Docs / Quickstart
// 5 MINUTES
Capture AI calls from one terminal.
Start a local Observe session and keep using Claude Code, Codex, Grok, or any SDK normally from that terminal. Agentics forwards provider traffic unchanged and writes a hash-only receipt for covered AI calls.
Fastest path: capture this shell
# 1) Create an API key in Console -> Settings -> Keys.
# Leave receipts.read + receipts.write selected, then paste it below.
# macOS / Linux / Git Bash
export AGENTICS_API_KEY="ak_..."
curl -fsSL https://agentics.you/install.sh | bash
export PATH="$HOME/.agentics/bin:$PATH"
agentics login --api-key "$AGENTICS_API_KEY"
eval "$(agentics capture)"
agentics capture doctor
# 2) Run Claude Code, Codex, OpenAI, Anthropic, Grok, or your SDK
# from this same terminal. Receipts appear in Console -> Proof Ledger.
#
# Stop and delete the session CA with:
agentics capture stop# 1) Create an API key in Console -> Settings -> Keys.
# Leave receipts.read + receipts.write selected, then paste it below.
# Windows PowerShell
$env:AGENTICS_API_KEY="ak_..."
irm https://agentics.you/install.ps1 | iex
agentics login --api-key $env:AGENTICS_API_KEY
agentics capture --shell powershell | Invoke-Expression
agentics capture doctor
# 2) Run Claude Code, Codex, OpenAI, Anthropic, Grok, or your SDK
# from this same terminal. Receipts appear in Console -> Proof Ledger.
#
# Stop and delete the session CA with:
agentics capture stopThe proxy intercepts known LLM hosts only. Its CA is local to this capture session, is never added to the system trust store, and is deleted on stop. Raw prompts and outputs are not sent to Agentics unless you explicitly opt into full capture.
Direct SDK path
The gateway is OpenAI-wire-compatible, so you keep your current SDK. The Agentics helper just sets the right headers.
pip install openai agenticsnpm install openai @agentics/sdk2. Get a gateway key
Create an ak_… key in the console under Keys, or run agentics login with the CLI. Keep it server-side — treat it like any provider secret.
3. Make your first proven call
The only change is base_url. Everything else is your normal SDK.
from openai import OpenAI # your existing SDK, unchanged
from agentics import create_headers
client = OpenAI(
base_url="https://agentics.you/api/v1", # the only change
api_key="ak_…", # your gateway key
default_headers=create_headers(user="alice@acme.com",
metadata={"cost_center": "support"}),
)
resp = client.chat.completions.create(
model="@anthropic/claude-opus-4-8",
messages=[{"role": "user", "content": "hi"}],
)
# → routed, guarded, budgeted, and a verifiable receipt is on the ledger.
print(resp.headers["x-agentics-receipt"]) # the receipt_hash you can verify at /trustimport OpenAI from "openai";
import { createHeaders } from "@agentics/sdk";
const client = new OpenAI({
baseURL: "https://agentics.you/api/v1", // the only change
apiKey: "ak_…",
defaultHeaders: createHeaders({ user: "alice@acme.com",
metadata: { cost_center: "support" } }),
});
const resp = await client.chat.completions.create({
model: "@anthropic/claude-opus-4-8",
messages: [{ role: "user", content: "hi" }],
});
// the receipt_hash you can verify at /trust:
console.log(resp.response?.headers.get("x-agentics-receipt"));curl https://agentics.you/api/v1/chat/completions \
-H "Authorization: Bearer ak_…" \
-H "Content-Type: application/json" \
-H "x-agentics-user: alice@acme.com" \
-d '{ "model": "@anthropic/claude-opus-4-8",
"messages": [{ "role": "user", "content": "hi" }] }'
# the response carries: x-agentics-receipt: <receipt_hash>4. What just happened
Your request ran through the gateway's fixed middleware order before and after the provider call:
- Resolve provider — the
@slug(or your config) picks the upstream. - Route — fallback / load-balance / conditional routing applies.
- Input guardrails + budget pre-check — PII redaction, policy, and Spend Guard run before a token reaches the provider.
- Provider call — streamed responses are tee'd so the gateway can hash and guard the output.
- Output guardrails — toxicity / data-exfiltration checks on the response.
- Param shaping — drop or default params per your config.
- Inline receipt write — one
billable=trueparent receipt,prev_hash-chained to your tenant's previous receipt.
prev_hash-chained receipt and returned its hash in the x-agentics-receipt response header. Copy that hash and verify it yourself at the Trust Portal — recompute the leaf, fold the Merkle proof, and check the on-chain anchor, all in your own browser. No account needed.
5. Next steps
- Configure routing, fallback, caching, and guardrails with the
GatewayConfigobject. - Verify receipts programmatically via the
/api/proof/*endpoints. - Read the frozen receipt schema and the six-line recipe to reproduce any receipt.
- Self-host in your VPC so no content ever leaves your network.