> ## Documentation Index
> Fetch the complete documentation index at: https://docs.fabraix.com/llms.txt
> Use this file to discover all available pages before exploring further.
# Quickstart
> Run your first adversarial scan or instrument an agent in 5 minutes
## Two paths in
Fabraix is a research lab pushing the offensive AI frontier. Most people start in one of two places:
1. **Run an offensive scan with Nyx**: point our adversarial agent at your AI system and let it autonomously hunt for vulnerabilities.
2. **Instrument an agent with Arx**: add run-time defence to a production agent (sessions, event logging, action checks).
Get your API key from the [Fabraix Dashboard](https://app.fabraix.com/) before continuing.
## Setup
The Arx defence layer is consumed via the REST API directly today, no SDK required. For adversarial audits, install the Nyx CLI:
```bash Nyx CLI theme={null}
npm install -g @fabraix/nyx
```
```bash curl theme={null}
# Arx: no installation needed
```
A Python SDK for Arx (`pip install fabraix`) is on the roadmap but not yet published. Use `requests` (or any HTTP client) against the REST API in the meantime. See the example below.
## Basic Integration (Arx)
Here's a complete example of instrumenting an agent with Arx run-time defence. To run an adversarial Nyx audit instead, see the [Nyx API reference](/api-reference/nyx/introduction).
```python Python theme={null}
import uuid
import json
import time
from datetime import datetime
import requests
# Configuration
API_KEY = "YOUR_API_KEY"
BASE_URL = "https://api.fabraix.com/v1"
HEADERS = {
"x-api-key": API_KEY,
"Content-Type": "application/json"
}
# Step 1: Register a new agent run
def register_agent_run(agent_id, system_prompt):
response = requests.post(
f"{BASE_URL}/register-agent-run",
headers=HEADERS,
json={
"agent_id": str(agent_id),
"timestamp": datetime.now().isoformat(),
"system_prompt": system_prompt
}
)
return response.json()["trace_id"]
# Step 2: Log events during the agent loop
def log_event(trace_id, event_type, content, schema):
response = requests.post(
f"{BASE_URL}/event",
headers=HEADERS,
json={
"event_type": event_type,
"trace_id": trace_id,
"timestamp": time.time(),
"content": json.dumps(content),
"schema": json.dumps(schema)
}
)
return response.json()["event_id"]
# Step 3: Check actions before execution
def check_action(trace_id, action_content, action_schema):
response = requests.post(
f"{BASE_URL}/check",
headers=HEADERS,
json={
"event_type": "action_check",
"trace_id": trace_id,
"timestamp": time.time(),
"content": json.dumps(action_content),
"schema": json.dumps(action_schema)
}
)
result = response.json()
return result["is_safe"], result["reasoning"]
# Example usage
if __name__ == "__main__":
# Initialize agent session
agent_id = uuid.uuid4()
trace_id = register_agent_run(
agent_id=agent_id,
system_prompt="You are a helpful assistant."
)
# Log user input
log_event(
trace_id=trace_id,
event_type="user",
content={"message": "What's the weather in London?"},
schema={
"type": "object",
"properties": {
"message": {"type": "string"}
}
}
)
# Before executing a tool call, check if it's safe
is_safe, reasoning = check_action(
trace_id=trace_id,
action_content={
"location": "London, UK",
"units": "celsius"
},
action_schema={
"type": "function",
"name": "get_weather",
"description": "Get current weather",
"parameters": {
"type": "object",
"properties": {
"location": {"type": "string"},
"units": {"type": "string"}
}
}
}
)
if is_safe:
print("✅ Action approved - executing tool")
# Execute your tool here
else:
print(f"❌ Action blocked: {reasoning}")
```
```javascript JavaScript theme={null}
const axios = require('axios');
const { v4: uuidv4 } = require('uuid');
// Configuration
const API_KEY = 'YOUR_API_KEY';
const BASE_URL = 'https://api.fabraix.com/v1';
const headers = {
'x-api-key': API_KEY,
'Content-Type': 'application/json'
};
// Step 1: Register a new agent run
async function registerAgentRun(agentId, systemPrompt) {
const response = await axios.post(
`${BASE_URL}/register-agent-run`,
{
agent_id: agentId,
timestamp: new Date().toISOString(),
system_prompt: systemPrompt
},
{ headers }
);
return response.data.trace_id;
}
// Step 2: Log events during the agent loop
async function logEvent(traceId, eventType, content, schema) {
const response = await axios.post(
`${BASE_URL}/event`,
{
event_type: eventType,
trace_id: traceId,
timestamp: Date.now() / 1000,
content: JSON.stringify(content),
schema: JSON.stringify(schema)
},
{ headers }
);
return response.data.event_id;
}
// Step 3: Check actions before execution
async function checkAction(traceId, actionContent, actionSchema) {
const response = await axios.post(
`${BASE_URL}/check`,
{
event_type: 'action_check',
trace_id: traceId,
timestamp: Date.now() / 1000,
content: JSON.stringify(actionContent),
schema: JSON.stringify(actionSchema)
},
{ headers }
);
return {
isSafe: response.data.is_safe,
reasoning: response.data.reasoning
};
}
// Example usage
async function main() {
// Initialize agent session
const agentId = uuidv4();
const traceId = await registerAgentRun(
agentId,
'You are a helpful assistant.'
);
// Log user input
await logEvent(
traceId,
'user',
{ message: "What's the weather in London?" },
{
type: 'object',
properties: {
message: { type: 'string' }
}
}
);
// Before executing a tool call, check if it's safe
const { isSafe, reasoning } = await checkAction(
traceId,
{
location: 'London, UK',
units: 'celsius'
},
{
type: 'function',
name: 'get_weather',
description: 'Get current weather',
parameters: {
type: 'object',
properties: {
location: { type: 'string' },
units: { type: 'string' }
}
}
}
);
if (isSafe) {
console.log('✅ Action approved - executing tool');
// Execute your tool here
} else {
console.log(`❌ Action blocked: ${reasoning}`);
}
}
main().catch(console.error);
```
## What's Next?
Understand the fundamental concepts behind Fabraix
Run-time defence endpoints
Best practices for development and testing
Browse example implementations