aci

Exposes 600+ pre-built tool integrations through a single Model Context Protocol (MCP) server that directly connects to agentic IDEs like Cursor and Windsurf without requiring custom configuration per tool. The MCP server dynamically discovers available functions from functions.json metadata files and handles OAuth2 token management transparently, allowing agents to call external APIs with authenticated credentials automatically managed by the SecurityCredentialsManager and OAuth2Manager components.

Manages per-user OAuth2 flows and API key storage across 600+ integrated services through the OAuth2Manager and SecurityCredentialsManager components, which handle token acquisition, refresh, and rotation automatically. The LinkedAccount model stores encrypted credentials in the database with automatic token refresh triggered before expiration, eliminating manual credential management for developers and ensuring agents always have valid authentication without interrupting execution.

Implements a robust function execution pipeline (backend/app/services/) that validates incoming function calls against JSON schemas defined in functions.json, performs type checking and parameter coercion, evaluates project-level permissions, manages credential lookup and OAuth2 token refresh, and routes calls to the appropriate connector implementation. The pipeline includes comprehensive error handling with structured error responses, automatic retry logic for transient failures, and execution logging for audit trails.

Enables users to link multiple accounts for the same service (e.g., multiple Gmail accounts, multiple Slack workspaces) through the LinkedAccount model and OAuth2Manager, allowing agents to switch between different user contexts without re-authentication. The system stores encrypted credentials per linked account, tracks which account is active for each agent or project, and automatically selects the correct credentials when executing functions.

Enables agents to discover available tool capabilities at runtime by parsing functions.json metadata files that define function signatures, parameters, descriptions, and authentication requirements without hardcoding. The function execution pipeline in backend/app/services/ validates incoming function calls against these schemas, performs type checking, and routes calls to the appropriate connector implementation, supporting both direct function calling and MCP-based invocation with automatic parameter validation.

Enforces fine-grained access control through project-level custom instructions that define what agents can and cannot do using natural language constraints rather than role-based access control. These instructions are evaluated during function execution to determine if a requested operation is permitted, allowing developers to write policies like 'agents can only read emails, not send them' or 'agents cannot delete resources' without implementing custom authorization logic.

Provides native SDKs for Python and TypeScript that enable direct function calling without MCP, allowing developers to integrate ACI.dev into any LLM framework (LangChain, CrewAI, custom implementations) by instantiating an ACI client and calling functions directly. The SDKs handle credential lookup, OAuth2 token management, and function routing transparently, exposing a simple API like `aci.call('service.function', params)` that abstracts away authentication and service discovery complexity.

Organizes users, tools, and permissions through a three-level hierarchy (Organization → Project → Agent) with quota enforcement via the QuotaManager component that tracks and limits function calls, API usage, and resource consumption per organization or project. The hierarchical structure enables multi-tenant isolation, allowing organizations to manage multiple projects with different agents while enforcing shared quotas and billing across the entire organization.

Provides ready-to-use connectors for 600+ external services (Vercel, Supabase, Cloudflare, Gmail, Slack, Notion, etc.) located in backend/app/connectors/ that implement standardized integration patterns including authentication, API client initialization, error handling, and function wrapping. Each connector exposes a set of functions defined in functions.json that agents can call directly, eliminating the need for developers to implement OAuth flows, API clients, or error handling for each service.

Enables automation of DevOps workflows by connecting agentic IDEs (Cursor, Windsurf) to deployment and infrastructure platforms through ACI.dev connectors for services like Vercel, Cloudflare, and AWS. Agents can read deployment status, trigger deployments, manage infrastructure, and execute operational tasks directly from the IDE, turning the IDE into an operational control center where developers can ask agents to 'deploy the latest version' or 'scale up the database' in natural language.

Provides a web-based developer portal (frontend/) where developers can configure projects, manage linked accounts, test functions in an interactive agent playground, and view usage logs and analytics. The portal includes UI components for OAuth2 account linking, function testing with parameter input, execution history tracking, and quota usage visualization, enabling developers to debug agent behavior and monitor tool usage without writing code.

Provides a command-line interface (CLI) for local development workflows including agent creation, project configuration, function testing, and credential management. The CLI enables developers to manage ACI.dev resources without the web portal, supporting headless environments and CI/CD pipelines, with commands like `aci agent create`, `aci function test`, and `aci account link` that map to backend API endpoints.