Governance SDK for AI Agents - Runtime policy enforcement, activity capture, and approval workflows
Project description
Agendex SDK
Resource-Level Governance for AI Agents - Dynamic task-scoped access control, parameter inspection, and tamper-evident audit trails.
What Makes Agendex Different
| Traditional IAM | Agendex |
|---|---|
| "Agent can use payment tool" | "Agent doing vendor_payment task can call payments API if amount < $1000" |
| Static permissions | Dynamic, task-scoped |
| No parameter inspection | Full body/query inspection |
| Tool-level control | Resource-level control |
Installation
pip install agendex
With framework extras:
pip install agendex[langchain] # LangChain integration
pip install agendex[crewai] # CrewAI integration
pip install agendex[all] # All integrations
Quick Start: Resource-Level Governance (~30 lines)
from agendex import AgendexClient, GovernedDBClient, GovernedS3Client, GovernedHTTPSession
from agendex.errors import DeniedError, PendingApprovalError
# 1. Create client (reads config from env vars)
client = AgendexClient()
# 2. Create governed resource clients
db = GovernedDBClient(client, task="monthly_report")
s3 = GovernedS3Client(client, task="monthly_report")
http = GovernedHTTPSession(client, task="monthly_report")
# 3. Use in your tools - governance happens automatically
def fetch_revenue(month: str) -> str:
try:
result = db.query("monthly_revenue", {"month": month})
return json.dumps(result.get("rows", []))
except DeniedError as e:
return f"[DENIED] {e.reason}"
except PendingApprovalError as e:
return f"[APPROVAL REQUIRED] ID: {e.approval_id}"
def initiate_payment(amount: float, vendor: str) -> str:
try:
result = http.post(
"https://payments.api/v1/pay",
json={"amount": amount, "vendor": vendor}
)
return json.dumps(result)
except DeniedError as e:
return f"[DENIED] {e.reason}" # e.g., "amount > 5000"
Environment Variables
| Variable | Description | Default |
|---|---|---|
AGENDEX_URL |
Proxy URL | http://localhost:8000 |
AGENDEX_AGENT_ID |
Agent identifier | required |
AGENDEX_TOKEN |
Bearer token | required |
How It Works
+-----------------------------------------------------------------+
| Agent Process |
| |
| Tool: fetch_revenue("2025-01") |
| | |
| v |
| GovernedDBClient.query("monthly_revenue", {month: "2025-01"}) |
| | |
+---------+--------------------------------------------------------+
|
v
+-----------------------------------------------------------------+
| Agendex Proxy |
| |
| /evaluate: { |
| action: "db.query.run", |
| params: {query_id: "monthly_revenue"}, |
| task: "monthly_report" |
| } |
| | |
| v |
| Policy: Allow db.query.run IF query_id=monthly_revenue |
| AND task IN [monthly_report, demo] |
| | |
| v |
| /invoke -> DBQueryAdapter -> SQLite -> rows |
| |
+-----------------------------------------------------------------+
Policy Examples
agents:
finance_bot:
allow:
# DB: Only specific queries, scoped by task
- action: "db.query.run"
resources:
- type: db_query
query_id: "monthly_revenue"
tasks: ["monthly_report", "demo"]
# S3: Only specific buckets/prefixes
- action: "s3.reports.fetch"
resources:
- type: s3
bucket: "reports-bucket"
key_prefix: "monthly/"
# HTTP: Parameter-aware decisions
- action: "http.service.call"
condition: "body.amount < 1000"
- action: "http.service.call"
condition: "1000 <= body.amount <= 5000"
require_approval: true
# CRM: Scoped to lookup only
- action: "crm.lookup"
tasks: ["support"]
deny:
- action: "http.service.call"
condition: "body.amount > 5000"
Resource Clients
| Client | Action | What It Governs |
|---|---|---|
GovernedDBClient |
db.query.run |
Query ID, parameters |
GovernedS3Client |
s3.reports.fetch |
Bucket, key prefix |
GovernedHTTPSession |
http.service.call |
Domain, path, method, body |
GovernedCRMClient |
crm.lookup, crm.update |
Account ID, status changes |
GovernedTool |
any custom action | Arbitrary params |
GovernedTool: Custom Actions
For actions that don't fit a built-in client, use GovernedTool:
from agendex import GovernedTool
# Wrap any action
slack = GovernedTool(client, action="slack.post", task="alerts")
slack.invoke(channel="#ops", message="System alert!")
