rename to tool

motdotla · motdotla · commit 8b73a264383e · 2026-02-18T11:32:53.000-08:00
diff --git a/blog/_posts/2026-02-15-introducing-vestauth.md b/blog/_posts/2026-02-15-introducing-vestauth.md
@@ -10,17 +10,17 @@ excerpt: "Agent authentication with verifiable identity and request signatures."
 
 Today we are launching **vestauth**, authentication built for agents.
 
-`vestauth` gives agents a cryptographic identity and lets providers verify signed requests with confidence. It is designed to be simple to adopt and strong by default.
+`vestauth` gives agents a cryptographic identity and lets tools verify signed requests with confidence. It is designed to be simple to adopt and strong by default.
 
 ## Why vestauth
 
-The shift to agents introduces a new baseline requirement: providers need to know which agent made a request and whether that request was tampered with in transit.
+The shift to agents introduces a new baseline requirement: tools need to know which agent made a request and whether that request was tampered with in transit.
 
 `vestauth` addresses this with:
 
 - agent identities backed by cryptographic keys
 - signed requests agents can generate from the CLI
-- verification primitives providers can use in their servers
+- verification primitives tools can use in their servers
 
 ## Install
 
@@ -42,10 +42,10 @@ Sign and send a request:
 vestauth agent curl https://ping.vestauth.com/ping
 ```
 
-Verify on the provider side:
+Verify on the tool side:
 
 ```js
-const agent = await vestauth.provider.verify(req.method, url, req.headers)
+const agent = await vestauth.tool.verify(req.method, url, req.headers)
 ```
 
 ## What is next
diff --git a/blog/_posts/2026-02-18-why-we-created-vestauth.md b/blog/_posts/2026-02-18-why-we-created-vestauth.md
@@ -5,7 +5,7 @@ title: "why we created vestauth"
 categories:
   - blog
 video: "https://github.com/user-attachments/assets/b1cf9fe2-b9f7-471d-a210-65779287bb40"
-excerpt: "a conversation about why we built vestauth for autonomous agents and providers."
+excerpt: "a conversation about why we built vestauth for autonomous agents and tools."
 ---
 
 **scott:** this is scott. i created `dotenv` and `dotenvx`, with a combined 80 million weekly installs and 25,000 github stars.
@@ -14,9 +14,9 @@ excerpt: "a conversation about why we built vestauth for autonomous agents and p
 
 **scott:** about a month ago, i started building a new way for agents to store and rotate secrets as part of `dotenvx`, and i ran into a core problem: agents cannot sign themselves up autonomously. and they need to do that without a human in the loop. captchas, usernames, and passwords were built for humans, not agents.
 
-**laura:** over the last month we got obsessed with this. for agents, the problem is they are bypassing controls. for providers, the problem is complexity and duplicated effort across mcp integrations, oauth flows, api keys, and key rotation.
+**laura:** over the last month we got obsessed with this. for agents, the problem is they are bypassing controls. for tools, the problem is complexity and duplicated effort across mcp integrations, oauth flows, api keys, and key rotation.
 
-**scott:** there is a better way. it's called [`vestauth`](https://github.com/vestauth/vestauth). it handles both sides. on the agent side, one command sets up a cryptographic identity, without human-first handshake patterns like oauth. on the provider side, there is no api key management, no username/password auth, and no user table just to identify agents. verification is cryptographic and can be added with a single line of code.
+**scott:** there is a better way. it's called [`vestauth`](https://github.com/vestauth/vestauth). it handles both sides. on the agent side, one command sets up a cryptographic identity, without human-first handshake patterns like oauth. on the tool side, there is no api key management, no username/password auth, and no user table just to identify agents. verification is cryptographic and can be added with a single line of code.
 
 **laura:** we have been building for four weeks. the product is live. we started distribution through [`dotenv`](https://github.com/motdotla/dotenv) and [`dotenvx`](https://github.com/dotenvx/dotenvx). it is still early, but agent autonomy is accelerating every day.
 
diff --git a/index.md b/index.md
@@ -29,7 +29,7 @@ title: ""
     </section>
 
     <section class="mt-4 sm:mt-6">
-      <h2 class="text-[#1a7f52] dark:text-[#30ff8a]">Provider Usage</h2>
+      <h2 class="text-[#1a7f52] dark:text-[#30ff8a]">Tool Usage</h2>
       <p class="mt-2 text-zinc-500 dark:text-zinc-500"># Verify requests and safely trust agent identity using cryptographic proof.</p>
       <pre class="mt-2 max-w-2xl overflow-x-scroll rounded border border-[#d9d9d9] bg-[#f7f7f7] p-3 text-[10px] leading-4 text-black dark:border-[#2f4f40] dark:bg-[#0d2219] dark:text-white sm:text-xs"><code>// index.js
 const express = require('express')
@@ -40,7 +40,7 @@ const app = express()
 app.get('/whoami', async (req, res) =&gt; {
   try {
     const url = `${req.protocol}://${req.get('host')}${req.originalUrl}`
-    const agent = await vestauth.provider.verify(req.method, url, req.headers)
+    const agent = await vestauth.tool.verify(req.method, url, req.headers)
     res.json(agent)
   } catch (err) {
     res.status(401).json({ code: 401, error: { message: err.message }})
