There are 17 agent protocols. MCP, A2A, OpenAPI tool use, function calling formats, agent cards. Each with its own spec, its own SDK, its own server implementation.
Your service has an API. It does useful things. Making it accessible to AI agents should not require learning 17 protocol specifications.
The problem is not complexity. It’s multiplication.
Writing an MCP server for your API is not hard. The MCP SDK is well-documented. You can get a basic server running in an afternoon.
But then you need to maintain it. And when the next protocol arrives, you write another integration. And another. Each one is a surface for bugs, a dependency to update, a codebase to review.
The cost is not any single integration. The cost is that the number of integrations only grows.
What we wanted
We wanted a single declaration format. You describe what your API can do: endpoints, parameters, descriptions, permissions. The infrastructure layer handles the rest.
Not a framework. Not a platform. An SDK that reads a YAML file and generates a working server.
# usepaso.yaml
name: "Sentry"
base_url: "https://sentry.io/api/0"
auth:
type: "bearer"
capabilities:
- name: "list_issues"
description: "List issues for a project"
method: "GET"
path: "/projects/{org}/{project}/issues/"
permission: "read"Run usepaso serve. You have a live MCP server. Agents connect to your API.
Safety is not optional
Making an API agent-accessible is not just about connectivity. It’s about control.
When an agent can call your API, you need to decide what it can call, what requires confirmation, and what is forbidden entirely.
paso has permission tiers (read, write, admin), a consent_required flag for destructive actions, rate limit constraints, and a forbidden list. You declare the boundaries in the same YAML file as the capabilities. The SDK enforces them.
This matters. The first question a security-conscious team asks about agent access is “what stops the agent from deleting everything?” We have a clear answer.
Why open source
The infrastructure layer between your API and AI agents should not be proprietary. You should be able to read the code, host it yourself, and modify it if needed.
paso is Apache 2.0. Self-hosted. No cloud dependency. No usage limits. No SaaS.
Both SDKs (Node.js and Python) are maintained in sync with shared test fixtures. The same declaration produces identical behavior in both.
What’s next
MCP server generation is stable. We use it. It works.
A2A support is planned. The declaration format is designed to be protocol-agnostic. When we add A2A, your YAML doesn’t change.
The vision is straightforward: one declaration, every protocol. That’s the mission.
Try it
npm install usepaso
usepaso init
usepaso serveThree commands. Your API is agent-ready. Read the quick start →