The AgentGateway Protocol — secure, scalable AI agent execution infrastructure
Project description
credseal-sdk
The AgentGateway Protocol — secure, scalable AI agent execution infrastructure.
The problem
When an AI agent can execute code, call APIs, or access files, it runs in a process. That process has an environment. That environment typically contains everything that can cause serious damage: LLM API keys, database credentials, AWS tokens.
The naive solution — run your agent on the same backend as your REST API — creates two problems at once:
- Security: The agent can access every secret on the machine.
- Reliability: A memory-hungry agent degrades your API. Redeploying your API kills all running agents.
credseal-sdk solves both.
How it works
The SDK implements the AgentGateway Protocol — a clean interface between your agent logic and the outside world. Two implementations ship out of the box:
| Gateway | When to use | Credentials | History |
|---|---|---|---|
DirectGateway |
Local development, CI evals | Your API key | In-memory |
ControlPlaneGateway |
Production on CredSeal | Zero — none in the agent | Control plane DB |
Your agent code is identical in both environments. The switch is two lines.
Quick start
pip install credseal-sdk[openai]
import asyncio
from openai import AsyncOpenAI
from credseal import DirectGateway, Message, Role
async def main():
gateway = DirectGateway(
llm_client=AsyncOpenAI(), # Your API key — not in the agent loop
model="gpt-4o",
)
response = await gateway.invoke_llm(
new_messages=[Message(role=Role.USER, content="Hello, CredSeal!")]
)
print(response.message.content)
print(f"Cost: ${response.cost_usd:.6f}")
asyncio.run(main())
Moving to production
Change two lines. Your agent logic is untouched.
# Before (local)
from credseal import DirectGateway
gateway = DirectGateway(llm_client=AsyncOpenAI(), model="gpt-4o")
# After (production — agent holds zero secrets)
from credseal import ControlPlaneGateway
gateway = ControlPlaneGateway() # auto-detects env vars inside a CredSeal sandbox
Installation
# Core SDK only
pip install credseal-sdk
# With OpenAI support
pip install credseal-sdk[openai]
# With Anthropic support
pip install credseal-sdk[anthropic]
# With Mistral AI support (EU provider)
pip install credseal-sdk[mistral]
# All cloud providers
pip install credseal-sdk[all]
Requirements: Python 3.10+
Data Sovereignty
CredSeal is designed from the ground up to work with any LLM provider, including those that keep your data inside the UK or EU. The AgentGateway Protocol decouples your agent logic from the inference provider — switching providers requires changing one line.
Run fully local with Ollama (zero data egress)
from openai import AsyncOpenAI
from credseal import DirectGateway
gateway = DirectGateway(
llm_client=AsyncOpenAI(
base_url="http://localhost:11434/v1",
api_key="ollama",
),
model="llama3.2",
provider="local", # forces $0 cost tracking; inference stays on your machine
)
Install Ollama: brew install ollama && ollama pull llama3.2 && ollama serve
Use Mistral AI (EU data residency)
from openai import AsyncOpenAI
from credseal import DirectGateway
gateway = DirectGateway(
llm_client=AsyncOpenAI(
base_url="https://api.mistral.ai/v1",
api_key="your-mistral-api-key",
),
model="mistral-small-latest", # auto-detected as "mistral" provider
)
Mistral AI is a French company. All inference runs in EU data centres, subject to EU data protection law (GDPR). Use this when UK/EU data governance requirements prohibit sending inference traffic to US-based cloud providers.
See examples/ for complete runnable scripts.
The AgentGateway Protocol
Any class implementing these four async methods is a valid gateway:
class AgentGateway(Protocol):
async def invoke_llm(self, new_messages, tools=None, tool_choice="auto") -> LLMResponse: ...
async def persist_messages(self, messages) -> None: ...
async def request_file_url(self, file_path, method="PUT") -> PresignedURL: ...
async def get_session_cost(self) -> float: ...
Write your agent against the protocol. The implementation — local or production — is a runtime detail.
Features
- Zero-secret agents —
ControlPlaneGatewayholds no API keys, database credentials, or cloud tokens - Stateless by design — conversation history owned by the gateway, not the agent; kill and restart without data loss
- Framework-agnostic — works with LangChain, LlamaIndex, raw API calls, or any custom agent framework
- Built-in cost tracking — every
invoke_llmcall returnscost_usd;get_session_cost()returns the running total - OpenAI + Anthropic — both providers supported in
DirectGatewayout of the box - MockGateway for testing — no LLM calls in your test suite; full call recording for assertions
- Full type annotations —
py.typedmarker; works with mypy strict mode
Testing your agents
from credseal.testing import MockGateway
from credseal.models import LLMResponse, Message, Role
async def test_my_agent():
mock = MockGateway()
mock.queue_response(LLMResponse(
message=Message(role=Role.ASSISTANT, content="The answer is 42."),
cost_usd=0.001,
model="mock",
finish_reason="stop",
))
result = await my_agent(gateway=mock)
assert mock.invoke_llm_call_count == 1
assert mock.total_messages_sent == 1
Supported providers
| Provider | Data residency | DirectGateway | ControlPlaneGateway |
|---|---|---|---|
| OpenAI (gpt-4o, gpt-4o-mini, …) | US | ✓ | ✓ (via control plane) |
| Anthropic (claude-3-5-sonnet, …) | US | ✓ | ✓ (via control plane) |
| Mistral AI (mistral-large, mistral-small, …) | EU 🇪🇺 | ✓ | Roadmap |
| Ollama (llama3.2, mistral, codellama, …) | Local 🏠 | ✓ | N/A |
| Any OpenAI-compatible endpoint | Varies | ✓ | Roadmap |
Error handling
from credseal.exceptions import CostCapExceededError, RateLimitError, CredSealError
try:
response = await gateway.invoke_llm(new_messages=[...])
