Quickstart

Get your first agent secured with AgentMesh in 5 minutes.

1. Install the SDK

npm install @a2a-auth/core

2. Generate Keys

AgentMesh uses asymmetric keys (Ed25519) for signing and verifying tokens. Generate a key pair to get started: 

import { keygen } from "@a2a-auth/core";

const keys = await keygen();
// keys.privateKey — keep this secret
// keys.publicKey  — share via JWKS endpoint

console.log(keys.privateKey); // base64url-encoded
console.log(keys.publicKey);  // base64url-encoded

Important: Store your private key securely. Never commit it to source control. Use environment variables or a secrets manager.

3. Configure the Authority

The Authority issues signed JWTs for your agents. Set it up on your identity server or gateway: 

import { createAuthority } from "@a2a-auth/core";

const authority = createAuthority({
  issuer: "https://mesh.coinsenda.ai",
  privateKey: process.env.AGENT_PRIVATE_KEY,
  publicKey: process.env.AGENT_PUBLIC_KEY,
});

// Issue a token for an agent
const token = await authority.issueToken({
  subject: "agent:my-translator",
  audience: "https://api.example.com",
  scopes: ["skill:execute:translate", "skill:read:catalog"],
  expiresIn: "1h",
});

4. Protect Your Endpoints

On the receiving agent, set up a Verifier to validate incoming tokens: 

import { createVerifier } from "@a2a-auth/core";

const verifier = createVerifier({
  jwksUrl: "https://mesh.coinsenda.ai/.well-known/jwks.json",
  audience: "https://api.example.com",
});

// In your request handler:
async function handleRequest(req) {
  const authHeader = req.headers.authorization;
  if (!authHeader?.startsWith("Bearer ")) {
    return { status: 401, body: "Missing token" };
  }

  try {
    const payload = await verifier.verify(authHeader.slice(7));
    // payload.sub   → "agent:my-translator"
    // payload.scopes → ["skill:execute:translate", ...]

    // Check specific scope
    if (!payload.scopes.includes("skill:execute:translate")) {
      return { status: 403, body: "Insufficient permissions" };
    }

    // Handle the request...
    return { status: 200, body: "Translation complete" };
  } catch (err) {
    return { status: 401, body: "Invalid token" };
  }
}

5. Test It

# Issue a token
node -e "
  const { createAuthority, keygen } = require('@a2a-auth/core');
  (async () => {
    const keys = await keygen();
    const auth = createAuthority({
      issuer: 'test',
      privateKey: keys.privateKey,
      publicKey: keys.publicKey,
    });
    const token = await auth.issueToken({
      subject: 'agent:test',
      scopes: ['skill:execute:*'],
    });
    console.log(token);
  })();
"

6. Use the CLI

The AgentMesh CLI lets you manage networks, agents, and permissions from your terminal. Install it globally: 

npm install -g @agentmesh/cli

Initialize your config and log in:

agentmesh init
# Prompts for server URL, email, and password
# Saves config to ~/.agentmesh/config.json

Register an agent from the command line:

agentmesh register my-translator \
  --network <network-id> \
  --endpoint https://my-agent.example.com

Grant permissions between agents:

agentmesh grant <requester-id> <target-id> skill:execute:translate \
  --network <network-id>

Request a JWT token for agent-to-agent auth:

agentmesh token <target-id> skill:execute:translate,skill:read:catalog \
  --network <network-id>

Browse and install marketplace skills:

agentmesh skills --search "translation"
agentmesh install translate-pro --agent <agent-id>

Next Steps