TypeScript SDK

@openagent/sdk is the current TypeScript facade. It works in Node 20+, Bun, Deno, browsers, and Cloudflare Workers.

Install

npm install github:OpenAgentID/openagent-sdk

Create an agent

import { OpenAgent } from '@openagent/sdk';

const agent = await OpenAgent.createAgent({
  parent: 'did:oas:l1fe:hmr:alice',
  name: 'support-triage',
  scopes: ['openai:chat:invoke', 'github:issues:read'],
});

console.log(agent.did);

Authenticate a request

import { OpenAgent, assertScopes, OpenAgentError } from '@openagent/sdk';

export async function POST(request: Request) {
  try {
    const ctx = await OpenAgent.authenticate(request, {
      requiredScopes: ['openai:chat:invoke'],
      requirePrivilegedAuthority: true,
      requiredAuthorityPath: 'human_to_agent',
    });

    assertScopes(ctx, ['openai:chat:invoke']);

    return Response.json({
      did: ctx.did,
      root: ctx.root,
      scopes: ctx.scopes,
      authority: ctx.lineageAuthority?.source,
    });
  } catch (error) {
    if (error instanceof OpenAgentError) {
      return Response.json(
        { code: error.code, message: error.message },
        { status: error.httpStatus ?? 401 },
      );
    }
    throw error;
  }
}

Broker credentials

const openai = await agent.credentialsFor('openai', ['openai:chat:invoke']);

const response = await openai.fetch('https://api.openai.com/v1/chat/completions', {
  method: 'POST',
  headers: { 'content-type': 'application/json' },
  body: JSON.stringify({
    model: 'gpt-4.1-mini',
    messages: [{ role: 'user', content: 'Summarize this ticket.' }],
  }),
});

The real OpenAI credential stays in Arsenal. The agent process only sees a brokered Response.

Skills policy

const skills = agent.skillsPolicy();

if (skills.canInvoke('frontend-design')) {
  await runFrontendDesign();
}

skills.assertCanInvoke?.('deploy-production');

Use the skills policy layer to gate high-risk runtime capabilities separately from API scopes.

Runtime escape hatches

const runtime = OpenAgent.runtime();

runtime.identity();      // OAS identity provider
runtime.arsenal();       // Arsenal credential client
runtime.verification();  // AEGIS verifier client

Use escape hatches when you are building adapters, not in normal app code.

Error model

All SDK errors extend OpenAgentError and carry a stable code.

import { OpenAgentError, ErrorCode } from '@openagent/sdk';

try {
  await agent.credentialsFor('openai');
} catch (error) {
  if (
    error instanceof OpenAgentError &&
    error.code === ErrorCode.CREDENTIAL_SCOPE_DENIED
  ) {
    // Ask for a narrower scope or update policy.
  }
}

Current status

Field	Value
Package	`@openagent/sdk`
Version	`0.1.0`
Runtime	Node 20+, Bun, Deno, browser, Cloudflare Workers
Dependencies	`zod`, optional OAS/Arsenal/AEGIS clients
License	Apache-2.0

Getting Started

Feature Stack

OpenAgent SDK

OpenAgent Client

OpenAgent Server

Install

Create an agent

Authenticate a request

Broker credentials

Skills policy

Runtime escape hatches

Error model

Current status

Getting Started

Feature Stack

OpenAgent SDK

OpenAgent Client

OpenAgent Server

​Install

​Create an agent

​Authenticate a request

​Broker credentials

​Skills policy

​Runtime escape hatches

​Error model

​Current status

Install

Create an agent

Authenticate a request

Broker credentials

Skills policy

Runtime escape hatches

Error model

Current status