Docs / Quickstart

// 5 MINUTES

Capture AI calls from one terminal.

Start a local Observe session and keep using Claude Code, Codex, Grok, or any SDK normally from that terminal. Agentics forwards provider traffic unchanged and writes a hash-only receipt for covered AI calls.

Fastest path: capture this shell

# 1) Create an API key in Console -> Settings -> Keys. # Leave receipts.read + receipts.write selected, then paste it below. # macOS / Linux / Git Bash export AGENTICS_API_KEY="ak_..." curl -fsSL https://agentics.you/install.sh | bash export PATH="$HOME/.agentics/bin:$PATH" agentics login --api-key "$AGENTICS_API_KEY" eval "$(agentics capture)" agentics capture doctor # 2) Run Claude Code, Codex, OpenAI, Anthropic, Grok, or your SDK # from this same terminal. Receipts appear in Console -> Proof Ledger. # # Stop and delete the session CA with: agentics capture stop
# 1) Create an API key in Console -> Settings -> Keys. # Leave receipts.read + receipts.write selected, then paste it below. # Windows PowerShell $env:AGENTICS_API_KEY="ak_..." irm https://agentics.you/install.ps1 | iex agentics login --api-key $env:AGENTICS_API_KEY agentics capture --shell powershell | Invoke-Expression agentics capture doctor # 2) Run Claude Code, Codex, OpenAI, Anthropic, Grok, or your SDK # from this same terminal. Receipts appear in Console -> Proof Ledger. # # Stop and delete the session CA with: agentics capture stop

The proxy intercepts known LLM hosts only. Its CA is local to this capture session, is never added to the system trust store, and is deleted on stop. Raw prompts and outputs are not sent to Agentics unless you explicitly opt into full capture.

Direct SDK path

The gateway is OpenAI-wire-compatible, so you keep your current SDK. The Agentics helper just sets the right headers.

pip install openai agentics
npm install openai @agentics/sdk

2. Get a gateway key

Create an ak_… key in the console under Keys, or run agentics login with the CLI. Keep it server-side — treat it like any provider secret.

3. Make your first proven call

The only change is base_url. Everything else is your normal SDK.

from openai import OpenAI # your existing SDK, unchanged from agentics import create_headers client = OpenAI( base_url="https://agentics.you/api/v1", # the only change api_key="ak_…", # your gateway key default_headers=create_headers(user="alice@acme.com", metadata={"cost_center": "support"}), ) resp = client.chat.completions.create( model="@anthropic/claude-opus-4-8", messages=[{"role": "user", "content": "hi"}], ) # → routed, guarded, budgeted, and a verifiable receipt is on the ledger. print(resp.headers["x-agentics-receipt"]) # the receipt_hash you can verify at /trust
import OpenAI from "openai"; import { createHeaders } from "@agentics/sdk"; const client = new OpenAI({ baseURL: "https://agentics.you/api/v1", // the only change apiKey: "ak_…", defaultHeaders: createHeaders({ user: "alice@acme.com", metadata: { cost_center: "support" } }), }); const resp = await client.chat.completions.create({ model: "@anthropic/claude-opus-4-8", messages: [{ role: "user", content: "hi" }], }); // the receipt_hash you can verify at /trust: console.log(resp.response?.headers.get("x-agentics-receipt"));
curl https://agentics.you/api/v1/chat/completions \ -H "Authorization: Bearer ak_…" \ -H "Content-Type: application/json" \ -H "x-agentics-user: alice@acme.com" \ -d '{ "model": "@anthropic/claude-opus-4-8", "messages": [{ "role": "user", "content": "hi" }] }' # the response carries: x-agentics-receipt: <receipt_hash>

4. What just happened

Your request ran through the gateway's fixed middleware order before and after the provider call:

  1. Resolve provider — the @slug (or your config) picks the upstream.
  2. Route — fallback / load-balance / conditional routing applies.
  3. Input guardrails + budget pre-check — PII redaction, policy, and Spend Guard run before a token reaches the provider.
  4. Provider call — streamed responses are tee'd so the gateway can hash and guard the output.
  5. Output guardrails — toxicity / data-exfiltration checks on the response.
  6. Param shaping — drop or default params per your config.
  7. Inline receipt write — one billable=true parent receipt, prev_hash-chained to your tenant's previous receipt.
That last step is the point. The gateway wrote a prev_hash-chained receipt and returned its hash in the x-agentics-receipt response header. Copy that hash and verify it yourself at the Trust Portal — recompute the leaf, fold the Merkle proof, and check the on-chain anchor, all in your own browser. No account needed.

5. Next steps