SDK & CLI
Install the ArmorIQ CLI, wire the Python or TypeScript SDK into your agent, and ship authorized tool calls backed by cryptographic intent tokens and per-user policy enforcement.
The ArmorIQ SDK and CLI let you secure every tool call your AI agent makes. The CLI authenticates your developer workstation and manages per-organization API keys; the SDK wraps every tool call with a cryptographically signed intent token so the proxy can enforce policy before the call leaves your network.
You only need two things to integrate:
- An API key — minted from the dashboard under API Keys or from the CLI after
armoriq login. - An email — the identity of the end user your agent is acting on behalf of. Attached per-call via
for_user(email)(Python) or theuserEmailoption (TypeScript). Audit logs, policies, and delegation flows all key off this email.
That pair — API key + email — is the canonical minimum for any real integration.
Start here
Installation
Install the CLI and SDK via pipx, pip, uv, or npm.
Quickstart
Sixty seconds from armoriq login to your first authorized tool call.
Authentication
Log in, manage credentials, and use keys safely in production.
CLI Reference
Every command, every flag, with copy-pasteable examples.
Python SDK
ArmorIQClient, for_user, plan capture, intent tokens, exceptions.
TypeScript SDK
The @armoriq/sdk package for Node agents.
Frameworks
Drop-in integration for Google ADK, plus the raw-client pattern for everything else.
armoriq.yaml
Full configuration schema for config-as-code deployments.
Multi-org workflow
List your organizations, switch scope, pre-select an org at login.
What you get
| Capability | What it does |
|---|---|
| Intent tokens | Every tool call is signed against the LLM's actual reasoning. The proxy rejects calls that don't match the signed plan. |
| Per-tool allow-lists | Define which tools each agent can call. Deny rules always win over allow. |
| Per-user scoping | Attach an end-user email to every call. Policies and audit logs are scoped per-user, per-membership, or per-role. |
| Delegation & approvals | High-risk tool calls can require human approval. The SDK waits on the delegation and retries automatically once approved. |
| Audit trail | Every plan, token, and invocation is captured in the dashboard — searchable by agent, user, or tool. |
Prerequisites
Before you start, have:
- A verified ArmorIQ account — see Getting Started.
- Membership in at least one organization — see Organizations.
- Python 3.10+ (for the Python SDK and the CLI) or Node.js 18+ (for the TypeScript SDK).
The CLI is Python-only today. TypeScript users should install the Python CLI via pipx install armoriq-sdk for authentication and org management; your runtime can still use @armoriq/sdk in Node.