Skip to main content

A production-grade middleware for AI agents to perform on-chain payments and verifiable consent.

Project description

AgentGuard: Secure Payment & Consent Middleware for AI Agents

PyPI version Python versions License: MIT

AgentGuard is a production-grade cryptographic middleware that enables AI agents to perform autonomous on-chain payments and generate verifiable consent proofs. It provides a zero-trust bridge between AI agents and the Algorand blockchain.


⚡ The Problem: Key Vulnerability in AI Agents

AI Agents often need to handle money (micropayments) and user data (consent). If you give an agent a private key, you risk:

  1. Key Theft: The agent's memory or logs leaking the seed.
  2. Unintended Spending: The agent's LLM "hallucinating" a purchase.
  3. Non-Compliance: No audit trail of why a payment was made (violating DPDP standards).

🛡️ The Solution: AgentGuard Architecture

AgentGuard solves this using a Vaulted Delegation architecture:

  • Hardened Vault (MCP): Your sensitive keys stay in a secure isolated server.
  • Verifiable Consent: The SDK signs a cryptographic intent (Purpose + Amount + ID) which the Vault verifies before signing a blockchain transaction.
  • Zero-Trust: The Backend never sees your keys; it only relays signed instructions.

📦 Installation

pip install agentguard-python-sdk

🚀 Quick Start (Request Signing)

AgentGuard uses dual-identity cryptography. Your Signer ID (Master Account) authenticates the request, while your Principal ID (Vault/LogicSig) handles the funds.

import asyncio
from agentguard import AgentGuardClient

async def main():
    # Initialize client with your Signer Identity
    # Note: private_key is used ONLY for request signing, never for on-chain spend.
    async with AgentGuardClient(
        principal_id="LOGICSIG_OR_VAULT_ADDRESS",
        private_key="MASTER_ACCOUNT_SEED_B64",
        backend_url="https://agentguard-backend-9s8j.onrender.com"
    ) as client:
        
        # Access a premium resource
        # The SDK automatically handles: 402 Challenge -> Consent Signing -> Payment Relay
        receipt = await client.pay_and_fetch(
            resource_url="https://premium-intel.service/data",
            purpose="Market Analysis",
            amount_algo="0.1" # Optional: SDK can auto-probe price
        )
        
        print(f"✅ Success! Data: {receipt.data}")
        print(f"🔗 Audit Trail: {receipt.audit_url}")

if __name__ == "__main__":
    asyncio.run(main())

🧩 Core Concepts

1. Identity Separation (Zero-Trust)

AgentGuard separates the Signer from the Payer:

  • Signer (signer_id): Your Master Account. It signs the "Intent to Pay" via the SDK.
  • Payer (principal_id): A LogicSig or Vault account. It contains the funds and has a pre-approved policy to pay only when the Master Account signs.

2. Purpose-Bound Consent (DPDP)

Every payment requires a purpose string. AgentGuard hashes this purpose into the blockchain transaction. This creates an irrefutable audit trail proving exactly what the user (or agent) consented to at the time of payment.

3. Capability Delegation (LogicSigs)

You can authorize specific amounts or windows of time for your agent:

from agentguard.types import DelegatedAuthorization, AuthorizationConstraints

auth = DelegatedAuthorization(
    authorization_id="auth-uuid-123",
    principal_id="LOGICSIG_ADDRESS",
    logic_sig_b64="...",
    constraints=AuthorizationConstraints(
        max_amount_microalgos=5000000, # 5 ALGO limit
        expires_at_unix=1716300000
    )
)
await client.authorize(auth)

🛠️ API Reference

AgentGuardClient

  • pay_and_fetch(resource_url, purpose, ...): The primary method. Probes a resource, extracts the price, signs consent, performs payment via the vault, and returns the data.
  • authorize(delegated_auth): Registers a LogicSig or delegated capability in the vault.
  • verify(tx_id): Checks the blockchain and audit logs to verify a previous payment's validity.
  • revoke(authorization_id): Immediately invalidates a delegated capability.

🔒 Security Policy

The SDK uses ED25519 for all request signatures. All payloads are canonicalized (Deterministic JSON sorting + NFC normalization) before signing to prevent "In-Flight Mutation" attacks.


© 2026 AgentGuard Team. Built for the Algorand Advanced Agentic Coding.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

agentguard_python_sdk-0.2.7.tar.gz (18.9 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

agentguard_python_sdk-0.2.7-py3-none-any.whl (20.0 kB view details)

Uploaded Python 3

File details

Details for the file agentguard_python_sdk-0.2.7.tar.gz.

File metadata

  • Download URL: agentguard_python_sdk-0.2.7.tar.gz
  • Upload date:
  • Size: 18.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.11.0

File hashes

Hashes for agentguard_python_sdk-0.2.7.tar.gz
Algorithm Hash digest
SHA256 9c728e0ee82e810245021fc278f5bcb29a2fba39a67f19f6ca1a42013786b9bf
MD5 90a579c62c3c0d8868e4618e03addb35
BLAKE2b-256 4cf40fbaa601296d3071b5f37cbabb84e27925caa1ecd16d92235146c0f1d358

See more details on using hashes here.

File details

Details for the file agentguard_python_sdk-0.2.7-py3-none-any.whl.

File metadata

File hashes

Hashes for agentguard_python_sdk-0.2.7-py3-none-any.whl
Algorithm Hash digest
SHA256 d7c04e412dd002c92454517d7ebc47ba6880547019301664e184a11153d35c3c
MD5 ffd5acd75db283028933c38c77d695fd
BLAKE2b-256 e451048a77b98acae018368d8aaee41b3b41a19dd0a7c22d77be5c9d2dbc386d

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page