Documentation

Quickstart

1

Create your account

Go to ariatrust.org/app, register and confirm your email. Copy your API key from the dashboard.

2

Install the SDK

bash

npm install @ariatrust-io/aria-sdk

3

Register your agent

typescript

import { createClient } from '@ariatrust-io/aria-sdk';

const aria = createClient({
  baseUrl: 'https://ariatrust.org',
  apiKey: process.env.ARIA_API_KEY
});

const agent = await aria.registerAgent({
  name: 'my-agent',
  scope: ['read:data', 'write:data', 'send:email']
});

// Save these: you need them to track events
console.log(agent.did);    // did:agentrust:...
console.log(agent.secret); // keep this secret

4

Track actions

typescript

const result = await aria.track(
  agent.did,
  agent.secret,
  'read:data',
  async () => {
    return await fetchUserData(userId);
  }
);

result.insights

{

scope: { valid: true },

signature: { valid: true },

rateLimit: { exceeded: false },

trustScore:{ impact: +1 }

}

5

View in dashboard

Sign in at ariatrust.org/app to see your agent, its trust score, and every action it has taken, with full cryptographic proof.

Track Modes

ARIA supports three modes for tracking agent actions. Choose the mode that matches the risk and latency requirements of each action.

enforce

Default

Blocks until ARIA confirms the event. Use for critical actions where you need insights back.

light

Low latency

Fire-and-forget. Agent continues immediately. Use for high-frequency actions where latency matters.

gate

Human-in-loop

Requires human approval before executing. Use for destructive or high-risk actions.

typescript · enforce (default)

const result = await aria.track(did, secret, 'read:data', fn);
// Waits ~150-300ms for ARIA response

typescript · light

const result = await aria.track(
  did, secret, 'read:data', fn,
  { mode: 'light' }
);
// Returns immediately: ARIA records in background

typescript · gate

import { GateDeniedException } from '@ariatrust-io/aria-sdk';

try {
  await aria.track(
    did, secret, 'delete:records', fn,
    {
      mode: 'gate',
      gate: {
        requireApproval: ['delete:*'],
        autoBlock: ['drop:*'],
        timeoutMs: 5 * 60 * 1000
      }
    }
  );
} catch (err) {
  if (err instanceof GateDeniedException) {
    console.log('Owner denied this action');
  }
}

Scope

Scope declares what your agent is allowed to do. Format: verb:resource. If an agent attempts an action outside its declared scope, ARIA records a scope violation and penalizes the trust score.

read:users Read user data

write:orders Create or update orders

send:email Send emails on behalf of users

process:payment Process payment transactions

generate:report Generate and export reports

typescript

const agent = await aria.registerAgent({
  name: 'my-agent',
  scope: [
    'read:users',      // read user data
    'write:orders',    // create/update orders
    'send:email',      // send emails
    'process:payment', // process payments
    'generate:report'  // generate reports
  ]
});

Trust Score

Every agent has a score from 0 to 100 based on behavior over the last 30 days. The score decays toward 50 after 7 days of inactivity.

Score Changes

Successful action +1

Error outcome -1

Anomaly detected -5

Scope violation -15 to -50

Hardware conflict -20 to -40

Notes

Maximum achievable ~85

Score never reaches 100 by design

Inactivity decay toward 50

Decay starts after 7 days

Scope violations escalating

Trusted

80 – 100

Fully verified behavior

Neutral

50 – 79

Monitor for anomalies

Untrusted

0 – 49

Investigate immediately

Webhooks

Get notified in real time when something suspicious happens. Each webhook is signed with HMAC-SHA256 via the X-ARIA-Signature header so you can verify authenticity.

bash · register webhook

curl -X POST https://ariatrust.org/v1/webhooks \
  -H "Authorization: Bearer your-api-key" \
  -H "Content-Type: application/json" \
  -d '{
    "url": "https://your-server.com/aria-alerts",
    "events": [
      "anomaly",
      "scope_violation",
      "trust_score_critical"
    ]
  }'

json · webhook payload

{
  "alert": "TRUST_SCORE_CRITICAL",
  "severity": "CRITICAL",
  "agent": {
    "did": "did:agentrust:...",
    "name": "my-agent",
    "trustScore": 12
  },
  "reason": "scope_violation",
  "timestamp": "2026-05-14T10:00:00Z"
}

