This guide creates an agent identity, binds it to a human root, requests a scoped capability, and makes a credential-proxied API call without exposing the upstream secret to the agent process.
OpenAgent wordmark

Install

npm install @openagent/sdk

Configure

Set the human root DID, the Arsenal broker URL, and a signing key for the process creating agents.
.env
OPENAGENT_PARENT_DID=did:oas:l1fe:hmr:alice
OPENAGENT_BROKER_URL=https://arsenal.openagent.id
OPENAGENT_SIGNING_KEY=oas_test_...
Use a development signing key in local environments. Production agents should load keys from a hardware-backed KMS, secrets manager, or platform identity provider.

Create and call

import { OpenAgent } from '@openagent/sdk';

const openagent = new OpenAgent({
  parentDid: process.env.OPENAGENT_PARENT_DID!,
  brokerUrl: process.env.OPENAGENT_BROKER_URL!,
  signingKey: process.env.OPENAGENT_SIGNING_KEY!,
});

const agent = await openagent.agents.create({
  name: 'support-triage',
  scopes: ['openai:chat:completions'],
});

const response = await agent.fetch('https://api.openai.com/v1/chat/completions', {
  method: 'POST',
  body: JSON.stringify({
    model: 'gpt-4.1-mini',
    messages: [{ role: 'user', content: 'Summarize this ticket.' }],
  }),
});

What happens behind the scenes

1

Identity creation

An Ed25519 keypair is generated. The public key becomes your agent’s did:oas:l1fe:agent:*. The private key never leaves your process.
2

Lineage proof

A AgentLineageProof2025 is signed by the parent HMR, binding this agent to its human root. Offline-verifiable, zero network calls.
3

Capability issuance

Arsenal issues a short-lived Agent Capability Token (ACT) scoped to openai:chat:completions. TTL defaults to 5 minutes.
4

Credential proxy

Your fetch call is routed through the Arsenal broker. The agent never sees the raw OpenAI key — it’s injected server-side.

Expected result

The agent call returns the upstream service response, and the SDK keeps the identity and authorization trail available for logs, audit, and AEGIS verification. 
{
  "agentDid": "did:oas:l1fe:agent:01J...",
  "parentDid": "did:oas:l1fe:hmr:alice",
  "capability": "openai:chat:completions",
  "credentialExposure": "broker-only",
  "verified": true
}

Core concepts

DIDs, lineage, ACTs — the vocabulary.

Pick a language

Seven SDKs, one reference implementation.