EYDII Verify tools and middleware for Agno — verify every agent action before execution
Project description
agno-eydii
EYDII Verify tools and middleware for Agno — verify every agent action before execution.
Why EYDII?
When AI agents act autonomously, you need a way to enforce rules that the agents themselves cannot override. EYDII sits between your agents and their actions — every sensitive operation is verified against your policies in real time, with a cryptographic proof trail. No more hoping the system prompt holds; Eydii gives you external, tamper-proof verification that works even when agents delegate to other agents.
Install
pip install agno-eydii
This installs eydii_agno and its dependencies (veritera SDK and agno).
Prerequisites: Create a Policy
Before using EYDII with Agno, create a policy that defines what your agents are allowed to do. You only need to do this once:
from veritera import Eydii
eydii = Eydii(api_key="vt_live_...") # Get your key at id.veritera.ai
# Create a policy from code
eydii.create_policy_sync(
name="finance-controls",
description="Controls for multi-agent financial operations",
rules=[
{"type": "action_whitelist", "params": {"allowed": ["trade.execute", "refund.process", "report.generate"]}},
{"type": "amount_limit", "params": {"max": 10000, "currency": "USD"}},
],
)
# Or generate one from plain English
eydii.generate_policy_sync(
"Allow trades under $10,000, refund processing, and report generation. Block all account deletions and unauthorized data exports.",
save=True,
)
A default policy is created automatically when you sign up — it blocks dangerous actions like database drops and admin overrides. You can use it immediately with policy="default".
Tip:
pip install veriterato get the policy management SDK. See the full policy docs.
Quick Start
import os
from agno.agent import Agent
from agno.models.openai import OpenAIChat
from eydii_agno import EydiiVerifyTool
os.environ["VERITERA_API_KEY"] = "vt_live_..."
os.environ["OPENAI_API_KEY"] = "sk-..."
# 1. Create a EYDII verification tool
verify = EydiiVerifyTool(policy="finance-controls") # create this policy first (see above) -- or use "default"
# 2. Give it to your agent
agent = Agent(
model=OpenAIChat(id="gpt-4o"),
tools=[verify],
instructions=[
"You are a financial analyst.",
"ALWAYS verify actions through eydii_verify before executing them.",
],
)
# 3. Run the agent — every action is verified
agent.print_response("Process the refund for order #12345 for $500")
The agent calls eydii_verify before executing sensitive actions. If an action is denied, the agent receives a DENIED response and adjusts its plan.
Three Integration Points
1. EydiiVerifyTool — Agent Tool for Explicit Verification
The most direct integration. Give agents a callable tool they can use to check whether an action is allowed.
from eydii_agno import EydiiVerifyTool
from agno.agent import Agent
tool = EydiiVerifyTool(
policy="finance-controls",
agent_id="analyst-bot",
fail_closed=True,
)
agent = Agent(
model=OpenAIChat(id="gpt-4o"),
tools=[tool],
)
How the agent uses it:
The agent calls eydii_verify(action="payment.create", params='{"amount": 500, "currency": "USD"}') and receives:
APPROVED: Allowed | proof_id: fp_abc123 | latency: 42ms— proceed with the action.DENIED: Amount exceeds $200 limit | proof_id: fp_def456 | Do NOT proceed with this action.— the agent adjusts its plan.
Constructor parameters:
| Parameter | Type | Default | Description |
|---|---|---|---|
api_key |
str |
VERITERA_API_KEY env var |
Your EYDII API key |
base_url |
str |
https://veritera.ai |
EYDII API endpoint |
agent_id |
str |
"agno-agent" |
Identifier in audit logs |
policy |
str |
None |
Policy set to evaluate against |
fail_closed |
bool |
True |
Deny when API is unreachable |
timeout |
float |
10.0 |
Request timeout in seconds |
skip_actions |
list[str] |
None |
Actions to skip verification for |
on_verified |
Callable |
None |
Callback when action is approved |
on_blocked |
Callable |
None |
Callback when action is denied |
2. eydii_wrap_tool() — Decorator for Pre-Execution Verification
Wraps any Agno tool function with automatic EYDII verification. The tool is only executed if Eydii approves the action.
