Python SDK for Agent Capability Runtime — runtime-enforced capability permissions for AI agents
Project description
ACR Python SDK
Python client for Agent Capability Runtime — runtime-enforced capability permissions for AI agents.
Install
From source (PyPI publish pending):
cd Agent_Capability_Runtime/packages/sdk-python
pip install -e ".[dev]"
When published:
pip install acr-sdk
Quick Start
Embedded mode — zero infrastructure
No gateway, no Docker, no Node. Policy enforcement runs inside your process:
from acr import LocalAcrClient, can
client = LocalAcrClient() # in-process runtime
grant = client.grant_sync(
can("gmail.send").only_domain("company.com").limit(5).to_grant_input(agent_id="a1")
)
result = client.execute_sync(
token=grant.token, tool="gmail.send",
payload={"to": "user@company.com", "subject": "Hello"},
)
print(result.decision) # "ALLOW"
result = client.execute_sync(
token=grant.token, tool="gmail.send",
payload={"to": "attacker@gmail.com", "subject": "Exfil"},
)
print(result.decision) # "DENY"
Or let the environment decide (gateway when ACR_GATEWAY_URL is set, embedded otherwise):
from acr import create_client
client = create_client()
Async (FastAPI / LangChain) — gateway mode
from acr import AcrClient, can
async with AcrClient(base_url="http://localhost:3000") as client:
# Grant a scoped capability
grant = await client.grant(
can("gmail.send")
.only_domain("company.com")
.limit(5)
.expires_in("10m")
.to_grant_input(agent_id="support_agent")
)
# Execute — ALLOW (internal domain)
result = await client.execute(
token=grant.token,
tool="gmail.send",
payload={"to": "user@company.com", "subject": "Hello"},
)
print(result.decision) # "ALLOW"
# Execute — DENY (external domain blocked)
result = await client.execute(
token=grant.token,
tool="gmail.send",
payload={"to": "attacker@gmail.com", "subject": "Exfil"},
)
print(result.decision) # "DENY"
Sync
from acr import AcrClient, can
client = AcrClient(base_url="http://localhost:3000")
grant = client.grant_sync(
can("gmail.send")
.only_domain("company.com")
.to_grant_input(agent_id="agent_1")
)
result = client.execute_sync(
token=grant.token,
tool="gmail.send",
payload={"to": "user@company.com", "subject": "Hello"},
)
client.close()
Fluent DSL
The can() builder mirrors the TypeScript DSL:
from acr import can
# Email constraints
can("gmail.send").only_domain("company.com").limit(5).no_attachments()
# HTTP constraints
can("http.request").where(method.in_(["GET", "POST"])).where(url.in_(["https://api.example.com"]))
# Spending limit with approval
can("gmail.send").max_spend(100_00).require_approval()
# Intent-based governance
can("gmail.send").when_intent("customer_support").when_intent_action("support", "reply")
# Time-based
can("gmail.send").allowed_hours(9, 17)
Full API
| Method | Async | Sync |
|---|---|---|
| Grant capability | client.grant(input) |
client.grant_sync(input) |
| Execute tool | client.execute(...) |
client.execute_sync(...) |
| Delegate capability | client.delegate(parent_token, input) |
client.delegate_sync(...) |
| Revoke capability | client.revoke(capability_id) |
client.revoke_sync(...) |
| List approvals | client.list_approvals() |
client.list_approvals_sync() |
| Approve | client.approve(approval_id) |
client.approve_sync(...) |
| Reject | client.reject(approval_id) |
client.reject_sync(...) |
| Audit log | client.list_audit() |
client.list_audit_sync() |
| Verify audit chain | client.verify_audit_chain() |
client.verify_audit_chain_sync() |
| Health check | client.health() |
client.health_sync() |
Admin Authentication
client = AcrClient(
base_url="http://localhost:3000",
admin_api_key="your-admin-secret",
)
LangChain integration
pip install "acr-sdk[langchain]"
from acr import can
from acr.langchain import protect
tools = protect(my_tools, agent_id="my_agent", policy=can("http.request").limit(50))
See packages/integrations/langchain.
Requirements
- Python 3.10+
- Embedded mode: nothing else
- Gateway mode: a running ACR gateway (
pnpm dev:gateway)
Gateway e2e
With the gateway running:
python packages/sdk-python/examples/demo_wow.py # deny / approval / revoke narrative
python packages/sdk-python/examples/e2e_gateway.py
# or
ACR_RUN_E2E=1 pytest packages/sdk-python/tests/test_e2e_gateway.py -v
License
MIT — see LICENSE
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
acr_sdk-0.1.0.tar.gz
(24.2 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
acr_sdk-0.1.0-py3-none-any.whl
(19.1 kB
view details)
File details
Details for the file acr_sdk-0.1.0.tar.gz.
File metadata
- Download URL: acr_sdk-0.1.0.tar.gz
- Upload date:
- Size: 24.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.4
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
420775517b1edcaf9d3a5242f546ed112824c42d3da84a60c335ca4e35f91623
|
|
| MD5 |
486a67ea6239e7ce568d2cd3b577fb25
|
|
| BLAKE2b-256 |
74aecfc124a5f520617e54016264eb5186b159824d88978e4e8429a9403c848b
|
File details
Details for the file acr_sdk-0.1.0-py3-none-any.whl.
File metadata
- Download URL: acr_sdk-0.1.0-py3-none-any.whl
- Upload date:
- Size: 19.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.4
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
b34e66f2cb0c8fcee5590a7e0bb4d5a68d3478764b393df770bb58426265d685
|
|
| MD5 |
1a4825feb56e7efc3cc76d60852ea71d
|
|
| BLAKE2b-256 |
b58560fffa8d4351f0e56c400c224012439dcc04f192d402830073ff75fe21f8
|
