Zero to brokered credential
Two paths: use a hosted Keyward (fastest), or run the whole stack locally with Docker. Both end the same way — an ALLOW, a DENY, and a delegation chain in your audit log.
Hosted: create a tenant
Sign up on the dashboard — that creates your organization, makes you its owner, and seeds a starter wildcard allow policy you can tighten later. Then add a secret (Secrets → add) and register an agent (or let the demo self-provision below).
Local: run the stack
git clone <your-keyward-repo> && cd keyward
cp .env.example .env
pnpm run up # Keycloak + Postgres via Docker
pnpm install
pnpm dev # control plane → http://localhost:8787
pnpm dashboard # console → http://localhost:3000 (second terminal)
pnpm agent # demo agent (third terminal)The demo agent logs in as the test user (dev / devpass), self-provisions an orchestrator and a sub-agent, then proves the whole wedge: an ALLOW for stripe:charges:read, a DENY for an out-of-scope request, and a delegated credential where the sub-agent acts under the orchestrator's credential — the full nested RFC 8693 actor chain, cryptographically bound.
Drop the SDK into your agent
import { createClient } from "@keyward/sdk";
const kw = createClient({
controlPlaneUrl: "https://broker.your-domain.com",
token: endUserToken,
agent: "my-agent",
});
// scoped, short-lived, cached client-side until it nears expiry
const cred = await kw.get("stripe", "charges:read", "5m");Or scaffold with the CLI: npx keyward init --template mcp writes the env wiring and a starter that already calls the broker. Existing MCP server? npx keyward wrap ./server.ts adopts it without a rewrite.
See the tied audit row
Open the console's Audit page. Every row shows the authorizing human, the acting agent (and chain), the provider:scope, and the decision. Deny rows are recorded with the same fidelity as allows — that symmetry is the point.