Register your first agent
Assumes you’ve already finished the install and the dashboard
is up at http://localhost:3000.
-
Sign in with the bootstrap admin credentials the installer printed. They also live in
<install-dir>/.env:Terminal window grep -E '^AGENTUM_ADMIN_(EMAIL|PASSWORD)=' .env -
Open the Agents page in the dashboard (
/agents) and click Register agent. Fill in:- Name — friendly identifier, e.g.
support-bot. - Owner email — the human responsible (
alice@yourco.com). - Purpose — one-line description, surfaces in audit and in HITL prompts.
- Declared tools — comma-separated list of tools the agent will call
(
search_kb, create_ticket). Optional but recommended: it lets you write policies referencing tool names.
Or use the CLI:
Terminal window docker exec lupid-agentum-1 agentum agent register \--name support-bot \--owner-email alice@yourco.com \--purpose "answers customer questions, opens Zendesk tickets" - Name — friendly identifier, e.g.
-
Read the response. You’ll get back:
{"agent_id": "9da9afd6-7158-42b1-ada4-9c84dd4c4d67","name": "support-bot","status": "active","session_jwt": "eyJ0eXAiOiJKV1QiLCJhbGciOiJFZERTQSJ9..."}The
session_jwtis the agent’s bootstrap session token. Save it. -
Wire it up. Pick one of the two paths:
import { Lupid } from "@lupid/agentum-sdk";const lupid = await Lupid.init({baseUrl: "http://localhost:3000", // dashboard URL — proxies to APIapiKey: process.env.LUPID_API_KEY!, // mint via `agentum admin api-keys mint`agentName: "support-bot",declaredTools: ["search_kb", "create_ticket"],});// Every fetch to a recognised LLM host (OpenAI, Anthropic, Cohere, Gemini,// Azure OpenAI, and the OpenAI-compatible providers Together / Mistral /// Groq / DeepSeek / X.AI / Perplexity / OpenRouter / Fireworks / Anyscale)// now routes through Lupid.const completion = await fetch("https://api.openai.com/v1/chat/completions", {method: "POST",headers: { Authorization: `Bearer ${process.env.OPENAI_API_KEY}` },body: JSON.stringify({ model: "gpt-4o", messages: [...] }),});In whatever environment runs the agent (Docker compose, K8s pod, plain process):
Terminal window export HTTPS_PROXY=http://lupid:7070export AGENTUM_AGENT_ID=9da9afd6-7158-42b1-ada4-9c84dd4c4d67export AGENTUM_SESSION_JWT="eyJ0eXAi..."No code changes. The agent’s outbound HTTPS calls issue a
CONNECTto Lupid, which intercepts the TLS handshake and enforces the policy. -
Watch it. Open the dashboard’s audit page (
/audit). The first request your agent makes lands as atool_callrow within a second.
What’s next
Section titled “What’s next”Now that the agent is registered, the next decisions are:
- Write a policy that fits the agent’s risk profile — by default a fresh agent
in
enforcemode has no policy and every call is denied. See Writing a policy. - Store any credentials the agent uses (Stripe key, database password) in the vault so the agent doesn’t carry long-lived secrets. See Credential vault.
- Configure HITL for the high-risk subset of tool calls. See the security concepts page.