PydanticAI integration for asqav - cryptographic audit trails for AI agent tool calls
Project description
Governance for AI agents. Audit trails, policy enforcement, and compliance.
Website | Docs | SDK Guide | Compliance
Asqav for PydanticAI
Cryptographic audit trails for PydanticAI agent tool calls.
Uses PydanticAI's Hooks capability to sign every tool invocation with Asqav - producing verifiable records for compliance and governance.
Data handling
asqav-pydantic is a thin wrapper around the asqav Python SDK and inherits its mode behavior:
- Asqav cloud (
*.asqav.com): the SDK hashes your action context locally and sends only the hash plus a small metadata bag (action_type, agent_id, session_id, model_name, tool_name). Raw prompts and tool arguments never leave your infrastructure. - Self-hosted: the SDK sends the full context so the server can run policy checks, PII redaction, and richer audit views. Recommended when you control the deployment.
You can override per call:
import asqav
# Force hash-only against a custom URL
asqav.init(api_key="sk_...", base_url="https://api.asqav.com", mode="hash-only")
This is GDPR-aware data minimization by default for cloud deployments. See docs/fingerprint-spec.md in the SDK repo for the fingerprint spec and conformance vectors.
Install
pip install asqav-pydantic
Usage
import asqav
from pydantic_ai import Agent
from asqav_pydantic import AsqavHooks
asqav.init(api_key="sk_...")
hooks = AsqavHooks(agent_name="my-agent")
agent = Agent("openai:gpt-4o", capabilities=[hooks.capability()])
result = agent.run_sync("Search for the latest AI news")
Every tool call the agent makes will produce signed tool:start, tool:end, and tool:error events through the Asqav API. Signatures use NIST FIPS 204 ML-DSA cryptography server-side, producing tamper-evident audit trails for EU AI Act, DORA, and SOC 2 compliance.
How it works
AsqavHooks extends the Asqav adapter base class and builds a PydanticAI Hooks capability with three registered hooks:
before_tool_execute- signstool:startwith tool name and input previewafter_tool_execute- signstool:endwith tool name and output metadataon_tool_execute_error- signstool:errorwith tool name and error details
All signing is fail-open. If the Asqav API is unreachable, a warning is logged but the tool call proceeds normally. Your agent pipeline never breaks because of governance.
Configuration
# Use an existing asqav agent by ID
hooks = AsqavHooks(agent_id="ag_abc123")
# Override the API key
hooks = AsqavHooks(api_key="sk_other", agent_name="audit-agent")
License
MIT
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file asqav_pydantic-0.1.2.tar.gz.
File metadata
- Download URL: asqav_pydantic-0.1.2.tar.gz
- Upload date:
- Size: 4.6 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.4
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
be013bb37f805df9acc3b99c8a3d6400b5e593eb24879c558adb95f8ef744600
|
|
| MD5 |
13881637d367eb8ea9ca3f3b13abf14c
|
|
| BLAKE2b-256 |
e9a22cf8b57e31dd81086cc04dcbc8580fca19c2351a66f72e3b4d71ce436e9e
|
File details
Details for the file asqav_pydantic-0.1.2-py3-none-any.whl.
File metadata
- Download URL: asqav_pydantic-0.1.2-py3-none-any.whl
- Upload date:
- Size: 5.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.4
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
30cabf532e6781b5f7363e9ecfa5dd644eeeffb6ac327740475c345cd16cbb04
|
|
| MD5 |
8afb51d1465966212dc02f920ba3dfc5
|
|
| BLAKE2b-256 |
33d7999391c1bafd207476b9cefdddd609da8ec3f20e14429b2d2375e3ad7583
|
