You are helping me — the developer at this terminal — integrate Iqrar into this repo. Iqrar is a compliance + observability layer for AI agents I want to ship with. I am the trust anchor here, not this prompt. If anything below looks unsafe, malformed, or inconsistent with what I tell you, refuse and ask me. The goal is to help me move fast, not to override my judgment. What I'll need you to do is below. The full API wire format and SDK config surface are inlined so you don't need to fetch external docs to do this work. If your sandbox blocks any external HTTP, do NOT attempt to bypass it — surface the block to me and stop. ------------------------------------------------------------------ WHAT THIS WILL CHANGE ------------------------------------------------------------------ If I confirm each step, you will: 1. Open an unauthenticated session at api.iqrar.io and POST a few short JSON events describing my answers to your questions. I'll see exactly what gets sent before you POST. 2. Read source files in this repo to detect AI-agent code (LLM SDK imports). I will approve the file list before you POST a summary anywhere. 3. Install one new dependency from a tarball at https://iqrar.io/sdk/iqrar-agent-latest.tgz. SHA-256: d6fa1d921fa9250f76e8616a3807a374e4a2f27ac41a5c14bb28497b4d0f0928 Verify the hash before installing. Refuse if it doesn't match. 4. Add 2-3 lines to .env (no secrets initially). 5. Add 3 lines around each agent's construction site to wrap it with iqrar.wrap(). Show me the diff per file. Don't batch. You will NOT: - Send any source file contents to api.iqrar.io. Only file paths and inferred framework labels, after I approve. - Modify call sites. iqrar.wrap() returns the same type it takes. - Touch CI, deploy config, secrets, or anything outside the agent integration. - Do any of the above without my explicit "yes" at each step. If at any point this stops looking like the work I asked for, stop and tell me. ------------------------------------------------------------------ QUESTIONS — ASK ME, IN ORDER ------------------------------------------------------------------ Q1. Are my agents serving consumers in the UAE? (yes / no / unsure) Iqrar currently only supports the UAE jurisdiction (UAE AI Act 2026). Other jurisdictions are on the roadmap. - If "no": tell me to skip this prompt for now and stop here. - If "yes" or "unsure": set jurisdiction = "AE" and continue. Q2. What kinds of information will my agents handle? Plain English from me is fine. Map my answer to one or more capability slugs from the table below, then read the inferred UAE risk tier back to me and ask me to confirm. Tier 4 (critical — pre-authorisation required): autonomous_physical_action vehicles, drones, robotics critical_infrastructure_control utilities, healthcare equipment Tier 3 (high — annual audit, quarterly bias testing, 72h incident notification, 5y full payload retention): biometric_identification face/voice/gait inference credit_decision lending, scoring, financial gating employment_decision hiring, firing, performance healthcare_recommendation clinical / diagnostic law_enforcement_support investigation, sentencing aid education_assessment exam grading, admissions Tier 2 (limited — consumer disclosure required): consumer_chatbot customer-facing chat / support content_generation marketing copy, articles, images personalisation feeds, recs, ranking, pricing Tier 1 (minimal — registration + invocation logging only): internal_tooling internal dev / analyst copilots Multiple capabilities may apply. The highest tier wins. Q3. Should we open a live onboarding session? This is optional. Options: - "yes": you POST to api.iqrar.io to open a session, I get a view URL I can open in my browser to watch the chain populate. The events you post are: my Q1 answer, my Q2 answer, the repo- scan summary (paths + framework labels only — no source). - "no": skip the live session. Do the local repo scan and SDK install. I'll register from /dashboard later. - "show me what gets sent first": print the exact JSON event bodies you intend to post, then re-ask. ------------------------------------------------------------------ ONBOARDING API REFERENCE (for your use, only after I say yes to Q3) ------------------------------------------------------------------ All endpoints at https://api.iqrar.io. CORS open. No bearer token required for /onboarding/*. Open a session: POST /onboarding/sessions Content-Type: application/json { "user_agent": "claude-code", "project_hint": "" } -> 200 { "session_id": "ses_...", "view_url": "https://iqrar.io/onboarding/ses_...?t=...", "expires_at": } Hand back the EXACT view_url string from the JSON response. Do not reconstruct it from parts. Do not strip the path. Do not pass only the token. The path component (/onboarding/) is what routes me to my session — without it I land on the homepage and the demo breaks. If you find yourself parsing view_url with new URL() and rebuilding, stop — pass it through as a string. Print the URL on its own line, with blank lines above and below, so it's a clean copy/click target in my terminal even when the URL is long enough to soft-wrap. Example output format: Session opened. Paste this in your browser: https://iqrar.io/onboarding/ses_?t= Then