Quick Start

This guide will help you secure your first AI agent with AZTP.

Basic Setup

import { secureConnect } from 'aztp';
 
// Your original AI agent with its own methods
const agent = {
  async process(input: string) {
    return `Processed: ${input}`;
  }
};
 
// Secure the agent with basic identity management
const securedAgent = await secureConnect(agent, {
  spiffe: {
    trustDomain: 'example.org',
    keyDir: './spiffe-keys'
  }
});
 
try {
  // AZTP security capabilities
  const identity = await securedAgent.getIdentity();
  const isVerified = await securedAgent.verifyIdentity();
  
  // Original agent methods still work
  // (process is NOT an AZTP API, it's your original agent's method)
  const result = await securedAgent.process('test');
  console.log(result);  // "Processed: test"
  
  // All operations are automatically monitored:
  // [AZTP:EVENT] {
  //   "type": "business",
  //   "agentId": "agent-{timestamp}",
  //   "timestamp": "2024-01-10T12:00:00.000Z",
  //   "data": {
  //     "action": "process",
  //     "success": true
  //   }
  // }
} catch (error) {
  console.error('Operation failed:', error);
}

Adding Policy Enforcement

// Basic OPA policy in Rego format
const initialPolicy = {
  id: 'basic-policy',
  rego: `
    # Basic AZTP policy example
    package aztp.policy
 
    # Default deny
    default allow = false
 
    # Basic allow rule
    allow {
        input.action in ["read", "write"]
    }
  `
};
 
// Secure agent with policy enforcement
const securedAgent = await secureConnect(agent, {
  spiffe: {
    trustDomain: 'example.org',
    keyDir: './spiffe-keys'
  },
  policy: {
    endpoint: 'http://localhost:8181',
    initialPolicy
  }
});
 
// Check if action is allowed
const canWrite = await securedAgent.can('write');
if (canWrite) {
  // Perform write action
}

Security Monitoring

AZTP includes built-in security monitoring that logs all security events:

const securedAgent = await secureConnect(agent, {
  spiffe: {
    trustDomain: 'example.org',
    keyDir: './spiffe-keys'
  },
  // Optional: Custom monitoring handler
  monitoring: {
    onEvent: (event) => {
      console.log(`[Custom Monitor] ${event.type}:`, event.data);
    }
  }
});

Default monitoring automatically logs events in this format:

[AZTP:EVENT] {
  "type": "identity|policy|rpc",
  "agentId": "agent-123",
  "timestamp": "2024-01-10T12:00:00.000Z",
  "data": {
    "action": "verified|evaluated|request_received",
    "success": true,
    // Additional event-specific data
  }
}

Default Behaviors

AZTP includes the following built-in features:

Security monitoring is enabled automatically without configuration
All security events are logged with '[AZTP:EVENT]' prefix and structured event data
Identity management (SPIFFE-based) is required and set up on initialization
Policy enforcement (OPA) and RPC communication are optional modules

For more details about monitoring and events, see the Security Monitoring Guide.

Next Steps

Installation Core Concepts