Python SDK for agent action control: posture checks, action gates, signed receipts, and proof packets
Project description
AgentVeil
Action control for autonomous agents — check posture, gate risky actions, prove execution.
AgentVeil is the Python SDK for agent action control: posture checks, Runtime Gate decisions, signed receipts, W3C verifiable credentials, plus DID identity, reputation signals, and MCP integrations.
pip install agentveil
Quick Start
Run locally with real cryptography and mocked HTTP. No server is required.
from datetime import timedelta
from agentveil import AVPAgent
owner = AVPAgent.create(mock=True, name="workflow-owner")
agent = AVPAgent.create(mock=True, name="demo-agent")
agent.register(display_name="Demo Agent")
delegation = owner.issue_delegation_receipt(
agent_did=agent.did,
allowed_categories=["deploy"],
valid_for=timedelta(minutes=15),
)
verification = agent.verify_delegation_receipt(delegation)
print("delegation valid:", verification["valid"])
print("scope:", verification["scope"][0]["value"])
For production setup, see the Customer Integration guide.
What AgentVeil Provides
- Posture checks before risky agent actions reach production.
- Runtime Gate decisions for allow, approval required, or block outcomes.
- Signed receipts and proof packets for audit and offline verification.
- W3C VC v2.0 credentials with
eddsa-jcs-2022Data Integrity proofs. - DID identity with portable
did:keyEd25519 keys. - Framework integrations for CrewAI, LangGraph, AutoGen, OpenAI, Claude MCP, Gemini, PydanticAI, Paperclip, and AWS Bedrock.
- MCP transport proxy for IDE clients (Claude Desktop, Cursor, Cline, Windsurf, VS Code) - wrap downstream MCP servers with Action Control Plane gating via the
agentveil-mcp-proxyconsole script.
AgentVeil makes agent actions constrained, auditable, and reversible within a declared action vocabulary and policy subset. It does not claim to solve the general access-control safety problem; it produces bounded decisions and signed evidence that operators can review.
Offline Verification
Fetch a W3C Verifiable Credential:
curl https://agentveil.dev/v1/reputation/{agent_did}/credential?format=w3c
Verify it with any VC library, or with the SDK:
cred = agent.get_reputation_credential(format="w3c")
assert AVPAgent.verify_w3c_credential(cred)
AgentVeil MCP Toolbox
The base install includes the MCP runtime dependency:
pip install agentveil
agentveil-mcp
Local/full MCP mode exposes Runtime Gate evaluation, human approval routing, approved execution, signed receipt retrieval, reputation checks, identity lookup, and audit verification. Hosted read-only mode exposes public inspection tools only.
This server is an explicit toolbox. It does not intercept, monitor, or gate other MCP tools; MCP clients must call these AVP tools directly.
The compatibility extra agentveil[mcp] still works for legacy setups. MCP setup details are in the MCP README.
MCP Transport Proxy
The agentveil-mcp-proxy console script wraps a downstream MCP server with
runtime decision gating, human approval routing, durable signed evidence, and
replay defense. Point your IDE at agentveil-mcp-proxy instead of directly at
the downstream server; the proxy applies AVP policy before forwarding.
agentveil-mcp-proxy init --quickstart-filesystem ./sandbox
agentveil-mcp-proxy doctor --full
agentveil-mcp-proxy smoke
agentveil-mcp-proxy run
For agent-driven setup, the same path supports non-interactive flags and JSON output:
agentveil-mcp-proxy init \
--home ./avp-home \
--passphrase-file ./passphrase.txt \
--policy-pack filesystem \
--downstream-name filesystem \
--downstream-command /path/to/server \
--downstream-arg /workspace \
--json
agentveil-mcp-proxy doctor --home ./avp-home --full --json
AVP approvals are capability tokens, not flat permissions. They are signed,
scoped to action context and payload hash, time-bounded by expiry, guarded
against replay at the proxy boundary, and attenuated when follow-on grants such
as similar_5m narrow the original approval scope.
See the MCP Proxy README for the full quick start and IDE configuration examples.
Resources
- Full GitHub README and demo
- API reference
- Customer integration guide
- Framework integrations
- Security context
- Examples
- AgentVeil API
- Live Network
License
MIT. See the license.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file agentveil-0.7.17.tar.gz.
File metadata
- Download URL: agentveil-0.7.17.tar.gz
- Upload date:
- Size: 258.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
a9fed99cf4d168a175b897a171521593a36dcc6377ecdfd90c509a8a3bf6a480
|
|
| MD5 |
baf8b9ec9b90b59fcb9047885939fd94
|
|
| BLAKE2b-256 |
1970c90a00ba840ea398a317a0d53c3e67560a4a90554ec15769f26c19c26de7
|
File details
Details for the file agentveil-0.7.17-py3-none-any.whl.
File metadata
- Download URL: agentveil-0.7.17-py3-none-any.whl
- Upload date:
- Size: 166.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
dfae023d65aefe14ffc3d2e646863baec5415a470623ed2607fdfb8975200aad
|
|
| MD5 |
b8865ad9818d3f1e2e253c4b78e4bdc6
|
|
| BLAKE2b-256 |
350d5bb261511c819a6492fd9cb85063d404a0157630d8e70df21780c6d2dd0b
|
