LockStock compliance runtime integrations for AI Agent SDKs - thin SaaS client with idempotency
Project description
LockStock Integrations
Universal compliance runtime for AI Agent SDKs. LockStock provides cryptographic identity, capability authorization, and audit trails for agents running on any framework.
What's New in 2.0.0
- Thin SaaS Client: No local crypto, no Guard daemon required
- Built-in Idempotency: Safe retries on network failures without double-advancing the chain
- Automatic Retry: Exponential backoff for transient errors (502, 503, 504, timeouts)
- Sequence Tracking: Detects stale clients and provides resync diagnostics
Supported Frameworks
| Integration | Framework | Status |
|---|---|---|
lockstock_fastapi |
FastAPI (Thin Middleware) | Stable |
lockstock_claude |
Claude Agent SDK | Alpha |
lockstock_openai |
OpenAI Agents SDK | Alpha |
lockstock_langgraph |
LangGraph | Alpha |
lockstock_a2a |
A2A Protocol | Alpha |
lockstock_adk |
Google ADK | Planned |
lockstock_crewai |
CrewAI | Planned |
Installation
# FastAPI thin middleware (recommended for SaaS)
pip install lockstock-integrations[fastapi]
# Install with specific framework support
pip install lockstock-integrations[claude]
pip install lockstock-integrations[openai]
pip install lockstock-integrations[langgraph]
# Install with all frameworks
pip install lockstock-integrations[all]
Quick Start
FastAPI Inference Servers (Recommended)
The thin middleware stamps every request and response via the /v1/stamp API with zero local crypto. Supports SSE streaming for LLM responses. Fail-closed by default (no stamp = no action).
from fastapi import FastAPI
from lockstock_fastapi import LockStockThinMiddleware
app = FastAPI()
app.add_middleware(
LockStockThinMiddleware,
agent_id="agent_xxx_name",
api_key="lsk_admin_...",
path_tasks={
"/v1/chat/completions": "chatcompletion",
"/v1/models": "network",
"/health": None, # Excluded from stamping
},
# Defaults (no configuration needed):
# - response_tasks auto-inferred: chatcompletion -> chatcompletionRESPONSE
# - block_on_rejection=True: fail-closed, 503 if stamp fails
)
Install with:
pip install lockstock-integrations[fastapi]
Claude Agent SDK
from lockstock_claude import LockStockHook
# Create hook with your agent credentials
hook = LockStockHook(
agent_id="agent_abc123",
api_key="lsk_admin_...",
endpoint="https://lockstock-api-i9kp.onrender.com"
)
# Use as pre-tool-execution hook
# The hook will verify capabilities before each tool call
OpenAI Agents SDK
from lockstock_openai import LockStockGuardrail
guardrail = LockStockGuardrail(agent_id="agent_abc123")
# Add to your agent's guardrails
agent = Agent(
name="my-agent",
guardrails=[guardrail]
)
LangGraph
from lockstock_langgraph import lockstock_middleware
# Wrap your graph with LockStock middleware
app = lockstock_middleware(
graph=your_graph,
agent_id="agent_abc123"
)
Direct API Usage
For custom integrations, use the core client directly:
from lockstock_core import LockStockClient
async with LockStockClient(
agent_id="agent_xxx",
api_key="lsk_admin_...",
) as client:
# Stamp a capability (with automatic retry and idempotency)
result = await client.stamp("chatcompletion")
if result.authorized:
print(f"Authorized! Sequence: {result.sequence}")
else:
print(f"Denied: {result.reason}")
Idempotency Guarantees
Every stamp() call automatically:
- Generates a unique idempotency key (UUID)
- Retries on transient failures (timeouts, 502/503/504)
- Returns cached response on retry if server already processed
- Never double-advances the chain on network failures
# Safe to retry - same logical request
result = await client.stamp("deploy") # Network timeout
result = await client.stamp("deploy") # Returns cached response, chain at same position
Architecture
Thin Middleware (SaaS)
┌─────────────────────────────────────────────────────────────────┐
│ YOUR FASTAPI SERVER │
│ (LLM inference, chat completions, etc.) │
└─────────────────────────────────────────────────────────────────┘
│
▼
┌─────────────────────────────────────────────────────────────────┐
│ LOCKSTOCK THIN MIDDLEWARE │
│ │
│ • Pure ASGI (no buffering - supports SSE streaming) │
│ • Calls /v1/stamp API (server does all crypto) │
│ • Injects X-LockStock-* headers into response │
│ • Auto response stamping (fire-and-forget, non-blocking) │
└─────────────────────────────────────────────────────────────────┘
│
▼
┌─────────────────────────────────────────────────────────────────┐
│ LOCKSTOCK CORE API │
│ │
│ • /v1/stamp - Request stamping (thin clients) │
│ • /verify - Full verification (fat clients) │
│ • /bootstrap - Agent identity initialization │
│ • Hash chain - Cryptographic audit trail │
└─────────────────────────────────────────────────────────────────┘
Agent SDK Integrations
┌─────────────────────────────────────────────────────────────────┐
│ YOUR AGENT RUNTIME │
│ (Claude Agent SDK / OpenAI / LangGraph / CrewAI / ADK) │
└─────────────────────────────────────────────────────────────────┘
│
▼
┌─────────────────────────────────────────────────────────────────┐
│ LOCKSTOCK INTEGRATION │
│ │
│ • Pre-tool-execution hooks │
│ • Capability verification │
│ • Audit trail logging │
└─────────────────────────────────────────────────────────────────┘
│
▼
┌─────────────────────────────────────────────────────────────────┐
│ LOCKSTOCK CORE API │
│ │
│ • /verify - Capability authorization │
│ • /bootstrap - Agent identity initialization │
│ • Hash chain - Cryptographic audit trail │
└─────────────────────────────────────────────────────────────────┘
License
MIT License - See LICENSE file for details.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file lockstock_integrations-2.0.0rc9.tar.gz.
File metadata
- Download URL: lockstock_integrations-2.0.0rc9.tar.gz
- Upload date:
- Size: 124.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
2f82d3977cd68b38e76bfa67f75880738676aa75d6fda8c6b07a5dac98eab3a8
|
|
| MD5 |
063dcc86a0bc9d2df442b0f828d7a552
|
|
| BLAKE2b-256 |
abf2383cc1e7bab1abb624c4d76b3047eea286fec823f4c01eca85e28097dcbe
|
File details
Details for the file lockstock_integrations-2.0.0rc9-py3-none-any.whl.
File metadata
- Download URL: lockstock_integrations-2.0.0rc9-py3-none-any.whl
- Upload date:
- Size: 61.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
2021b80fe578a0b204f6c133e3bbb89d978caec24eba1bb8f68920dde49c125f
|
|
| MD5 |
f09dcaed145e0a06a154f67aa00c7bdb
|
|
| BLAKE2b-256 |
8584d13545f1b3f0b8b11b789d88e7ed59e2c62a6995b6ffc6ff4f688f6c69a7
|
