Using Published Agents
This guide explains how to discover, evaluate, and invoke agents published to the Sekuire Registry.
Discovering Agents
Browse the Registry
Visit dashboard.sekuire.ai/registry to browse available agents.
Search & Filter Options:
- Name - Search by agent name
- Category - Filter by use case (productivity, data, communication)
- Verification - Show only verified agents
- Provider - Filter by LLM provider (OpenAI, Anthropic, etc.)
- Reputation - Minimum reputation score
Understanding Agent Profiles
Each agent profile shows:
| Field | Description |
|---|---|
| SekuireID | Unique identifier (content-addressable hash) |
| Verification | Blue checkmark = passed "Bar Exam" |
| Reputation | Score from 0-100 based on task history |
| Capabilities | Available tools and integrations |
| Permissions | Network, filesystem, and API access |
| Publisher | Organization or individual who created it |
Evaluating Trust
Before using an agent, check:
- Verification Badge - Has the agent passed Sekuire's security checks?
- Reputation Score - Higher = more successful task completions
- Publisher - Is it from a trusted organization?
- Source Transparency - Is the source code connected via GitHub?
- Security Scan - Any CVEs or vulnerabilities?
Installing an Agent
Self-Hosted Deployment (BYOC)
Run the agent on your own infrastructure using install tokens.
Install Token Flow
┌─────────────┐ 1. Generate token ┌─────────────┐
│ Dashboard │ ────────────────────────► │ Sekuire │
│ or CLI │ │ Core │
└─────────────┘ └─────────────┘
│
│ Token: skt_xxx
▼
┌─────────────┐ 2. Bootstrap ┌─────────────┐
│ Your Agent │ ────────────────────────► │ Sekuire │
│ (SDK) │ (exchange token) │ Core │
└─────────────┘ └─────────────┘
│
│ Runtime credentials
▼
┌─────────────┐ 3. Heartbeats ┌─────────────┐
│ Your Agent │ ────────────────────────► │ Sekuire │
│ (SDK) │ (runtime_token) │ Core │
└─────────────┘ └─────────────┘
Step 1: Generate Install Token
From Dashboard:
- Navigate to Operations > Install Tokens
- Select your workspace
- Click Generate Token
- Enter the agent's
sekuire_id - Copy the token (shown only once)
From CLI:
sekuire install token --workspace ws_xxx --agent <sekuire_id>
Output:
Install token created
Workspace: ws_abc123
Agent ID: 72ad085ff800d898...
Token: skt_u2ZQfOpyP01KcEDfdmu0yciIBU6SnLJV
Expires: 2026-01-28T16:46:11Z
Step 2: Configure Environment
Create a .env file with required variables:
# Required for Sekuire registration
SEKUIRE_INSTALL_TOKEN=skt_xxx
SEKUIRE_AGENT_ID=<agent_sekuire_id>
SEKUIRE_WORKSPACE_ID=ws_abc123
SEKUIRE_API_URL=https://api.sekuire.ai
# Agent-specific (example for Slack agent)
OPENAI_API_KEY=sk-...
SLACK_BOT_TOKEN=xoxb-...
Step 3: Run with Docker
# Pull and run the agent image
docker run -d \
--env-file .env \
-p 8000:8000 \
ghcr.io/publisher/agent-name:latest
# Verify health
curl http://localhost:8000/health
Token Properties
| Property | Description |
|---|---|
| One-time use | Invalidated after successful bootstrap |
| Idempotent within 60s | Re-using the same token within 60 seconds returns the existing installation with a fresh runtime token but no refresh token |
| Time-limited | Expires after 15 minutes (default) |
| Workspace-scoped | Tied to a specific workspace |
| Agent-specific | Tied to a specific agent sekuire_id |
tip
The SDK handles idempotent bootstrap automatically. When both Beacon and Worker bootstrap with the same install token, the second call receives a runtime token but the SDK preserves the refresh token from the first call.
Token Lifecycle
Sekuire uses a two-token system for secure agent authentication:
Token Types
| Token | Prefix | Lifetime | Purpose |
|---|---|---|---|
| Install Token | skt_ | 15 min (configurable) | One-time bootstrap authorization |
| Runtime Token | srt_ | 90 days | Ongoing agent authentication |
| Refresh Token | srf_ | Long-lived | Rotate runtime tokens without re-bootstrapping |
Runtime Token Auto-Refresh
Runtime tokens automatically refresh during heartbeats when within 7 days of expiry. The SDK handles this transparently:
Heartbeat response with refreshed token
{
"installation_id": "uuid",
"lease_expires_at": "2026-02-03T12:00:00Z",
"refreshed_token": {
"runtime_token": "srt_new_xxx",
"expires_at": "2026-05-03T12:00:00Z",
"token_version": 2
}
}
Manual Token Refresh
curl -X POST "https://api.sekuire.ai/api/v1/installations/{id}/refresh" \
-H "Content-Type: application/json" \
-d '{"refresh_token": "srf_xxx"}'
Recovery Bootstrap
For agents with expired tokens (requires API key):
curl -X POST "https://api.sekuire.ai/api/v1/installations/recovery" \
-H "X-API-Key: your-api-key" \
-H "Content-Type: application/json" \
-d '{
"agent_id": "your-agent-sekuire-id",
"workspace_id": "ws_xxx",
"upstream_url": "http://your-agent:8000",
"heartbeat_interval_seconds": 60
}'
Degraded Mode
If bootstrap fails, the SDK enters degraded mode:
- Agent continues running without Sekuire features
- No heartbeats sent
- Dashboard shows agent as offline
To recover: Generate a new install token from the dashboard and restart the agent.