# Or call it directly
email = GovernedTool(client, action="email.send", task="notifications")
email(to="admin@co.com", subject="Report ready")
Configuration
Override default action names globally:
from agendex import configure_actions
configure_actions(
db_query="database.execute", # db.query -> database.execute
http_request="api.call", # http.request -> api.call
crm_lookup="salesforce.lookup", # crm.lookup -> salesforce.lookup
)
Integration Overhead
~31 lines to add Agendex to an existing agent:
- 2 lines: imports
- 3 lines: config
- 3 lines: tool signatures
- 18 lines: error handling (6 per tool)
- 5 lines: initialization
Documentation
- Quickstart Guide - Step-by-step integration
- API Reference - Complete SDK docs
License
MIT
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
agendex-0.2.5.tar.gz
(42.8 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
agendex-0.2.5-py3-none-any.whl
(46.8 kB
view details)
File details
Details for the file agendex-0.2.5.tar.gz.
File metadata
- Download URL: agendex-0.2.5.tar.gz
- Upload date:
- Size: 42.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
0fe69caf3f84fbc9ef3c1d7e141bc74e55d2b6b5fbc1cb60d0fdad685ab434b5
|
|
| MD5 |
4758971e8982d8357c50067fde12d744
|
|
| BLAKE2b-256 |
b3e51ebcb1ea3c63c4d76c6fa5cf6805ad58836ffd7a2a5f4160680a7663be04
|
Provenance
The following attestation bundles were made for agendex-0.2.5.tar.gz:
Publisher:
publish-sdk.yml on IshanTiwari0112/agent-governance
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
agendex-0.2.5.tar.gz -
Subject digest:
0fe69caf3f84fbc9ef3c1d7e141bc74e55d2b6b5fbc1cb60d0fdad685ab434b5 - Sigstore transparency entry: 1133844720
- Sigstore integration time:
-
Permalink:
IshanTiwari0112/agent-governance@4d1f316c27dbfb3dd30012b1574ca1f7e8e2729b -
Branch / Tag:
refs/tags/sdk/v0.2.5 - Owner: https://github.com/IshanTiwari0112
-
Access:
private
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish-sdk.yml@4d1f316c27dbfb3dd30012b1574ca1f7e8e2729b -
Trigger Event:
push
-
Statement type:
File details
Details for the file agendex-0.2.5-py3-none-any.whl.
File metadata
- Download URL: agendex-0.2.5-py3-none-any.whl
- Upload date:
- Size: 46.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
005524e8f36b47f63d64097657fcb8a88ecc947abb8a2959a2a5144fc3077b0d
|
|
| MD5 |
7a638f9783d1fad4e288a40846f99578
|
|
| BLAKE2b-256 |
31539de2b2b0d60c4445d3526c011abfec37cc57247445cfc97ac76735500a86
|
Provenance
The following attestation bundles were made for agendex-0.2.5-py3-none-any.whl:
Publisher:
publish-sdk.yml on IshanTiwari0112/agent-governance
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
agendex-0.2.5-py3-none-any.whl -
Subject digest:
005524e8f36b47f63d64097657fcb8a88ecc947abb8a2959a2a5144fc3077b0d - Sigstore transparency entry: 1133844816
- Sigstore integration time:
-
Permalink:
IshanTiwari0112/agent-governance@4d1f316c27dbfb3dd30012b1574ca1f7e8e2729b -
Branch / Tag:
refs/tags/sdk/v0.2.5 - Owner: https://github.com/IshanTiwari0112
-
Access:
private
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish-sdk.yml@4d1f316c27dbfb3dd30012b1574ca1f7e8e2729b -
Trigger Event:
push
-
Statement type:
