Governance SDK for AI Agents - Runtime policy enforcement, activity capture, and approval workflows
Project description
Agendex SDK
Resource-Level Governance for AI Agents - Dynamic task-scoped access control, parameter inspection, and tamper-evident audit trails.
What Makes Agendex Different
| Traditional IAM | Agendex |
|---|---|
| "Agent can use payment tool" | "Agent doing vendor_payment task can call payments API if amount < $1000" |
| Static permissions | Dynamic, task-scoped |
| No parameter inspection | Full body/query inspection |
| Tool-level control | Resource-level control |
Installation
pip install agendex
With framework extras:
pip install agendex[langchain] # LangChain integration
pip install agendex[crewai] # CrewAI integration
pip install agendex[all] # All integrations
Quick Start: Resource-Level Governance (~30 lines)
from agendex import AgendexClient, GovernedDBClient, GovernedS3Client, GovernedHTTPSession
from agendex.errors import DeniedError, PendingApprovalError
# 1. Create client (reads config from env vars)
client = AgendexClient()
# 2. Create governed resource clients
db = GovernedDBClient(client, task="monthly_report")
s3 = GovernedS3Client(client, task="monthly_report")
http = GovernedHTTPSession(client, task="monthly_report")
# 3. Use in your tools - governance happens automatically
def fetch_revenue(month: str) -> str:
try:
result = db.query("monthly_revenue", {"month": month})
return json.dumps(result.get("rows", []))
except DeniedError as e:
return f"[DENIED] {e.reason}"
except PendingApprovalError as e:
return f"[APPROVAL REQUIRED] ID: {e.approval_id}"
def initiate_payment(amount: float, vendor: str) -> str:
try:
result = http.post(
"https://payments.api/v1/pay",
json={"amount": amount, "vendor": vendor}
)
return json.dumps(result)
except DeniedError as e:
return f"[DENIED] {e.reason}" # e.g., "amount > 5000"
Environment Variables
| Variable | Description | Default |
|---|---|---|
AGENDEX_URL |
Proxy URL | http://localhost:8000 |
AGENDEX_AGENT_ID |
Agent identifier | required |
AGENDEX_TOKEN |
Bearer token | required |
How It Works
+-----------------------------------------------------------------+
| Agent Process |
| |
| Tool: fetch_revenue("2025-01") |
| | |
| v |
| GovernedDBClient.query("monthly_revenue", {month: "2025-01"}) |
| | |
+---------+--------------------------------------------------------+
|
v
+-----------------------------------------------------------------+
| Agendex Proxy |
| |
| /evaluate: { |
| action: "db.query.run", |
| params: {query_id: "monthly_revenue"}, |
| task: "monthly_report" |
| } |
| | |
| v |
| Policy: Allow db.query.run IF query_id=monthly_revenue |
| AND task IN [monthly_report, demo] |
| | |
| v |
| /invoke -> DBQueryAdapter -> SQLite -> rows |
| |
+-----------------------------------------------------------------+
Policy Examples
agents:
finance_bot:
allow:
# DB: Only specific queries, scoped by task
- action: "db.query.run"
resources:
- type: db_query
query_id: "monthly_revenue"
tasks: ["monthly_report", "demo"]
# S3: Only specific buckets/prefixes
- action: "s3.reports.fetch"
resources:
- type: s3
bucket: "reports-bucket"
key_prefix: "monthly/"
# HTTP: Parameter-aware decisions
- action: "http.service.call"
condition: "body.amount < 1000"
- action: "http.service.call"
condition: "1000 <= body.amount <= 5000"
require_approval: true
# CRM: Scoped to lookup only
- action: "crm.lookup"
tasks: ["support"]
deny:
- action: "http.service.call"
condition: "body.amount > 5000"
Resource Clients
| Client | Action | What It Governs |
|---|---|---|
GovernedDBClient |
db.query.run |
Query ID, parameters |
GovernedS3Client |
s3.reports.fetch |
Bucket, key prefix |
GovernedHTTPSession |
http.service.call |
Domain, path, method, body |
GovernedCRMClient |
crm.lookup, crm.update |
Account ID, status changes |
GovernedTool |
any custom action | Arbitrary params |
GovernedTool: Custom Actions
For actions that don't fit a built-in client, use GovernedTool:
from agendex import GovernedTool
# Wrap any action
slack = GovernedTool(client, action="slack.post", task="alerts")
slack.invoke(channel="#ops", message="System alert!")
