Agent Governance Foundation — Python SDK
Project description
agf-sdk
Python SDK for the Agent Governance Foundation authorization service. Enforce identity, trust, and policy controls on every action your AI agents take.
Installation
pip install agf-sdk
With LangChain support:
pip install agf-sdk[langchain]
With CrewAI support:
pip install agf-sdk[crewai]
Quick start
import os
from agf import AgentGovernance
agf = AgentGovernance(
api_key=os.environ["AGF_API_KEY"],
org_id="org_acme",
)
result = agf.authorize(
agent_id="did:agf:agt_01abc",
action="file:write",
resource="s3://corp-data/q2.csv",
)
if result.allowed:
write_file()
else:
raise PermissionError(f"Denied: {result.reason}")
Authorization results
authorize() never raises for deny/review — it always returns an AuthResult:
| Field | Type | Description |
|---|---|---|
allowed |
bool |
True when the PDP issued ALLOW |
denied |
bool |
True when the PDP issued DENY |
review_required |
bool |
True when HITL approval is needed |
reason |
str |
Human-readable denial reason |
artifact_id |
str |
Signed audit artifact ID |
risk_score |
float |
0.0–1.0 |
trust_score |
int |
0–100 |
approval_request_id |
str |
HITL request ID (review_required only) |
Async client
For async frameworks (FastAPI, async Django, etc.) use AGFClient directly:
from agf import AGFClient, AGFDeniedError
async def handle_request():
async with AGFClient(api_key="agfk_...") as client:
try:
result = await client.decide(
action_type="file:write",
resource="s3://corp-data/q2.csv",
chain=[root_jwt, agent_jwt],
)
except AGFDeniedError as exc:
print(f"Denied — artifact: {exc.artifact_id}")
LangChain integration
Authorization gate tool (recommended for most agents)
Add an authorization tool to your agent's tool list. The agent calls it before performing sensitive operations:
from agf import AgentGovernance
from langchain.agents import initialize_agent, AgentType
from langchain_openai import ChatOpenAI
agf = AgentGovernance(api_key="agfk_...", org_id="org_acme")
agf_tool = agf.langchain_tool(agent_id="did:agf:agt_01abc")
agent = initialize_agent(
tools=[agf_tool, *your_other_tools],
llm=ChatOpenAI(),
agent=AgentType.OPENAI_FUNCTIONS,
)
Per-tool guard (enforces policy on every tool call)
Wrap individual tools so no call can bypass the policy check:
from langchain_community.tools import ShellTool
from agf.langchain import AGFGuardedTool
from agf import AGFClient
client = AGFClient(api_key="agfk_...")
guarded_shell = AGFGuardedTool(
tool=ShellTool(),
client=client,
agent_id="did:agf:my-assistant",
action_type="exec:shell",
resource="local-shell",
)
CrewAI integration
from crewai import Agent
from crewai.tools import BaseTool as CrewBaseTool
from agf.crewai import AGFCrewAITool
from agf import AGFClient
client = AGFClient(api_key="agfk_...")
class MyDBTool(CrewBaseTool):
name: str = "database_query"
description: str = "Query the production database"
def _run(self, query: str) -> str:
return db.execute(query)
guarded = AGFCrewAITool(
tool=MyDBTool(),
client=client,
agent_id="did:agf:crew-researcher",
action_type="query:database",
resource="prod-db",
)
crew_agent = Agent(tools=[guarded], ...)
Webhook verification
from agf import verify_signature, parse_event, AGFWebhookVerificationError
# FastAPI example
from fastapi import FastAPI, Request, HTTPException
app = FastAPI()
@app.post("/agf-webhook")
async def handle(request: Request):
body = await request.body()
try:
verify_signature(body, request.headers["X-AGF-Signature"], WEBHOOK_SECRET)
except AGFWebhookVerificationError:
raise HTTPException(status_code=400, detail="Invalid signature")
event = parse_event(body)
if event.type == "decision.deny":
print(f"Agent {event.agent_id} was denied — artifact {event.artifact_id}")
Sync client
For scripts, Django views, or any non-async context:
from agf import SyncAGFClient
with SyncAGFClient(api_key="agfk_...") as client:
result = client.decide("file:write", "s3://bucket/file.csv")
agents = client.list_agents(status="active")
Environment variable
Set AGF_API_KEY in your environment and pass it via os.environ["AGF_API_KEY"]. The SDK does not auto-read environment variables — this keeps the dependency graph minimal and the behaviour explicit.
Requirements
- Python 3.10+
httpx >= 0.27langchain-core >= 0.2(optional,agf-sdk[langchain])crewai >= 0.28(optional,agf-sdk[crewai])
Links
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file agf_sdk-0.1.0.tar.gz.
File metadata
- Download URL: agf_sdk-0.1.0.tar.gz
- Upload date:
- Size: 9.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
4394fd4725510e1f1ed841388f7ba88eb79bbdea259938daef6c746ec30b6255
|
|
| MD5 |
511468f0f419811282016e1502b5dd7e
|
|
| BLAKE2b-256 |
0c3b81b029d85502f30eaa7de8af65adb863648e682055026ccb2fff910092c1
|
File details
Details for the file agf_sdk-0.1.0-py3-none-any.whl.
File metadata
- Download URL: agf_sdk-0.1.0-py3-none-any.whl
- Upload date:
- Size: 15.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
3ca85e68a88f0db563c8d2782820dd43fcbcc48fd5e7c67b179e8c6c9c5e0a9b
|
|
| MD5 |
428838dfd6adf46aa9c08536f8f9fb43
|
|
| BLAKE2b-256 |
7eb87fce2eab2ee32068db04f4512fbdc03b5bc78c2a78071990878a2489e6d3
|