Getting Started with AgentSoap

AgentSoap is the industrial-grade "wash" for autonomous AI agents. As agents transition from simple chat interfaces to executing code, managing finances, and accessing internal databases, the risk of Indirect Prompt Injections (IPI) and Data Loss (DLP) increases exponentially.

AgentSoap provides:

  • Semantic Guardrails: Real-time LLM-powered analysis of every payload to detect malicious intent.
  • Economic Protection: Spending limits and token-tracking to prevent EDoS (Economic Denial of Service) attacks.
  • Zero-Trust Identity: HMAC-signed requests that ensure every action is verified and attributed to a specific agent process.
  • Human-in-the-Loop (HITL): Automatic escalation for high-risk actions (like large financial transfers) that require human approval via SMS or Email.

Quick Start (3 Minutes)

1. Configure your Environment

Add your AgentSoap credentials to your agent's environment:

# AgentSoap Core Configuration
AGENT_SOAP_API_KEY=as_live_...
AGENT_SOAP_SECRET=soap_sec_...
AGENT_SOAP_BASE_URL=https://api.agentsoap.com/v1

2. Implement the Trust Handshake

Every request to AgentSoap must be signed with HMAC-SHA256. This prevents tampering and ensures your agent is who it says it is.

import hmac, hashlib, time, requests

def get_soap_headers(payload_body, secret):
    timestamp = str(int(time.time()))
    # Signature = HMAC(Secret, Timestamp + Body)
    signature = hmac.new(
        secret.encode(), 
        (timestamp + payload_body).encode(), 
        hashlib.sha256
    ).hexdigest()
    
    return {
        "X-Soap-Signature": signature,
        "X-Soap-Timestamp": timestamp
    }

3. Verify your First Action

Before your agent performs a sensitive task, send the payload to the verify/payload endpoint.

response = requests.post(
    f"{AGENT_SOAP_BASE_URL}/verify/payload",
    json={"text_content": "Transfer $50 to @beau"},
    headers=get_soap_headers('{"text_content": "Transfer $50 to @beau"}', AGENT_SOAP_SECRET)
)

if response.json()["action"] == "ALLOW":
    # Execute the transfer
    pass
else:
    # Handle the security block
    print(f"Action Blocked: {response.json()['reason']}")

Core Learning Path

To get the most out of AgentSoap, we recommend exploring these guides in order:

  1. AI Agent Integration Guide: Detailed walkthroughs and 10+ examples of how to use our MCP tools in the wild.
  2. Framework Gallery: Copy-paste snippets for LangChain, CrewAI, AutoGen, and more.
  3. HITL Runbook: Learn how to set up mobile-first approval flows for your most sensitive agent actions.
  4. Security Policies: Configure your "Wash Intensity" and custom regex guardrails.

Support & Safety

  • Emergency Kill-Switch: You can suspend all agent activity instantly via the AgentSoap Dashboard.
  • Threat Feeds: Our global threat database is updated every 15 minutes with new prompt injection vectors and malicious entities.
  • Audit Logs: Every verification attempt is logged with full forensic metadata for compliance and debugging.

Security Lab Live Sandbox

Test your payloads against the AgentSoap security logic. Enter a string below to see the generated implementation code.

Simulation Result
cURL Command
Python Snippet