Quick Start
In about five minutes you will have a running agent, a policy that it violates, and your first incident.
This guide assumes:
The Kyvvu API is running at
http://localhost:8000The dashboard is running at
http://localhost:3000The Python SDK is installed (
pip install -e ./sdkor the GitHub install)
If you haven't set up the stack yet, see Installation first.
Step 1 — Check your credentials
When the stack starts for the first time, it seeds a root user and an API key from your .env file. Open .env and note these two values:
[email protected]
KV_SEED_ROOT_PASSWORD=CHANGE_ME_SECURE_PASSWORD
KV_SEED_ROOT_API_KEY=KvKey-CHANGE_ME_GENERATE_RANDOM_STRINGYou'll use the email and password to log into the dashboard, and the API key in your agent code.
Verify the API is up:
curl http://localhost:8000/health
# → {"status":"healthy", ...}Step 2 — Write a minimal agent
Create a file called hello_agent.py. This agent does exactly four things: starts, makes a (fake) LLM call, waits for human approval, and ends. Each step is logged to Kyvvu via the @kv.log_step decorator.
Run it:
You should see the agent run through its steps and prompt you for approval. Behind the scenes, four log entries have been created and chained together in the audit trail.
Step 3 — See the agent and its logs in the dashboard
Open http://localhost:3000 and log in with the email and password from your .env.
Navigate to Agents — hello-agent should be listed there. Click it to see its details.
Navigate to Logs — you'll see the four steps (START_NODE, LLM_CALL, HUMAN_APPROVAL, END_NODE) recorded for the task that just ran. Click any step to inspect its input, output, and hash.
Run the agent a few more times if you want to see multiple tasks accumulate.
Step 4 — Create a policy
Now let's give Kyvvu something to enforce. You'll create a policy that requires every agent to declare an owner_id. Your agent already has one — so you'll also register a second, non-compliant agent to trigger a violation.
In the dashboard, navigate to Policies → New Policy, and fill in:
Name
Owner ID required
Scope
agent_registration
Rule type
require_field
Field name
owner_id
Severity
high
Enabled
✓
Save the policy.
Alternatively, create it via the API:
Step 5 — Trigger an incident
Register a new agent without an owner_id. Add this to the bottom of hello_agent.py (or a new file):
Run it. The registration will succeed (Kyvvu logs violations, it doesn't block by default), but the policy violation is detected immediately and an incident is created.
Step 6 — Review the incident
In the dashboard, navigate to Incidents. You'll see a new high-severity incident:
Owner ID required — Agent
bad-agentviolated policy at registration.
Click the incident to see its details: which policy was violated, which agent, when, and in which environment.
From here you can mark it as Resolved (you fixed it), Ignored (accepted risk), or leave it Active for someone else to triage. Incidents are permanent audit records — they don't disappear.
What just happened
In five steps you:
Registered an agent with its compliance metadata
Logged a four-step task execution with a tamper-evident hash chain
Created a policy that checks agent registrations
Triggered a violation and had an incident auto-created
Reviewed and triaged the incident in the dashboard
That's the core loop. From here:
Add more policies — use policy templates for a full governance framework in one click (Policies → Templates)
Add more step types — instrument your real agent with
@kv.log_stepon every meaningful operationGenerate an audit report — Reports → Generate covers any date range in PDF or XML
Set up automated actions — route critical incidents to Slack or email under Settings → Actions
For a fully worked example with a real LLM and branching logic, see Custom Python Agent.
Last updated