Skip to main content

Quickstart goals

Onboard one agent

Register ownership, environment, and declared scope.

Connect one tool

Apply least-privilege access before first execution.

Enforce one policy

Add a rule that requires approval for risky writes.

Validate one trace

Confirm decision evidence and remediation path quality.

1) Register an agent

Create an agent record in Xenovia with:
  • agent_id
  • owner
  • environment
  • declared_scope (high-level allowed actions)

2) Attach tool access

Connect at least one tool your agent can call (for example, a ticketing API, data system, or workflow endpoint). Scope permissions to minimum required operations.
Avoid broad wildcard permissions during initial rollout. Start narrow and expand based on observed behavior.

3) Add a runtime policy

Define a baseline policy:
  • Allow low-risk reads in scope.
  • Require approval for write actions crossing environment boundaries.
  • Block actions outside declared scope.
Safe, in-scope read operations with low blast radius.

4) Run and inspect

Execute a known workflow and inspect:
  • Requested action and inferred intent.
  • Scope and policy comparison.
  • Final runtime decision.
  • Linked trace evidence.

5) Validate remediation flow

Trigger a controlled out-of-scope request and confirm operators can:
  • Review context.
  • Approve or deny with reason.
  • Update policy without losing historical evidence.
Next, review Platform Overview for the full runtime model.