"]
- capability_id: delete_file
required_scopes: ["files:admin"]
- plugin_id: document_processor
input_mode: multimodal
required_scopes: ["documents:analyze"]
# MCP integration for external tools
mcp:
client:
enabled: true
servers:
- name: "github-server"
command: "npx"
args: ["-y", "@modelcontextprotocol/server-github"]
tool_scopes:
search_repositories: ["github:read"]
create_or_update_file: ["github:write"]
# Hierarchical security with role-based access
security:
enabled: true
auth:
jwt:
secret_key: "${JWT_SECRET}"
issuer: "${JWT_ISSUER}"
algorithm: "HS256"
scope_hierarchy:
# Role-based scopes
admin: ["*"]
researcher: ["web:search", "files:read", "files:write", "documents:analyze"]
analyst: ["web:search", "files:read", "documents:analyze"]
readonly: ["files:read"]
# Domain hierarchies
files:admin: ["files:write", "files:read"]
files:write: ["files:read"]
# Production middleware stack
middleware:
- name: cache
config: {ttl: 1800, backend: "valkey"} # 30min cache
- name: rate_limit
config: {requests_per_minute: 100, burst: 20}
- name: retry
config: {max_retries: 3, backoff_factor: 2}
# Real-time features
streaming:
enabled: true
buffer_size: 2048
push_notifications:
enabled: true
backend: valkey
endpoints:
- url: "https://api.mycompany.com/webhooks/research-complete"
headers:
Authorization: "Bearer ${WEBHOOK_TOKEN}"
# Persistent state management
state_management:
backend: valkey
url: "${VALKEY_URL:valkey://localhost:6379}"
ttl: 14400 # 4 hours
# Production configuration
environments:
production:
debug: false
https_only: true
cors_origins: ["https://mycompany.com"]
log_level: "INFO"
This single configuration gives you:
- 🔐 Enterprise security with JWT and hierarchical scopes
- 🎨 Multi-modal processing across multiple AI providers
- ⚡ Real-time streaming with webhook notifications
- 🔗 MCP integration with GitHub and other external tools
- 📊 Production middleware with caching, rate limiting, and retries
- 🗄️ Persistent state with Valkey/Redis backend
- 🤝 A2A compliance for agent ecosystem integration
That's your entire enterprise-grade agent ready for production!
📦 The Plugin Ecosystem
Since plugins are just Python packages, you can add them to your agents package management record:
# requirements.txt
agentup-plugin-web-search==1.0.0
agentup-plugin-pdf-reader==2.1.0
my-company-internal-plugin==0.5.0
That's it! You can just have them ready to go at build time!
Share plugins across teams, version them, and manage them as dependencies with dependabot etc.
🚀 Why Developers Choose AgentUp
- Zero to Production Fast - Enterprise-grade agents in minutes, not weeks
- Security by Design - Comprehensive scope-based authorization out of the box
- Multi-Modal Ready - Vision and document processing across all AI providers
- Real-Time Capable - Streaming responses and webhook notifications built-in
- MCP Ecosystem - Both consume and provide capabilities in the MCP network
- Plugin Intelligence - Automatic optimization based on plugin characteristics
- Developer Experience - Comprehensive CLI tooling with validation and testing
- Open Standards - A2A compliance ensures ecosystem interoperability
🎯 Getting Started
# Install AgentUp
pip install agentup
Create agent
agentup agent create
cd my-first-agent
That's it!
Visit http://localhost:8000/.well-known/agent.json to see your agent's A2A AgentCard making it ready for discovery.
🌟 What's Next?
AgentUp has evolved from a simple agent framework into a comprehensive AI agent platform. With features like scope-based security, multi-modal processing, real-time streaming, and comprehensive MCP integration.
AgentUp is actively developed and open source (Apache 2.0). The creator, Luke Hinds (the creator of Sigstore, is also actively contributing to the A2A specification, ensuring AgentUp stays at the forefront of agent interoperability and ecosystem standards.
Ready to build agents without the complexity? Check out:
What kind of AI agents will you build? Drop a comment below with your ideas!
Top comments (0)