Quickstart

Goal: in 10 minutes, register an agent class, mint a developer token, make a proxied LLM call, and see the audit trail. Assumes you have followed Install and are running make dev.

1 · Register a class via the dashboard

Open http://localhost:3000/classes/new. Fill in:

Field	Value
Slug	`eng/code-reviewer`
Name	`Code Reviewer`
Purpose	`Reviews PRs on the platform team; posts inline comments.`
Owner	`you@yourcompany.com`
Initial lifecycle	`active`

Click Register class. You’ll land on the class detail page.

2 · Mint a developer token

Open http://localhost:3000/developers. The form is pre-filled for the seeded class. Change class_slug to eng/code-reviewer and click Mint token. Copy the qsk_… value that appears.

You can do the same from the command line:

curl -sS -X POST http://localhost:8000/api/v1/auth/dev/mint-token \
  -H "Content-Type: application/json" \
  -d '{"principal_id":"you@yourcompany.com","class_slug":"eng/code-reviewer","tenant":"dev"}' \
  | python3 -c 'import json,sys; print(json.load(sys.stdin)["api_key"])'

Or via the CLI (which caches the token locally):

cd cli/quayside-cli
uv run quayside login \
  -p you@yourcompany.com \
  -c eng/code-reviewer \
  -u http://localhost:8000

uv run quayside whoami

3 · Make a proxied call

TOKEN="qsk_..."   # the value from step 2

curl -N -X POST http://localhost:8000/api/v1/proxy/anthropic/v1/messages \
  -H "Content-Type: application/json" \
  -H "x-api-key: $TOKEN" \
  -d '{
    "model": "claude-mock",
    "max_tokens": 50,
    "messages": [{"role":"user","content":"Hello"}]
  }'

With no QUAYSIDE_ANTHROPIC_API_KEY set, the proxy uses MockUpstream and you’ll see a canned Anthropic-shaped SSE stream. To talk to real Anthropic, set the key in the environment before booting:

export QUAYSIDE_ANTHROPIC_API_KEY=sk-ant-...
make dev-back

4 · See the audit trail

Open http://localhost:3000/audit. Your call appears at the top:

class_slug is eng/code-reviewer
final_effect is Allow
step_count is 1 or more

Click open → for the full drill-down: identity, duration, and every detector step the proxy ran for this request.

5 · See what an unknown agent looks like

# Mint a token whose class_slug doesn't exist
BAD=$(curl -sS -X POST http://localhost:8000/api/v1/auth/dev/mint-token \
  -H "Content-Type: application/json" \
  -d '{"principal_id":"you@yourcompany.com","class_slug":"some/rogue-bot","tenant":"dev"}' \
  | python3 -c 'import json,sys; print(json.load(sys.stdin)["api_key"])')

curl -sS -X POST http://localhost:8000/api/v1/proxy/anthropic/v1/messages \
  -H "x-api-key: $BAD" \
  -d '{"model":"claude-mock","max_tokens":1,"messages":[{"role":"user","content":"hi"}]}'
# → 404 class slug='some/rogue-bot' not found

Now open http://localhost:3000/shadow. The unknown slug is in the queue with attempt count 1. Try the call again — the count bumps. Click clear to dismiss, or register in the registry to onboard it.

What you just learned

Every call to the proxy is identity-resolved to a registered class
Unknown calls fail and are logged to the shadow queue
Every successful call produces a run with steps showing what detectors saw
The CLI, dashboard, and API are three ways to do the same things

Architecture overview — the mental model behind what just happened
Concepts → Classes and instances — what a class actually is
Guides → Write a policy — make the proxy do something useful