# Or call it directly
email = GovernedTool(client, action="email.send", task="notifications")
email(to="admin@co.com", subject="Report ready")
Configuration
Override default action names globally:
from agendex import configure_actions
configure_actions(
db_query="database.execute", # db.query -> database.execute
http_request="api.call", # http.request -> api.call
crm_lookup="salesforce.lookup", # crm.lookup -> salesforce.lookup
)
Integration Overhead
~31 lines to add Agendex to an existing agent:
- 2 lines: imports
- 3 lines: config
- 3 lines: tool signatures
- 18 lines: error handling (6 per tool)
- 5 lines: initialization
Documentation
- Quickstart Guide - Step-by-step integration
- API Reference - Complete SDK docs
License
MIT
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
agendex-0.2.6.tar.gz
(56.2 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
agendex-0.2.6-py3-none-any.whl
(53.9 kB
view details)
File details
Details for the file agendex-0.2.6.tar.gz.
File metadata
- Download URL: agendex-0.2.6.tar.gz
- Upload date:
- Size: 56.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
49af5f49608da0d22e5fa8e80d2b34526ae24b8eb6702ee76d16d25200fa4f36
|
|
| MD5 |
18be1774afffbbb1925abbcf37a42efc
|
|
| BLAKE2b-256 |
7c2e2eab7d1dd347e1ac34106f5cd74ed8bd807bbd9de3bcb490ef82f8557fe5
|
Provenance
The following attestation bundles were made for agendex-0.2.6.tar.gz:
Publisher:
publish-sdk.yml on IshanTiwari0112/agent-governance
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
agendex-0.2.6.tar.gz -
Subject digest:
49af5f49608da0d22e5fa8e80d2b34526ae24b8eb6702ee76d16d25200fa4f36 - Sigstore transparency entry: 1164014447
- Sigstore integration time:
-
Permalink:
IshanTiwari0112/agent-governance@b5911ba29ff279906399d02b5414c73b9ca0b93b -
Branch / Tag:
refs/tags/sdk/v0.2.6 - Owner: https://github.com/IshanTiwari0112
-
Access:
private
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish-sdk.yml@b5911ba29ff279906399d02b5414c73b9ca0b93b -
Trigger Event:
push
-
Statement type:
File details
Details for the file agendex-0.2.6-py3-none-any.whl.
File metadata
- Download URL: agendex-0.2.6-py3-none-any.whl
- Upload date:
- Size: 53.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
418b5edbab0997d96c031afda3eaff340aaff4387e0d2d0fd9e43f570f9538cb
|
|
| MD5 |
483dee62deff8b3bbf03fe56edb306ce
|
|
| BLAKE2b-256 |
07821613e7e17757a6ec928940dc53ac24c6a7e6417ec266b635cd311a7aa30f
|
Provenance
The following attestation bundles were made for agendex-0.2.6-py3-none-any.whl:
Publisher:
publish-sdk.yml on IshanTiwari0112/agent-governance
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
agendex-0.2.6-py3-none-any.whl -
Subject digest:
418b5edbab0997d96c031afda3eaff340aaff4387e0d2d0fd9e43f570f9538cb - Sigstore transparency entry: 1164014500
- Sigstore integration time:
-
Permalink:
IshanTiwari0112/agent-governance@b5911ba29ff279906399d02b5414c73b9ca0b93b -
Branch / Tag:
refs/tags/sdk/v0.2.6 - Owner: https://github.com/IshanTiwari0112
-
Access:
private
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish-sdk.yml@b5911ba29ff279906399d02b5414c73b9ca0b93b -
Trigger Event:
push
-
Statement type:
