Quickstart

Get Started with Lelu

Send your first confidence-aware authorization request and see the decision in seconds. This guide will walk you through starting the engine, making an API call, and using the SDK.

Install and start Lelu

The fastest way to get Lelu running is with our one-command setup. This installs the SDK and automatically starts all services with Docker.

terminal

# Install SDK and start all services
npm install lelu-agent-auth
npx lelu-agent-auth init

✨ This command will:

• Check if Docker is installed

• Download docker-compose.yml

• Start all services (engine, platform, UI, database)

• Open browser to http://localhost:3002

💡 New: lelu studio now works like Prisma Studio!

Just run npx lelu studio and the UI opens immediately - no Docker required! The UI is bundled in the npm package.

Generate an API Key

Create an API key to authenticate your requests to the engine. The key is stored securely in Redis.

powershell

# Generate and store API key
./generate-api-key.ps1

# Or try anonymous API key access (no registration needed)
# Visit http://localhost:3002/api-key

✓ Your API key will be:

• Generated with secure random bytes

• Stored in Redis automatically

• Added to your .env file

• Ready to use immediately

Security Note

Never commit API keys to version control. The script automatically adds your key to .env which is gitignored.

Learn more about API key management

Call the API

Use the agent authorization endpoint with your API key. In this example, the agent is 85% confident it should delete an S3 object.

bash

curl -X POST http://localhost:8083/v1/agent/authorize \
  -H "Content-Type: application/json" \
  -H "X-API-Key: lelu_test_YOUR_KEY_HERE" \
  -d '{
    "actor": "agent-123",
    "action": "s3:DeleteObject",
    "resource": { "bucket": "prod-data" },
    "confidence": 0.85,
    "acting_for": "user-42",
    "scope": "storage:write"
  }'

Inspect the decision

The engine evaluates the request against your Rego policies. If the confidence meets the threshold, it's allowed. Otherwise, it might require human review.

json

{
  "allowed": true,
  "reason": "Confidence threshold met",
  "trace_id": "tr_7f30c2...",
  "requires_human_review": false,
  "confidence_used": 0.85
}

View audit logs and manage policies

Use the built-in CLI to view audit logs and manage policies directly from your terminal. The SDK was already installed in step 1.

terminal

# View audit logs
npx lelu-agent-auth audit-log

# Manage policies
npx lelu-agent-auth policies list
npx lelu-agent-auth policies get auth
npx lelu-agent-auth policies set auth ./auth.rego

You can also view audit logs and manage policies in the Web UI at http://localhost:3002

Use the SDK

For production applications, use our official SDKs to integrate Lelu directly into your codebase.

typescript

import { LeluClient } from "lelu-agent-auth";

const client = new LeluClient({
  baseUrl: "http://localhost:8083",
});

const decision = await client.agentAuthorize({
  actor: "agent-123",
  action: "s3:DeleteObject",
  resource: { bucket: "prod-data" },
  confidence: 0.85,
});

Previous: Introduction Next: Installation