This quickstart uses the current public facade: TypeScript @openagent/sdk and Rust openagent-sdk at version 0.1.0.

Install

npm install github:OpenAgentID/openagent-sdk

TypeScript in three calls

import { OpenAgent } from '@openagent/sdk';

const agent = await OpenAgent.createAgent({
  parent: 'did:oas:l1fe:hmr:alice',
  name: 'research-bot',
  scopes: ['openai:chat:invoke'],
});

const ctx = await OpenAgent.authenticate(request);
const openai = await agent.credentialsFor('openai');
Those calls do three jobs:
  • createAgent creates an OAS identity and prepares scoped authority.
  • authenticate verifies the incoming request and returns DID, scope, lineage, expiry, and policy context.
  • credentialsFor returns a brokered credential handle. The provider key stays inside Arsenal.

Minimal TypeScript handler

import { OpenAgent, assertScopes, OpenAgentError } from '@openagent/sdk';

export async function POST(request: Request) {
  try {
    const ctx = await OpenAgent.authenticate(request);
    assertScopes(ctx, ['openai:chat:invoke']);

    const agent = await OpenAgent.loadAgent(ctx.did);
    const openai = await agent.credentialsFor('openai');

    const upstream = await openai.fetch('https://api.openai.com/v1/chat/completions', {
      method: 'POST',
      headers: { 'content-type': 'application/json' },
      body: await request.text(),
    });

    return upstream;
  } catch (error) {
    if (error instanceof OpenAgentError) {
      return Response.json(
        { code: error.code, message: error.message },
        { status: error.httpStatus ?? 401 },
      );
    }
    throw error;
  }
}

Rust in three calls

use openagent_sdk::{authenticate_with_verifier, CreateAgentOptions, OpenAgent, Verifier};

let agent = OpenAgent::create_agent(CreateAgentOptions {
    parent: Some("did:oas:l1fe:hmr:alice".parse()?),
    name: "research-bot",
    scopes: &["openai:chat:invoke"],
    ..Default::default()
}).await?;

let verifier = Verifier::default();
let ctx = authenticate_with_verifier(&verifier, agent.did()).await?;
let openai = agent.credentials_for("openai").await?;

What happens behind the facade

1

OAS identity

The agent receives a DID and identity material that can be verified locally.
2

Sigil-backed authority

Privileged access requires OAS verification against finalized Sigil lineage state.
3

AEGIS policy

AEGIS checks signature, lineage, revocation, liveness, trust tier, and policy.
4

Arsenal capability

Arsenal issues or verifies an ACT scoped to the route or provider.
5

Credential proxy

The Arsenal broker attaches the real provider credential server-side and returns the upstream response.

Next

Feature Stack

Understand each feature beneath the facade.

TypeScript SDK

Read the TypeScript API surface and examples.

Rust SDK

Read the Rust API surface and builder pattern.

Authentication

Learn the SDK and SDK-free auth paths.