from eydii_agno import eydii_wrap_tool
from agno.agent import Agent
@eydii_wrap_tool(policy="finance-controls")
def send_payment(amount: float, recipient: str) -> str:
"""Send a payment to a recipient."""
return process_payment(amount, recipient)
@eydii_wrap_tool(policy="finance-controls")
def delete_record(record_id: str) -> str:
"""Delete a database record."""
return db.delete(record_id)
agent = Agent(
model=OpenAIChat(id="gpt-4o"),
tools=[send_payment, delete_record],
)
How it works:
- The agent calls
send_payment(amount=500, recipient="user@example.com"). - The decorator intercepts the call and sends a verification request to EYDII with action=
send_paymentand the function parameters. - If Eydii approves, the original function executes normally.
- If Eydii denies, the function is NOT called and a denial message is returned.
3. EydiiToolkit — Agno Toolkit Class
An Agno Toolkit that exposes verify_action and list_policies as tools the agent can call.
from eydii_agno import EydiiToolkit
from agno.agent import Agent
agent = Agent(
model=OpenAIChat(id="gpt-4o"),
tools=[EydiiToolkit(policy="production-safety")],
instructions=[
"You are a production operations agent.",
"Always verify actions before executing them.",
],
)
Tools provided:
verify_action(action, params)— Verify an action against EYDII policies. Same behavior asEydiiVerifyTool.list_policies()— List available EYDII verification policies.
Execute Receipts
For execution tracking and audit trails, use the Execute integration:
EydiiExecuteHook — Manual Receipt Emission
from eydii_agno import EydiiExecuteHook
hook = EydiiExecuteHook(task_id="task_abc...", agent_id="research-agent")
# Call whenever a tool is invoked
receipt = hook.on_tool_use("file_read")
# Returns: {"receipt_id": "rx_...", "chain_index": 1}
eydii_execute_wrapper — Automatic Receipt Emission
from eydii_agno import eydii_execute_wrapper
@eydii_execute_wrapper(task_id="task_abc...", agent_id="research-agent")
def send_payment(amount: float, recipient: str) -> str:
"""Send a payment to a recipient."""
return process_payment(amount, recipient)
# Every successful call automatically emits a signed receipt
Configuration Reference
| Config | Source | Required | Example |
|---|---|---|---|
| API key | VERITERA_API_KEY env var or api_key= parameter |
Yes | vt_live_abc123 |
| Base URL | base_url= parameter |
No | https://veritera.ai |
| Policy | policy= parameter |
No (but recommended) | "finance-controls" |
| Agent ID | agent_id= parameter |
No | "my-agno-agent" |
| Fail closed | fail_closed= parameter |
No (default: True) |
True or False |
| Timeout | timeout= parameter |
No (default: 10.0) |
30.0 |
How It Works
┌─────────────────────────────────────────────────────────┐
│ Your Agno Agent │
│ │
│ ┌───────────────────────────────────────────────┐ │
│ │ Agent │ │
│ │ tools=[eydii_verify, send_payment, ...] │ │
│ └──────────────────┬────────────────────────────┘ │
│ │ │
│ ┌───────────┼───────────┐ │
│ │ │ │ │
│ ┌────▼────┐ ┌────▼────┐ ┌────▼────┐ │
│ │ Verify │ │ Wrapped │ │ Toolkit │ │
│ │ Tool │ │ Tool │ │ Tools │ │
│ └────┬────┘ └────┬────┘ └────┬────┘ │
│ │ │ │ │
└─────────┼───────────┼───────────┼───────────────────────┘
│ │ │
▼ ▼ ▼
┌─────────────────────────────────────────┐
│ EYDII Verify API │
│ │
│ Policy Engine │ Audit Trail │ Proof │
└─────────────────────────────────────────┘
- Agent calls tool — The verification tool sends a request to the EYDII API.
- EYDII evaluates — The policy engine checks the action and parameters against your defined policies.
- Result returned —
APPROVED(with proof ID) orDENIED(with reason and proof ID). - Agent decides — On approval, the agent proceeds. On denial, the agent adjusts its plan.
- Audit trail recorded — Every verification produces a
proof_idlinking to a permanent, tamper-proof record.
Error Handling
The package handles three failure modes:
1. EYDII API Unreachable
Controlled by fail_closed:
# fail_closed=True (default) — deny when Eydii is down
tool = EydiiVerifyTool(policy="controls", fail_closed=True)
# Agent receives: "DENIED: Verification unavailable — ConnectionError(...). Action blocked (fail-closed)."
# fail_closed=False — allow when Eydii is down (use for non-critical paths)
tool = EydiiVerifyTool(policy="controls", fail_closed=False)
2. Invalid Parameters
If the agent passes malformed JSON as params, the tool wraps it safely:
# Agent calls: eydii_verify(action="test", params="not valid json")
# Tool parses it as: {"raw": "not valid json"} and proceeds with verification
3. Wrapped Tool Denials
When a wrapped tool is denied, the function is not called:
@eydii_wrap_tool(policy="finance-controls")
def send_payment(amount: float, recipient: str) -> str:
return process_payment(amount, recipient)
# If denied: returns "DENIED: Action 'send_payment' blocked by EYDII: Amount exceeds limit"
# The process_payment function is never called
All errors are logged via Python's logging module under the eydii_agno logger:
import logging
logging.getLogger("eydii_agno").setLevel(logging.DEBUG)
Environment Variables
| Variable | Required | Description |
|---|---|---|
VERITERA_API_KEY |
Yes (unless passed via api_key=) |
Your EYDII API key. Get one at id.veritera.ai/dashboard. |
OPENAI_API_KEY |
Yes (if using OpenAI models) | Your OpenAI key for the underlying language model. |
You can also pass the API key directly to avoid environment variables:
tool = EydiiVerifyTool(api_key="vt_live_...", policy="my-policy")
Other Eydii Integrations
Eydii works across the major agent frameworks. Use the same policies and audit trail regardless of which framework you choose.
| Framework | Package | Install |
|---|---|---|
| CrewAI | crewai-eydii | pip install crewai-eydii |
| OpenAI Agents SDK | openai-eydii | pip install openai-eydii |
| LangGraph | langgraph-eydii | pip install langgraph-eydii |
| LlamaIndex | llamaindex-eydii | pip install llamaindex-eydii |
| Python SDK | veritera | pip install veritera |
| JavaScript SDK | @veritera/sdk | npm install veritera |
Resources
License
MIT — Eydii by Veritera AI
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file agno_eydii-0.1.1.tar.gz.
File metadata
- Download URL: agno_eydii-0.1.1.tar.gz
- Upload date:
- Size: 10.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.1
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
2df9df401765fe040be8471723e6f4ff68cd97143c3c8b0cd5f15edd541de65d
|
|
| MD5 |
934d0834a8998b883772854dd3dffc25
|
|
| BLAKE2b-256 |
39732b9699d928b372196a319fe530efa72d2c638abc37ef0925ee57140d3c26
|
File details
Details for the file agno_eydii-0.1.1-py3-none-any.whl.
File metadata
- Download URL: agno_eydii-0.1.1-py3-none-any.whl
- Upload date:
- Size: 11.6 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.1
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
7ba00ed466b3e8930156f19f276bc123dc81e95dbd25a4cca03dd2da09626b48
|
|
| MD5 |
6f641e0ddc0e62743a50683f09be206f
|
|
| BLAKE2b-256 |
3d01784487cc3243d6a45e9f4ec86300b8b1d39c34a6e80b304dcfa0d2ea5709
|