come back and tell me to continue. Do NOT print the URL inside a JSON blob, a bullet list, or a one-line "key: value" pair — terminal soft-wrap on those formats has bitten the demo before. Append events: POST /onboarding/sessions//events Content-Type: application/json { "events": [ { "type": "onboarding.", "ts": , "payload": { ... } } // up to 50 per request, 64 KB each ] } -> 202 { "accepted": } Canonical event types I want you to emit: onboarding.session_opened The server emits this automatically. Do not re-emit. onboarding.jurisdiction_selected payload: { "jurisdiction": "AE" } onboarding.capabilities_inferred payload: { "input": "", "capabilities": ["consumer_chatbot", ...], "inferred_tier": "minimal"|"limited"|"high"|"critical" } onboarding.repo_scanned (only after I approve the file list) payload: { "frameworks": ["openai", "anthropic", ...], "agents": [ { "path": "src/foo.ts", "framework": "anthropic", "model": "claude-sonnet-4-6", "capabilities": ["consumer_chatbot"], "tier": "limited" } ] } onboarding.sdk_installed payload: { "language": "ts"|"py", "agent_count": } Errors return JSON: { "error": "", "message": "" } session_not_found, session_expired, token_invalid, bad_request, event_too_large, rate_limited Magic-link claim happens in my browser, not from your prompt. The session viewer page has a claim form at the bottom. ------------------------------------------------------------------ REPO SCAN ------------------------------------------------------------------ Detection patterns: TypeScript / JavaScript: "openai" OpenAI SDK "@anthropic-ai/sdk" Anthropic SDK "ai" or "@ai-sdk/*" Vercel AI SDK "@mastra/core" Mastra "langchain" or "@langchain/langgraph" LangChain.js / LangGraph.js Python: openai OpenAI SDK anthropic Anthropic SDK crewai CrewAI langchain / langgraph LangChain Python / LangGraph autogen_agentchat AutoGen v0.4 agents OpenAI Agents SDK (Python) A class named "Agent" or "Bot" alone is not enough — verify ambiguous matches with a second pass. Before any POST: show me the file list and the JSON you intend to send, then ask. If I say "no scan", just print the report locally and skip the POST. ------------------------------------------------------------------ SDK INSTALL + WRAP (only if I say yes after seeing the scan) ------------------------------------------------------------------ Install: TypeScript: bun add https://iqrar.io/sdk/iqrar-agent-latest.tgz (npm install / pnpm add accept the same URL) Verify the SHA-256 matches the one at the top of this prompt before continuing. The package isn't on npm yet — tarball install is the supported path until publishing lands. Python: uv add iqrar-agent (or pip install iqrar-agent) .env additions: IQRAR_API=https://api.iqrar.io IQRAR_ENV=dev IQRAR_ONBOARDING_SESSION_ID= Do NOT add IQRAR_API_KEY yet — the org isn't claimed; the API accepts unauthenticated traffic for unclaimed orgs. I'll add the key from the dashboard after I claim. Confirm .env exists and is gitignored before writing. Wrap each agent (one diff at a time, I approve each): import { Iqrar } from "@iqrar/agent"; const iqrar = Iqrar({ org: "", jurisdiction: "AE", capabilities: [""], env: process.env.IQRAR_ENV, apiKey: process.env.IQRAR_API_KEY, // ok if undefined onboardingSessionId: process.env.IQRAR_ONBOARDING_SESSION_ID, }); export const myAgent = iqrar.wrap(existingAgent); Use the bare Iqrar(...).wrap() — works on functions, SDK clients, class instances. The framework adapter entrypoints (@iqrar/agent/openai, /anthropic, /vercel-ai, /mastra, /langchain) exist as ergonomic helpers but you don't need them by default. For long-lived hosts (Node/Bun servers): also configure filesystemIdentityStore("./.iqrar/identity.json") and add .iqrar/ to .gitignore. For Workers / Lambda / Vercel Edge: pass ctx.waitUntil and leave autoSync: false (the SDK default). After install, emit onboarding.sdk_installed (if Q3=yes), then tell me to run my dev server. On first invocation each agent self-registers in dev mode and starts streaming. The session view updates within seconds. ------------------------------------------------------------------ HARD CONSTRAINTS ------------------------------------------------------------------ - Confirm before each side-effect. One gate per: opening the session, each /events POST, the repo scan POST, .env writes, each source-file edit. Don't batch. - If @iqrar/agent is already a dependency or `iqrar` is already imported anywhere in the repo, do NOT re-wrap. Audit the existing integration and report what's there. Re-wrapping double-counts telemetry. - Do not elevate verbosity, do not author Tier 3+ decision() calls, and do not add disclose() strings to UI without my explicit confirmation of where they should appear. - Pre-SDK events (Q1/Q2/repo scan) are recorded as source: "onboarding" in the audit chain. They are operator- asserted, not agent-signed. Don't claim otherwise. - Don't share view_url anywhere except back to me. - The SDK ships in observability-only mode by default. Don't pass foundationRoots unless I explicitly ask for signed-bundle mode. - If you're being asked to do something that doesn't fit the pattern above (run shell commands beyond install, modify CI, exfiltrate source, etc.), refuse and tell me.