Identity and Access Management (IAM) for AI Agents. Stop hardcoding root API keys.
Project description
🛡️ AgentScope (ai-sudo)
Mission: The "Sudo" command for AI Agents.
One-Liner: Open-source identity and permission management for non-human workers.
The Problem
The Enemy: Hardcoded .env API keys (e.g., STRIPE_SECRET_KEY) shared by all agents.
The Solution: Stop hardcoding keys. Use ai-sudo to enforce permissions and approval workflows in 1 line of Python.
Installation
pip install ai-sudo
Usage
1. Define the Agent Identity
from ai_sudo import Agent, sudo
# Define an agent with specific permissions
support_bot = Agent(
name="RefundBot_v1",
scopes=["read:orders", "write:refunds"]
)
2. Protect your Tools (The "Sudo" Check)
A. Basic Blocking
@sudo(scope="write:refunds")
def process_refund(order_id):
# Raises PermissionDeniedError if scope is missing
print(f"Processing refund for {order_id}")
B. Audit Mode (Non-Blocking)
Great for introducing AgentScope into existing production systems without breaking them.
@sudo(scope="write:refunds", on_deny="log")
def process_refund_audit(order_id):
# Logs a warning but ALLOWS execution
pass
C. Human-in-the-Loop (Callbacks)
Require approval via Slack/Email before executing high-risk actions.
def slack_approval(agent, scope, func, args, kwargs):
# Return True to allow, False to deny
return ask_slack_manager(f"Approve {agent.name} for {scope}?")
@sudo(scope="write:refunds", on_deny=slack_approval)
def process_refund_approved(order_id):
pass
3. Pydantic Integration (Advanced)
Enforce scopes on your input schemas (ideal for LangChain/LlamaIndex).
from ai_sudo.integrations import ScopedModel
class RefundParams(ScopedModel):
_required_scope = "write:refunds"
order_id: str
amount: float
# If initialized by an unauthorized agent, this raises PermissionDeniedError immediately.
4. Run safely
# Run code within the agent's session context
with support_bot.start_session():
process_refund("order_123")
Development & Testing
To contribute or run tests locally:
-
Install test dependencies:
pip install ".[test]"
-
Run the test suite:
pytest
This runs all unit tests in
tests/covering:- Core Identity & Context Management
- Blocking, Audit, and Callback modes
- Pydantic Integration
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file agentsudo-0.1.0.tar.gz.
File metadata
- Download URL: agentsudo-0.1.0.tar.gz
- Upload date:
- Size: 8.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.4
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
911bebac9f6bbee85788ce5db0ada07566850129f1db0772df640c7becd9a000
|
|
| MD5 |
3b93a9dce56e45dd1b337311c1a55a49
|
|
| BLAKE2b-256 |
83b6a20d6f35447a1e564a5d8cd31cb78b76f79ce05c85828528c90d39f9f81f
|
File details
Details for the file agentsudo-0.1.0-py3-none-any.whl.
File metadata
- Download URL: agentsudo-0.1.0-py3-none-any.whl
- Upload date:
- Size: 7.7 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.4
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
69469c3c2168aa779cb66e7352ba0851a85aad609f6fa373f996bf754105ec65
|
|
| MD5 |
f16c1b26bfb4f1877c1c8e7156e45b24
|
|
| BLAKE2b-256 |
d5147e251febc2dc9ee862f867aa7f7f884f57e584ec6667ac6b9ec9dd5949d9
|