API Reference

Base URL: https://ariatrust.org · Authentication: Authorization: Bearer <api-key>

Method	Endpoint	Description
GET	/health	Server status
POST	/v1/auth/register	Create account
POST	/v1/auth/login	Sign in (sends 2FA code)
POST	/v1/auth/verify-code	Verify 2FA, receive API key
POST	/v1/agents	Register agent
GET	/v1/agents	List agents
GET	/v1/agents/:did	Agent details + trust score
GET	/v1/agents/:did/secret	Recover agent secret
DELETE	/v1/agents/:did	Delete agent
POST	/v1/agents/bulk-delete	Delete multiple agents
POST	/v1/events	Track single event
POST	/v1/events/batch	Track up to 500 events
GET	/v1/events	List events
GET	/v1/events/export	Export events as CSV, JSON, or OTEL (OpenTelemetry, compatible with Splunk, Datadog, CloudWatch)
POST	/v1/gate/request	Request human approval
GET	/v1/gate/request/:id	Check approval status
POST	/v1/gate/approve/:id	Approve action
POST	/v1/gate/deny/:id	Deny action
GET	/v1/gate/pending	List pending approvals
POST	/v1/webhooks	Register webhook
GET	/v1/webhooks	List webhooks
DELETE	/v1/webhooks/:id	Remove webhook
POST	/v1/api-keys	Create API key
POST	/v1/api-keys/rotate	Rotate API key
POST	/v1/witness/sources	Register external witness source
POST	/v1/witness/confirm/:id	Submit external event count
GET	/v1/witness/checks	List verification checks
GET	/v1/witness/agents/:did	Witness summary for agent
POST	/v1/temporal/anchor/:did	Create temporal anchor
GET	/v1/temporal/verify/:eventId	Verify event proof
GET	/v1/temporal/anchors/:did	Anchor summary for agent
GET	/v1/temporal/anchors/:did/list	List all anchors for agent
POST	/v1/zeroproof/innocence	Generate Proof of Innocence
POST	/v1/zeroproof/consistency	Generate Proof of Consistency
POST	/v1/zeroproof/limits	Generate Proof of Limits
GET	/v1/zeroproof/verify/:id	Verify a proof
GET	/v1/zeroproof/list/:did	List proofs for agent

Examples

typescript · openai function calling

import OpenAI from 'openai';
import { createClient } from '@ariatrust-io/aria-sdk';

const openai = new OpenAI();
const aria = createClient({ baseUrl: '...', apiKey: '...' });

const agent = await aria.registerAgent({
  name: 'openai-agent',
  scope: ['read:data', 'send:email', 'write:calendar']
});

// Wrap each tool call with ARIA
async function callTool(toolName: string, args: unknown) {
  return aria.track(
    agent.did, agent.secret, toolName,
    async () => executeTool(toolName, args),
    { mode: 'light' } // non-blocking for high frequency
  );
}

typescript · langchain tools

import { DynamicTool } from 'langchain/tools';
import { createClient } from '@ariatrust-io/aria-sdk';

const aria = createClient({ baseUrl: '...', apiKey: '...' });
const agent = await aria.registerAgent({
  name: 'langchain-agent',
  scope: ['search:web', 'read:database', 'send:email']
});

// Wrap LangChain tools with ARIA tracking
function wrapTool(tool: DynamicTool, action: string) {
  return new DynamicTool({
    name: tool.name,
    description: tool.description,
    func: async (input: string) => {
      const result = await aria.track(
        agent.did, agent.secret, action,
        async () => tool.func(input),
        { mode: 'light' }
      );
      return result;
    }
  });
}

Everything you needto integrate ARIA.

Quickstart

Create your account

Install the SDK

Register your agent

Track actions

View in dashboard

Track Modes

enforce

light

gate

Scope

Trust Score

Score Changes

Notes

Webhooks

API Reference

Examples

Everything you need
to integrate ARIA.