Quick Start¶
Run your first Assay test in 60 seconds.
Prerequisites¶
- Assay installed (installation guide)
- An MCP session log (or use our example below)
Quick Start¶
Secure your agent in 60 seconds.
Prerequisites¶
- Assay installed (installation guide)
- A directory containing your agent code or MCP configuration.
1. Initialize¶
Run the wizard. Assay interprets your project structure (Python, Node, MCP) and generates a secure-by-default policy.
Artifacts Generated: - assay.yaml: The Policy-as-Code definition. - policy.yaml: Standard constraints (blocks exec, shell, python capabilities by default).
2. Capture Traces¶
Assay validates traces (logs of tool execution). If you don't have one yet, create a dummy trace to test the policy:
3. Validate¶
Run the validation engine. Because policy.yaml (generated by init) restricts filesystem access, this should fail.
Output:
✖ Validation failed (1 error)
[E_POLICY_VIOLATION] filesystem_read
Message: Path '/etc/passwd' matches blocked pattern
Source: policy
4. Fix or Relax¶
You have two choices: 1. Fix the Agent: Stop reading sensitive files. 2. Relax the Policy: Edit policy.yaml to allow specific paths.
5. CI Integration¶
Generate a GitHub Actions workflow to run this check on every Pull Request.
This creates .github/workflows/assay.yml. Now, any PR that violates your policy will be blocked automatically.
Next Steps¶
-
Your First Test
Write a custom policy from scratch.
-
CI Integration
Add Assay to GitHub Actions, GitLab, or Azure.
-
Sequence Rules
Enforce tool call order (e.g., "verify before delete").
-
MCP Deep Dive
Advanced MCP integration patterns.
Troubleshooting¶
"No trace file found"¶
Make sure you ran assay import first:
"Config version mismatch"¶
Run the migration command:
"Unknown tool in policy"¶
The tool name in your policy must match exactly what's in the trace. Check with:
Video Walkthrough¶
Coming soon — 60-second demo: Import → Run → CI