A production-grade middleware for AI agents to perform on-chain payments and verifiable consent.
Project description
AgentGuard: Secure Payment & Consent Middleware for AI Agents
AgentGuard is a production-grade cryptographic middleware that enables AI agents to perform autonomous on-chain payments and generate verifiable consent proofs. It provides a zero-trust bridge between AI agents and the Algorand blockchain.
⚡ The Problem: Key Vulnerability in AI Agents
AI Agents often need to handle money (micropayments) and user data (consent). If you give an agent a private key, you risk:
- Key Theft: The agent's memory or logs leaking the seed.
- Unintended Spending: The agent's LLM "hallucinating" a purchase.
- Non-Compliance: No audit trail of why a payment was made (violating DPDP standards).
🛡️ The Solution: AgentGuard Architecture
AgentGuard solves this using a Vaulted Delegation architecture:
- Hardened Vault (MCP): Your sensitive keys stay in a secure isolated server.
- Verifiable Consent: The SDK signs a cryptographic intent (Purpose + Amount + ID) which the Vault verifies before signing a blockchain transaction.
- Zero-Trust: The Backend never sees your keys; it only relays signed instructions.
📦 Installation
pip install agentguard-python-sdk
🚀 Quick Start (Request Signing)
AgentGuard uses dual-identity cryptography. Your Signer ID (Master Account) authenticates the request, while your Principal ID (Vault/LogicSig) handles the funds.
import asyncio
from agentguard import AgentGuardClient
async def main():
# Initialize client with your Signer Identity
# Note: private_key is used ONLY for request signing, never for on-chain spend.
async with AgentGuardClient(
principal_id="LOGICSIG_OR_VAULT_ADDRESS",
private_key="MASTER_ACCOUNT_SEED_B64",
backend_url="https://agentguard-backend-9s8j.onrender.com"
) as client:
# Access a premium resource
# The SDK automatically handles: 402 Challenge -> Consent Signing -> Payment Relay
receipt = await client.pay_and_fetch(
resource_url="https://premium-intel.service/data",
purpose="Market Analysis",
amount_algo="0.1" # Optional: SDK can auto-probe price
)
print(f"✅ Success! Data: {receipt.data}")
print(f"🔗 Audit Trail: {receipt.audit_url}")
if __name__ == "__main__":
asyncio.run(main())
🧩 Core Concepts
1. Identity Separation (Zero-Trust)
AgentGuard separates the Signer from the Payer:
- Signer (
signer_id): Your Master Account. It signs the "Intent to Pay" via the SDK. - Payer (
principal_id): A LogicSig or Vault account. It contains the funds and has a pre-approved policy to pay only when the Master Account signs.
2. Purpose-Bound Consent (DPDP)
Every payment requires a purpose string. AgentGuard hashes this purpose into the blockchain transaction. This creates an irrefutable audit trail proving exactly what the user (or agent) consented to at the time of payment.
3. Capability Delegation (LogicSigs)
You can authorize specific amounts or windows of time for your agent:
from agentguard.types import DelegatedAuthorization, AuthorizationConstraints
auth = DelegatedAuthorization(
authorization_id="auth-uuid-123",
principal_id="LOGICSIG_ADDRESS",
logic_sig_b64="...",
constraints=AuthorizationConstraints(
max_amount_microalgos=5000000, # 5 ALGO limit
expires_at_unix=1716300000
)
)
await client.authorize(auth)
🛠️ API Reference
AgentGuardClient
pay_and_fetch(resource_url, purpose, ...): The primary method. Probes a resource, extracts the price, signs consent, performs payment via the vault, and returns the data.authorize(delegated_auth): Registers a LogicSig or delegated capability in the vault.verify(tx_id): Checks the blockchain and audit logs to verify a previous payment's validity.revoke(authorization_id): Immediately invalidates a delegated capability.
🔒 Security Policy
The SDK uses ED25519 for all request signatures. All payloads are canonicalized (Deterministic JSON sorting + NFC normalization) before signing to prevent "In-Flight Mutation" attacks.
© 2026 AgentGuard Team. Built for the Algorand Advanced Agentic Coding.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file agentguard_python_sdk-0.2.6.tar.gz.
File metadata
- Download URL: agentguard_python_sdk-0.2.6.tar.gz
- Upload date:
- Size: 18.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
34ab9dde6143476875d0319fccbede504657a6801ce9c53ed5c50f2830821da5
|
|
| MD5 |
1bf33b6a462bf1e7fc4a4253b895ebf1
|
|
| BLAKE2b-256 |
e712f72def4780b46aff12cb78cc4bc9bcfb3cad2d6e99375ede86e5b397a60e
|
File details
Details for the file agentguard_python_sdk-0.2.6-py3-none-any.whl.
File metadata
- Download URL: agentguard_python_sdk-0.2.6-py3-none-any.whl
- Upload date:
- Size: 20.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
0654f30096098ed22784af013abb5aea49741d8167bf50fcd774c0e30065335f
|
|
| MD5 |
c42817d448ab93cc12d343f3fbbfe56b
|
|
| BLAKE2b-256 |
f4dfc8987335cdba9cb090e0607bdf99eca6dcfd4edba6a33146a9282f06ed80
|