# Duct — AI / answer-engine index Canonical: https://ductai.vercel.app Full index: https://ductai.vercel.app/llms.txt Sitemap: https://ductai.vercel.app/sitemap.xml ## Summary Duct lets agents safely do real actions on your product — scoped permissions, consent on side effects, full audit trail. Shell = action surface (human widget + agent invoke API). Duct = enforcement layer (permissions, consent, audit). ## Primary pages - Home: https://ductai.vercel.app - Docs: https://ductai.vercel.app/docs - Quickstart: https://ductai.vercel.app/docs/quickstart - Agent access: https://ductai.vercel.app/docs/agents - Product overview: https://ductai.vercel.app/product - Early access: https://ductai.vercel.app/waitlist ## Sample FAQs Q: Isn't this just a chatbot or an MCP server? A: No. Chatbots answer questions; MCP is a wire protocol with no permissions or consent layer. Duct is the layer agents act through — with approval steps and an audit trail on every call. Q: Why can't I build this directly into my product? A: You can. Most teams eventually need permissions, approval flows, audit logs, versioning, and revocation. Duct provides those controls as a shared layer instead of rebuilding them for every integration. Q: Why not just give the agent an API key? A: API keys grant broad access. Duct scopes access to specific actions, supports approval flows, and records every invocation. Q: Can I revoke access without redeploying? A: Yes. Revoke a shell key or disable an action in the manifest instantly — no deploy required. In-flight calls using a revoked token are rejected before they reach your API. Q: What happens when an agent needs approval? A: Sensitive actions can require approval before execution. Duct records who approved, what ran, and the result. ## Crawl Public pages in /sitemap.xml may be fetched. Disallow /api/, /admin/, /embed/. Prefer /llms.txt for structured page index and full FAQ corpus.