Publishing & Registry
Publish agents to the Sekuire Registry using the two-tier model: public (Sekuire-verified) or private (enterprise).
Two-Tier Registry Model
Sekuire provides two registry tiers for different use cases:
- Public Registry - Sekuire-verified agents that anyone can trust
- Private Registry - Enterprise agent management with governance tools
| Aspect | Public | Private |
|---|---|---|
| Who Builds | Sekuire | Customer |
| Source Analysis | Required (gate) | Optional (visibility) |
| Pull Access | Anyone | Org members only |
Commands
- sekuire publish - Publish agent to registry
- sekuire registry login - Authenticate with container registry
- sekuire verify - Verify remote agent
publish
Register your agent with the Sekuire Registry. Omit --public for private (default).
sekuire publish [OPTIONS]
Options
| Option | Description |
|---|---|
--public | Publish to public registry (Sekuire builds) |
--repo <URL> | GitHub repository URL for source analysis |
-r, --registry <URL> | Registry URL (default: https://api.sekuire.ai) |
--no-workflow | Skip GitHub Actions workflow prompt |
--yes | Skip interactive prompts (use defaults) |
Use --yes for non-interactive runs and --no-workflow to avoid the workflow prompt.
Private Registry (Default)
For enterprise agent management. You build and push your own Docker images.
Terminal
# Register agent (no source analysis)
$ sekuire publish
Sekuire ID: 7f8a9b3c2d1e...
Signature: a1b2c3d4...
Agent registered to private registry!
# Build and push your image
$ docker build -t registry.sekuire.ai/org/acme-corp/my-agent:v1 .
$ sekuire registry login
$ docker push registry.sekuire.ai/org/acme-corp/my-agent:v1
Image pushed successfully!
note
Private registry never blocks pushes. Governance happens via policies, audit logs, and the dashboard.
Private Registry with Source Analysis
Opt-in source analysis provides visibility into agent capabilities without gating deployments.
Terminal
# Register with repo for visibility
$ sekuire publish --repo github.com/acme/my-agent
GitHub App Installation Required
Visit: https://github.com/apps/sekuire/installations/new
Press Enter when complete...
Connecting repository...
Analysis queued (runs in background)
Agent registered to private registry!
# Push works immediately (no blocking)
$ docker push registry.sekuire.ai/org/acme-corp/my-agent:v1
# View analysis results
$ sekuire analysis
SDK Detection: Python 0.2.0 (lifecycle complete)
Declared Capabilities: network: [api.openai.com], tools: [get_weather]
Detected Capabilities: network: [api.openai.com, analytics.example.com]
Gaps: 1 undeclared network call
Transparency Score: 85
info
Source analysis helps with policy creation, trust scoring, and compliance audits.
Public Registry (Sekuire Verified)
For community-trusted agents. Sekuire builds the image after analysis passes.
Terminal
# Publish to public registry (requires repo)
$ sekuire publish --public --repo github.com/acme/my-agent
GitHub App Installation Required
Visit: https://github.com/apps/sekuire/installations/new
Press Enter when complete...
Build queued: build_abc123
Track status: sekuire builds status build_abc123
Terminal
# Check build status
$ sekuire builds status build_abc123
Build: build_abc123
Status: analyzing
SDK Compliance: pending
Security Scans: pending
Docker Build: pending
# After completion
$ sekuire builds status build_abc123
Build: build_abc123
Status: completed
SDK Compliance: passed
Security Scans: passed (0 critical, 1 medium)
Docker Build: passed
Image: registry.sekuire.ai/7f8a9b3c2d1e:v1
Anyone can pull: docker pull registry.sekuire.ai/7f8a9b3c2d1e:v1
warning
Public registry requires SDK compliance and security scans to pass. Builds are blocked on failure.
registry login
Authenticate with the Sekuire container registry for Docker push/pull operations.
sekuire registry login
Example
Terminal
$ sekuire registry login
Authenticating with registry.sekuire.ai...
Login successful!
# Now use standard Docker commands
$ docker push registry.sekuire.ai/org/acme-corp/my-agent:v1
$ docker pull registry.sekuire.ai/org/acme-corp/my-agent:v1
verify
Verify a remote agent's identity via handshake protocol.
sekuire verify [OPTIONS]
Options
| Option | Description |
|---|---|
-u, --url <URL> | Agent URL (required) |
-i, --id <ID> | Expected Agent ID (optional) |
-r, --registry <URL> | Registry URL |
Example
Terminal
$ sekuire verify --url http://localhost:8000 --id 7f8a9b3c...
Verifying agent at http://localhost:8000...
Identity confirmed: 7f8a9b3c...
Signature valid
Registry entry matches
Complete Workflows
Private Registry Workflow
Terminal
# 1. Initialize and generate keys
sekuire init --name my-agent
sekuire keygen
# 2. Register agent (private default)
sekuire publish
# 3. Build and push your image
docker build -t registry.sekuire.ai/org/acme-corp/my-agent:v1 .
sekuire registry login
docker push registry.sekuire.ai/org/acme-corp/my-agent:v1
# Image available to org members immediately
Public Registry Workflow
Terminal
# 1. Initialize
sekuire init --name my-agent
sekuire keygen
# 2. Publish to public (Sekuire builds)
sekuire publish --public --repo github.com/acme/my-agent
# 3. Wait for build
sekuire builds status <id>
# 4. On success, anyone can pull
docker pull registry.sekuire.ai/<sekuire_id>:v1