Claude SDK Integration#

Integrate FirstOps with the Anthropic Claude SDK to govern Claude-powered agents and tool use.

Overview#

Claude's tool use and MCP support allows agents to interact with external services. FirstOps ensures every tool call is authenticated, authorized, and audited.

Setup#

1. Create an agent principal#

Create an autonomous agent principal in the FirstOps dashboard. You will receive an agent ID and a DPoP private key PEM.

2. Register connections#

fo connection add --name github --url https://mcp.github.com --auth bearer --token ghp_... --agent <agent-name>

3. Install dependencies#

pip install anthropic firstops

4. Configure tool use with FirstOps#

import firstops
import anthropic

# Start the FirstOps proxy — handles DPoP authentication per request
firstops.init(
    agent_id="<uuid>",
    private_key_pem=open("key.pem").read(),
)

client = anthropic.Anthropic()

# Use the FirstOps proxy URL as your MCP server endpoint
# Your agent framework connects to this URL instead of the upstream tool
mcp_url = "http://127.0.0.1:9322/mcp/proxy/<github-conn-id>"

# Wire the proxy URL into your Claude agent's MCP configuration
# The exact integration depends on how you configure MCP servers
# in your Claude-based agent framework

firstops.shutdown()

Claude Code and Claude Desktop#

For interactive use with Claude Code or Claude Desktop, use the human-delegated model instead:

fo auth login
fo setup
fo discover fix --all

This routes all MCP connections through FirstOps under your identity. See Human-Delegated Agents for details.

What gets enforced#

All policies from the agent's access group apply to every tool call, including Claude's automatic tool selection.