Documents are loading...

Getting Started

End-to-End Agent Workflow

One walkthrough showing how AgentIQ Identity, AgentIQ Policy, Mirror VectaX, Gateway, Code Prism, and DiscoveR fit together

This walkthrough shows the composed path reviewers asked for: agent identity, runtime policy, protected application flows, code security, and red-team validation.

The flow

The application or orchestrator obtains subject context, registers or selects the agent from the registry, and requests a short-lived scoped token.

Prompts, tool calls, retrieval results, and outputs pass through policy checks in shadow mode or enforce mode.

The runtime checks connector readiness, MCP server health, tool inventory, and skill attachments before external actions are available to the agent.

The agent uses Gateway-backed inference, memory, vectors, FPE, PRE, RBAC, or FHE workflows without treating all data as ordinary plaintext traffic.

DiscoveR scans MCP/tool paths, prompt injection, retrieval abuse, and code-security patterns; Governance records the smoke and release evidence.

Example composition

AgentIQ Identity: issue a scoped token

from mirror_sdk import Mirror
 
client = Mirror()
identity = client.agentiq.identity
 
identity.agents.create({
    "agentId": "research-agent",
    "name": "Research agent",
    "tenantId": "tenant-a",
    "resources": [
        {"resource": "gateway", "scopes": ["chat:run", "memory:read"]}
    ],
})
 
token = identity.tokens.mint({
    "agentId": "research-agent",
    "resource": "gateway",
    "scopes": ["chat:run", "memory:read"],
    "ttlSeconds": 300,
})

AgentIQ: protect the workflow

from mirror_sdk.ops.mirror_decorators import policy_monitor
from mirror_sdk.core.mirror_core import MirrorConfig
 
config = MirrorConfig.from_env()
 
@policy_monitor(name="research_guard", mirror_config=config)
async def run_guarded_step(prompt: str) -> str:
    return prompt

Mirror VectaX: retrieve and answer

from mirror_sdk import Mirror
 
# Mirror() picks up the service credential issued in Portal -> Use Mirror -> SDK & Quickstart
# (MIRROR_SERVICE_CREDENTIAL_FILE) and the platform endpoints
client = Mirror()
 
reply = client.chat.completions.create(
    model="gpt-4o-mini",
    messages=[{"role": "user", "content": "Summarize the latest policy update."}],
)
print(reply.text)

Agent Extensions: check tools and skills

from mirror_sdk import Mirror
 
client = Mirror()
 
summary = client.extensions.connectors.summary()
for connector in summary.get("connectors", []):
    print(connector["id"], connector["status"])
 
skills = client.extensions.skills.list()
print("skills:", len(skills if isinstance(skills, list) else skills.get("skills", [])))

DiscoveR and Governance: validate the resulting assistant

from mirror_sdk import Mirror
 
client = Mirror()
scan = client.discover.scans.create({
    "application_id": "assistant-app-id",
    "security_categories": ["quickScan", "jailbreakAndInjection"],
})
print(scan["id"])

Registry and security model

Use Mirror Builder should generate agent.md and skill.md from the same source of truth:

SurfaceOwnerOutput
Agent registryAgentIQ Identityagent id, owner, scopes, delegated token contract
Connector registryAgent Extensionsconfigured connectors, OAuth status, tool readiness
MCP registryAgent ExtensionsChatGPT/Claude/IDE tool registration bundle and server health
Runtime registryGatewayprovider, end-to-end encrypted, plain, confidential, local/offline SDK, and FHE lanes
Policy and guardrailsAgentIQ Policy Engineinput, output, tool, code-agent, and connector policies
Scans and evidenceDiscoveR + GovernanceMCP security scans, code-security scans, red-team results, release evidence

The customer-facing entry point remains Gateway and the hosted /mapi SDK facade. Product services can exist behind it, but agent builders should not expose separate customer gateways for Memory, VDB, MCP, or runtime lanes.

Where to branch next

Use this composed path when you need the full agent stack. If you only need one layer, start from the product-specific docs instead.

On this page