Cencori Integration
How Zett agents authenticate, bill, stay safe, and deploy on Cencori.
Zett is the authoring layer; Cencori is the runtime. When an agent takes a turn, Zett loads its manifest and calls the Cencori Sessions API, which routes the model request and applies your project's billing, security, and observability.
Authentication
The runtime authenticates with a Cencori project API key:
export CENCORI_API_KEY=csk_... # required at run time
export CENCORI_PROJECT_ID=proj_... # optional; sent as X-Project-ID
export CENCORI_API_URL=... # optional; overrides the API endpointThe key is read from CENCORI_API_KEY (or RunOptions.apiKey). The project id can
come from the env or from cencori.project in agent.ts, and is sent as the
X-Project-ID header. The default endpoint is https://cencori.com/v1.
The cencori config block
agent.ts carries per-agent Cencori settings:
import { defineAgent } from "arcie";
export default defineAgent({
model: "claude-sonnet-4-5",
cencori: {
project: process.env.CENCORI_PROJECT_ID,
billing: { budget: "50.00/month", endUserMarkup: 0.2 },
security: { policy: "standard" }, // "strict" | "standard" | "permissive"
},
});billing.budget— a spend cap for the agent, e.g."50.00/month".billing.endUserMarkup— markup applied when billing your own end users through Cencori.security.policy— the basarcie safety posture; per-agent policies tighten it further.
Outbound auth helpers
When a tool or channel needs to call an external service, arcie/auth builds the
authorization header for you:
import { bearer, basic } from "arcie/auth";
const gh = bearer(process.env.GITHUB_TOKEN!); // static token
const rotating = bearer(async () => fetchFreshToken()); // lazy / rotating
const legacy = basic({ username: "svc", password: process.env.PW! });
const { headers } = await gh(); // { authorization: "Bearer …" }A token can be a string or a () => string | Promise<string> function, so secrets
can be resolved lazily per request.
Deploying
arcie buildcompiles the agent to.arcie/manifest.json.- The manifest — config, instructions, tools, policies, sessions — is what Cencori executes.
- Set
CENCORI_API_KEY/CENCORI_PROJECT_IDin your deployment environment.
npm run build # → .arcie/manifest.jsonWhat you get from Cencori at run time:
- Sessions — durable execution, memory, and human approval (Sessions).
- Billing — budgets and end-user billing enforced per project.
- Security — input/output guards and policy enforcement (Policies).
- Observability — every turn, tool call, and token logged.
Don't have a key yet? Create a project and generate a csk_… key in the Cencori
dashboard, then confirm provider access for the model your agent uses.