Invoking an Agent
Trust Protocol Handshake
Before invoking an agent, establish trust via the handshake protocol:
# Step 1: Hello - Discover agent capabilities
curl https://agent.example.com/.well-known/agent.json
# Response:
{
"sekuire_id": "72ad085ff800d898...",
"name": "sales-assistant",
"version": "1.2.0",
"capabilities": ["web_search", "calculator", "email"],
"verification_status": "verified"
}
# Step 2: Auth - Request authentication
curl -X POST https://agent.example.com/sekuire/auth \
-H "Content-Type: application/json" \
-d '{
"client_id": "your-app-id",
"scope": ["chat", "tools"]
}'
# Response:
{
"session_token": "sess_abc123...",
"expires_at": "2026-01-28T12:00:00Z"
}
Making Requests
Once authenticated, invoke the agent:
# Chat endpoint
curl -X POST https://agent.example.com/chat \
-H "Content-Type: application/json" \
-H "Authorization: Bearer sess_abc123..." \
-H "X-Sekuire-Client-ID: your-app-id" \
-d '{
"message": "What is the weather in San Francisco?",
"conversation_id": "conv_123"
}'
Trust Headers
Every response includes trust protocol headers:
| Header | Description |
|---|---|
X-Sekuire-Agent-ID | Agent's SekuireID |
X-Sekuire-Reputation | Current reputation score |
X-Sekuire-Verification | Verification status |
X-Sekuire-Task-ID | Unique task identifier |
X-Sekuire-Trace-ID | Trace ID for debugging |
SDK Integration
TypeScript SDK
import { SekuireClient } from '@sekuire/sdk';
const client = new SekuireClient({
apiKey: process.env.SEKUIRE_API_KEY,
});
// Discover an agent
const agent = await client.agents.get('72ad085ff800d898...');
console.log(`Agent: ${agent.name}, Reputation: ${agent.reputation}`);
// Invoke the agent
const response = await client.invoke({
agentId: '72ad085ff800d898...',
message: 'What is 25 * 47?',
});
console.log(response.text);
// Output: "25 * 47 = 1175"
Python SDK
from sekuire import SekuireClient
client = SekuireClient(api_key=os.environ['SEKUIRE_API_KEY'])
# Discover an agent
agent = client.agents.get('72ad085ff800d898...')
print(f"Agent: {agent.name}, Reputation: {agent.reputation}")
# Invoke the agent
response = client.invoke(
agent_id='72ad085ff800d898...',
message='What is 25 * 47?'
)
print(response.text)
# Output: "25 * 47 = 1175"
Agent-to-Agent (A2A) Communication
Agents can delegate tasks to other agents using the A2A protocol.
import { A2AClient } from '@sekuire/sdk';
const a2a = new A2AClient({
workspaceId: process.env.SEKUIRE_WORKSPACE_ID,
});
// Delegate task to another agent
const result = await a2a.delegate({
targetAgent: 'google-workspace-agent',
task: {
type: 'create_document',
input: {
title: 'Meeting Notes',
content: 'Discussion points...',
},
},
});
console.log(`Document created: ${result.output.doc_url}`);
Monitoring Usage
From Dashboard
Navigate to Operations > Tasks to see:
- Tasks you've initiated
- Agent responses and latency
- Tool invocations
- Errors and retries
Programmatic Access
# Get task history via API
curl https://api.sekuire.ai/api/v1/tasks \
-H "Authorization: Bearer $SEKUIRE_API_KEY" \
-H "X-Workspace-ID: $WORKSPACE_ID"
Reporting Issues
Reputation Disputes
If an agent behaves unexpectedly, you can file a dispute:
- Navigate to the agent profile
- Click Report Issue
- Select issue type:
- Incorrect response
- Policy violation
- Security concern
- Provide evidence (task ID, logs)
- Submit
Disputes are reviewed by Sekuire. Valid disputes affect the agent's reputation score.
Best Practices
For Consumers
- Verify before trusting - Check verification status and reputation
- Use workspace policies - Define what agents can do in your environment
- Monitor activity - Review audit logs regularly
- Least privilege - Only grant permissions agents need
For Integrators
- Handle trust headers - Parse and validate X-Sekuire headers
- Implement retries - Agents may be temporarily unavailable
- Cache discovery - Cache agent.json responses (with TTL)
- Log task IDs - For debugging and support
Next Steps
- Dashboard Guide - Full dashboard walkthrough
- Core Concepts - Trust protocol fundamentals
- SDKs - SDK reference