AgentGuard Setup
Configure your agent endpoint, authentication, request format, and optional tool definitions.
AgentGuard Setup
Configure your deployed agent so AgentGuard can send requests and parse responses. You need: endpoint URL, authentication (if any), and the request/response format your API expects.
Configuration Fields
| Field | Description |
|---|---|
| Name | A label for this agent (e.g. "Production Chatbot") |
| Endpoint URL | Full HTTP(S) URL (e.g. https://api.example.com/chat) |
| Auth method | How to authenticate requests |
| Request format | HTTP method, message field, response field |
| Tools (optional) | Tool names and descriptions for dynamic probes |
Setup Steps
Name and URL
Choose a descriptive name and the exact URL your agent accepts. The URL must be reachable from ZeroLeaks infrastructure (public or whitelisted).
Name: Production Support Agent
URL: https://api.mycompany.com/v1/chatAuthentication
AgentGuard supports four auth methods:
| Method | Use case |
|---|---|
| None | Public or unauthenticated endpoints |
| Bearer | Authorization: Bearer <token> |
| API Key | X-API-Key: <key> (or similar header) |
| Custom Header | Any header name and value (e.g. X-My-Auth: secret) |
For Bearer, provide the token. For API Key, provide the key (it will be sent in X-API-Key). For Custom Header, provide both the header name (e.g. X-Auth-Token) and the value.
Request Format
Configure how messages are sent and how responses are read.
Method: POST (typical) or GET.
Message field: The JSON key for the user message. Common values:
messagecontentinputpromptmessages(for array-based APIs, the last user message is used)
Response field: The JSON path to the assistant reply. Examples:
response— top-levelresponsefieldchoices[0].message.content— OpenAI-styleoutput.text— nested object
If your API uses a custom body template instead of a simple message field, you can provide a bodyTemplate with {{message}} as the placeholder.
Optional Tool Definitions
If your agent exposes tools (e.g. send_email, http_request, run_sql), list them with name and description. AgentGuard generates dynamic tool-specific probes that target each tool:
- Email tools → probes for unauthorized sending to external addresses
- HTTP tools → probes for SSRF, exfiltration
- Database tools → probes for data dump, credential exposure
- File tools → probes for reading sensitive paths
Example:
[
{ "name": "send_email", "description": "Sends an email to a recipient" },
{ "name": "http_request", "description": "Makes HTTP requests to URLs" }
]Example Configurations
OpenAI-compatible API:
Method: POST
Message field: messages (last user message)
Response field: choices[0].message.content
Auth: Bearer <your-api-key>Simple REST chat:
Method: POST
Message field: message
Response field: response
Auth: X-API-Key <key>Custom body template:
Method: POST
Body template: {"query": "{{message}}", "model": "default"}
Response field: reply
Auth: Custom header X-Service-KeyValidation
Before running a full scan, verify:
- The endpoint is reachable from the internet (or from ZeroLeaks IPs if you use IP allowlisting)
- Auth credentials are correct
- The message/response fields match your API schema
- The agent responds within the timeout (45 seconds per request)
If a probe fails with connection or timeout errors, check your endpoint configuration and network access.