except CostCapExceededError as e:
print(f"Cost cap of ${e.cap_usd} reached. Spent: ${e.consumed_usd}")
except RateLimitError as e:
await asyncio.sleep(e.retry_after_seconds)
except CredSealError as e:
# Catch-all for any SDK error
raise
Full exception hierarchy: CredSealError > GatewayError > ControlPlaneError > AuthenticationError | CostCapExceededError | SessionNotFoundError
Architecture
┌─────────────────────────────────────┐
│ Your Agent Code │
│ (depends only on AgentGateway) │
└──────────────┬──────────────────────┘
│
┌──────────▼──────────┐
│ AgentGateway │ ← Protocol (interface)
│ Protocol │
└──────┬────────┬──────┘
│ │
┌────────▼─┐ ┌───▼──────────────┐
│ Direct │ │ ControlPlane │
│ Gateway │ │ Gateway │
│ │ │ │
│ Local / │ │ Production │
│ Evals │ │ (zero secrets) │
└──────────┘ └────────┬─────────┘
│ HTTP
┌────────▼─────────┐
│ CredSeal │
│ Control Plane │
│ (holds creds) │
└──────────────────┘
Contributing
Contributions are welcome. Please open an issue before submitting significant changes.
git clone https://github.com/credseal/sdk.git
cd credseal-sdk
pip install -e ".[dev]"
pre-commit install
pytest tests/unit/
See CONTRIBUTING.md for full guidelines.
Roadmap
- LangChain adapter (
CredSealChatModel) - LlamaIndex adapter (
CredSealLLM) - Streaming support (
invoke_llm_stream) - CrewAI integration
- LangGraph integration (
CredSealNode,CredSealStreamNode) - Pluggable inference backends (distributed compute)
-
credseal-clifor one-command control plane deployment
License
AGPL-3.0 © Gold Okpa
Built on the control plane pattern described in How We Built Secure, Scalable Agent Sandbox Infrastructure.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file credseal_sdk-1.0.0.tar.gz.
File metadata
- Download URL: credseal_sdk-1.0.0.tar.gz
- Upload date:
- Size: 51.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
3e0bf452de398278ef38d6093e613e4846a77da59f6b3ecc0639e5331fb5dd33
|
|
| MD5 |
f9003fad393504794a02525006b46674
|
|
| BLAKE2b-256 |
3f12f855f55f86ccd5962918e6bcb2c592464ca71db5acfe7ad4fdeae69d0afd
|
Provenance
The following attestation bundles were made for credseal_sdk-1.0.0.tar.gz:
Publisher:
publish.yml on credseal/sdk
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
credseal_sdk-1.0.0.tar.gz -
Subject digest:
3e0bf452de398278ef38d6093e613e4846a77da59f6b3ecc0639e5331fb5dd33 - Sigstore transparency entry: 1118760708
- Sigstore integration time:
-
Permalink:
credseal/sdk@1628b9dbf0cb136445526b45c3d8776ce8ac2cf0 -
Branch / Tag:
refs/tags/v1.1.0 - Owner: https://github.com/credseal
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@1628b9dbf0cb136445526b45c3d8776ce8ac2cf0 -
Trigger Event:
push
-
Statement type:
File details
Details for the file credseal_sdk-1.0.0-py3-none-any.whl.
File metadata
- Download URL: credseal_sdk-1.0.0-py3-none-any.whl
- Upload date:
- Size: 43.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
fdc42fb7891ea66eb52bbc24396b14e63d2959b20c5d52257544844458992ef4
|
|
| MD5 |
b94f67c874a3b40eb7b7a32781d544a0
|
|
| BLAKE2b-256 |
a46ef8ae09def5c6c321d801d7bfbd36e019702ca4422f0ae6786d1d4d1fb2dd
|
Provenance
The following attestation bundles were made for credseal_sdk-1.0.0-py3-none-any.whl:
Publisher:
publish.yml on credseal/sdk
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
credseal_sdk-1.0.0-py3-none-any.whl -
Subject digest:
fdc42fb7891ea66eb52bbc24396b14e63d2959b20c5d52257544844458992ef4 - Sigstore transparency entry: 1118760771
- Sigstore integration time:
-
Permalink:
credseal/sdk@1628b9dbf0cb136445526b45c3d8776ce8ac2cf0 -
Branch / Tag:
refs/tags/v1.1.0 - Owner: https://github.com/credseal
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@1628b9dbf0cb136445526b45c3d8776ce8ac2cf0 -
Trigger Event:
push
-
Statement type: