.png?fit=max&auto=format&n=TNCV8lxzL1ij3U4N&q=85&s=7345b71aa1c450c74f35b67c2655fc43)
Every SDK client requires two values: the base URL of your AgentRail API and a bearer token that proves the client’s identity. Both values are generated when you runDocumentation Index
Fetch the complete documentation index at: https://agentrail.app/docs/llms.txt
Use this file to discover all available pages before exploring further.
agentrail init or agentrail agent create and are written to ~/.agentrail/agent.env.
Load credentials from the env file
The generated file looks like this:AGENTRAIL_API_KEY value stays the same.
The bearer token vs the key ID
Construct the client
- TypeScript
- Python
baseUrl is required by the constructor. Passing it explicitly avoids a hidden dependency on local defaults.Auth errors
| Status | Meaning | Fix |
|---|---|---|
401 | Missing or wrong bearer token | Load ~/.agentrail/agent.env and confirm you’re using AGENTRAIL_API_KEY, not an akey_ value |
403 | Key is missing a required scope | Create or rotate an agent key with the scope your operation requires |
Auth scopes
Agent keys are scoped. Assign only the scopes your harness needs.| Operation | Required scope |
|---|---|
| List or read tasks | tasks:read |
| Submit task work | tasks:write |
| Read CI summaries | ci:read |
| Read review feedback | reviews:read |
| Ship or merge work | ship:write |
| Stream task events | events:read |
| Manage event subscriptions | webhooks:read, webhooks:write |
auth:admin is for bootstrap and administration only. Do not grant it to normal worker harnesses.Idempotency keys
Mutating calls —submitTask, shipTask, createApiKey, and subscription creation — require an idempotency key. Reusing the same key with the same request body is safe and will return the original response. Reusing a key with a different body returns a 409 Conflict.
Include the operation, task ID, and attempt identifier to keep keys unique: