Integrating Agents
Register AI agents, provision API keys, and configure MCP bindings through ShieldAgent.
Agent Lifecycle
1Register agentDashboard: Agents → Add Agent
2Copy API keyShown once after creation — add to agent config
3Add MCP serverDashboard: agent page → MCP Servers → Add Server
4Write policiesDashboard: Policies → New Policy
5Route trafficAgent connects to proxy endpoint
6Monitor & auditDashboard: Overview, Audit Trail, Agent Radar
In the Dashboard
Register and configure agents without writing any code:
- 1Go to Agents in the left sidebar and click Add Agent.
- 2Enter a name, optional description, and choose a risk tier (low / medium / high / critical).
- 3Click Create. Copy the API key shown — it is displayed only once.
- 4On the agent detail page, go to MCP Servers → Add Server. Enter the upstream URL and a label.
- 5Optionally toggle Shadow Mode on the binding to observe traffic before enforcing policies.
Via SDK
Register an Agent
typescript
import ShieldAgent from '@shieldagent/sdk';
const client = new ShieldAgent();
const agent = await client.agents.create({
name: "coding-agent",
description: "Claude in VS Code via Cursor",
riskTier: "medium",
});Response
json
{
"id": "agt_01HXYZ...",
"name": "coding-agent",
"tenantId": "ten_01HXYZ...",
"riskTier": "medium",
"agentKey": "shld_agent_<token>" // ← send this to your agent
}Create an MCP Binding
Bindings map an agent to an upstream MCP server. You can have multiple bindings per agent (e.g., filesystem, database, web-search).
typescript
const binding = await client.agents.createBinding(agent.id, {
upstreamUrl: "http://<your-mcp-server>:<port>",
shadowMode: false,
label: "filesystem",
});Shadow Mode
Set shadowMode: true to log all traffic from this binding without applying enforcement. Useful for observing agent behavior before writing policies.
Multi-Agent Setup
Register multiple agents per tenant — each with its own key, risk tier, and bindings. Policies can be scoped per-agent or tenant-wide.
typescript
// Register a second agent (higher risk tier)
const opsAgent = await client.agents.create({
name: "ops-agent",
description: "Infrastructure automation agent",
riskTier: "high",
});
// List all agents
const agents = await client.agents.list();Credential Rotation
Rotate an agent's API key without downtime. The old key remains valid for a brief grace period after rotation to allow graceful handover.
typescript
const newKey = await client.agents.rotateKey(agent.id);Risk Tiers
| Tier | Use Case | Enforcement |
|---|---|---|
| low | Read-only, trusted internal agents | Lenient — monitor only |
| medium | Standard development agents | Standard policy evaluation |
| high | Agents with write/execute access | Strict + human review triggers |
| critical | Prod infra, financial, PII access | Auto-block anomalies, mandatory review |