LangChain governance middleware for Aegis ACP
Project description
aegis-langchain
Drop-in LangChain middleware that routes every tool invocation through Aegis's runtime governance pipeline before execution.
pip install aegis-langchain
What it does
Wraps a LangChain agent (AgentExecutor / Runnable) so every tool the agent decides to call is pre-checked by Aegis (POST /execute) before the tool actually runs. Blocked calls return a descriptive message back to the agent loop; allowed calls pass through unchanged.
Aegis decides what to block based on action semantics — the DROP TABLE, rm -rf, kubectl delete, external-PII-egress patterns in services/policy/policies/action_semantics_deny.rego. The deny is earned from the content of the action, not from a hardcoded "critical" tag on the agent. So a buyer flipping the agent's risk level can't accidentally bypass it.
Every check produces a signed audit row in the Aegis chain. Verify any of them offline with aegis-verify (the tools/aegis_verify/ CLI).
Three-line install
from aegis_langchain import AegisMiddleware
agent = AegisMiddleware(
my_langchain_agent,
api_key="acp_...", # or AEGIS_API_KEY env var
aegis_url="https://ha.aegisagent.in", # or AEGIS_URL env
tenant_id="00000000-0000-0000-0000-000000000001",
agent_id="<your-agent-uuid>",
)
result = agent.invoke({"input": "analyze the customer table and clean up old rows"})
# Each tool invocation is pre-checked. Blocked tools return a message
# explaining the deny; the agent reasons over it like any other tool
# observation.
Works with any LangChain agent that uses tools (AgentExecutor, structured-chat agents, custom runnables that invoke tools via tool_call).
Fail-closed by default
If the Aegis gateway is unreachable, tool invocations return deny with reason aegis_unreachable_fail_closed. Letting unchecked calls through because the security plane was down defeats the integration's purpose.
What you can verify offline
After any allowed (or denied) tool call:
GET /receipts/key— ed25519 PEMGET /compliance/export/eu-ai-act?period_start=…&period_end=…— signed bundleaegis-verify --bundle bundle.json— V1–V6 checks pass without any network call back to Aegis
Requirements
- Python 3.10+
langchain-core>=0.1(auto-pulled withpip install "aegis-langchain[langchain]")
See also
- aegis-anthropic — same pattern for Anthropic tool_use
- aegis-openai — same pattern for OpenAI tool_calls
- Aegis live demo — three real scenarios across three risk profiles
License
Apache 2.0.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file aegis_langchain-1.0.1.tar.gz.
File metadata
- Download URL: aegis_langchain-1.0.1.tar.gz
- Upload date:
- Size: 9.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
98ef6a6544bfe7376735ef3c81d327bd895a1e1293b3858242fea18397295787
|
|
| MD5 |
77c45500cba2bc4a86a4a35f8e885e51
|
|
| BLAKE2b-256 |
7dab4013af5ce38517e679ff9999ae24a3082815eb703e0c0ab889d82f559cc9
|
File details
Details for the file aegis_langchain-1.0.1-py3-none-any.whl.
File metadata
- Download URL: aegis_langchain-1.0.1-py3-none-any.whl
- Upload date:
- Size: 10.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
e6e03deaf657c6e4fdeb13ad82e4e3170070ee2f717e81b3e618dccde9da948b
|
|
| MD5 |
b4946e399feaac26601272cba40a9db5
|
|
| BLAKE2b-256 |
451878beb05e7aef7c27797875e5029179b60c0c0c0eb858fd4ca8fa7ee8804a
|
