Getting started
Integrate Aegis into your application — your repo, your deploy, your servers. You do not clone the Salanor monorepo or run our internal pnpm dev.
1. Get credentials in the console
Your org admin (or you, after signup) uses the Salanor console:
- Sign up / sign in — create your organization or accept an invite.
- API keys — create an ingest API key. Copy the secret once; store it in your vault (e.g.
AEGIS_INGEST_API_KEY). - Agents — create or select an agent. Export the Ed25519 signing key (private key base64,
key_id,agent_id,organization_id). - Optional: Policies — define which tools are allowed, denied, or require human approval.
2. Install the SDK in your project
Pick your language on the SDK overview. TypeScript is recommended for full policy proxy support; Python and Go support sign + ingest today.
TypeScript / Node example — in your repository:
npm install @salanor/aegis
# or
pnpm add @salanor/aegis3. Configure environment variables
Set these in your app's deployment (Kubernetes secret, Vercel env, .env on your laptop — whatever you already use):
AEGIS_API_URL=https://api.salanor.com
AEGIS_INGEST_API_KEY=aegis_xxxxxxxx # from console
ORGANIZATION_ID=uuid-from-console
AGENT_ID=agt_xxxxxxxx
KEY_ID=key_xxxxxxxx
SIGNING_PRIVATE_KEY_B64=base64-from-console-exportSet AEGIS_API_URL to your Salanor API base (production: https://api.salanor.com). Ingest routes live under /v1/aegis — full ingest URL: https://api.salanor.com/v1/aegis.
4. Send your first signed event
Add this to a route, worker, or script in your codebase:
import { signAndIngest } from "@salanor/aegis";
export async function recordLlmStep(traceId: string, prompt: string, response: string) {
return signAndIngest(
{
schema_version: 1,
event_id: `evt_${crypto.randomUUID().replace(/-/g, "").slice(0, 24)}`,
organization_id: process.env.ORGANIZATION_ID!,
trace_id: traceId,
agent_id: process.env.AGENT_ID!,
key_id: process.env.KEY_ID!,
emitted_at: new Date().toISOString(),
actor_type: "agent",
actor_principal: "my-support-bot",
action_kind: "llm_invocation",
policy_decision: "allow",
tool_name: "openai.chat.completions",
payload: {
purpose: "support_triage",
data_touched: ["ticket_message"],
data_classification: "pii",
},
},
{
privateKeyB64: process.env.SIGNING_PRIVATE_KEY_B64!,
keyId: process.env.KEY_ID!,
},
{
apiBaseUrl: process.env.AEGIS_API_URL!,
ingestApiKey: process.env.AEGIS_INGEST_API_KEY!,
},
);
}5. Gate outbound tools (payments, APIs)
Wrap dangerous HTTP calls with wrapFetch so policy runs before the request leaves your process. See TypeScript SDK.
6. Verify in the console
Open Console → Traces. You should see your trace_id with signed events and a valid hash chain.
What you do not need
cd salanor,docker compose, orpnpm dev— those are for Salanor engineers running the platform locally.- Access to the Salanor GitHub monorepo — only the npm package (or HTTP API) in your app.
Salanor staff: local stack setup lives in the monorepo docs-internal/LOCAL_DEVELOPMENT.md and Platform Ops → Commands.
Next steps
- APS event envelope — required fields
- POST /events — if you skip the SDK and use HTTP directly
- Payload conventions — audit-friendly metadata