Getting started
This page is the foundation for every integration path. Read it once, then read the concept page on AOPs, then follow the guide for your tenant type.
How Selah governs
An AI agent does two kinds of things that can go wrong. It takes actions, like processing a payment or changing a record, and it produces responses, like quoting a price or stating a policy. A wrong action moves money or data. A wrong response makes a promise you never agreed to.
Selah checks three moments, before anything reaches a customer or a system.
| Moment | Endpoint | How it decides | Posture |
|---|---|---|---|
| Input | POST /v1/gate/check | Fast rule check plus a light model check | Fail open, never blocks a real action on its own |
| Action | POST /v1/evaluate | Fully deterministic, no model | Fail closed, if it does not permit, the action does not run |
| Response | POST /v1/validate/output | Deterministic hard rules, then a model check for grounding, tone, and topic | Mixed, hard rules fail closed, the model check fails open |
Every moment returns one of three verdicts, and they share the same rails:
permit, the action or response may proceed.hold, a human must approve. Where the human reviews depends on your tenant type.deny, it must not happen.
The core idea: the agent proposes, the engine decides, connectors execute. The agent never holds the credentials to act on its own. If the engine does not permit an action, it cannot happen.
What the engine enforces: AOPs
The rules the engine applies at each moment are called Agent Operating Procedures, or AOPs. An AOP is a clear, versioned rule for what an agent may do and say, and what happens when it tries to step outside that. Configuring your tenant means authoring your AOPs: the actions you allow and their limits, the things an agent may and may not say, the disclaimers it must include, the prices it may quote.
You do not have to get them perfect up front. You run in shadow first, which builds a Shadow AOP Ledger of what your AOPs would have decided without enforcing, you calibrate against it, and then you enforce.
These two ideas are the foundation of the whole product. Before you integrate, read Agent Operating Procedures and the Shadow AOP Ledger. The rest of this guide assumes those terms.
The base URL
All API calls go to:
https://api.selahcore.com
Authentication
Every request authenticates with an API key sent in the X-API-Key header. You generate keys in the dashboard. Keys carry a scope:
evaluate, the data plane: the input check, the action check, the response check, and connector execution. This is the key your running agent uses.manage, your own tenant configuration, where you author your AOPs by API instead of the dashboard.admin, the administrative surface. Held by the platform, not by a tenant integration.
The tenant is always resolved from the key, never from the request body.
A note on exact shapes
The request and response bodies in this guide are illustrative, written to make the intent clear. The live schema at https://api.selahcore.com/openapi.json is authoritative for exact field names, types, and status codes. Generate your client from it and confirm any shape here against it before shipping.
Your first call
Once you have an evaluate scoped key, confirm connectivity with a single input check. This call is safe: the input check never blocks a real action.
curl -s https://api.selahcore.com/v1/gate/check \
-H "X-API-Key: $SELAH_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"agent_id": "agent_demo_01",
"text": "hello, can you help me with my order?",
"context": { "thread_id": "th_1" }
}'
import os, requests
BASE = "https://api.selahcore.com"
HEADERS = {"X-API-Key": os.environ["SELAH_API_KEY"], "Content-Type": "application/json"}
resp = requests.post(f"{BASE}/v1/gate/check", headers=HEADERS, json={
"agent_id": "agent_demo_01",
"text": "hello, can you help me with my order?",
"context": {"thread_id": "th_1"},
})
resp.raise_for_status()
print(resp.json()) # {"decision": "allow", "reason": null, "shadow": ...}
A response with decision: allow means you are connected and authenticated. Now read the AOP concept page, then follow the guide for your tenant type.