Skip to main content

MolTrust trust verification middleware for LangChain 1.x

Project description

moltrust-langchain

Add trust verification to LangChain 1.x agents in one line.

moltrust-langchain plugs into LangChain 1.x's AgentMiddleware hook system to check MolTrust trust scores before an agent reasons and before it calls out to other agents/tools. Below-threshold agents are blocked (or warned/logged).

Install

pip install moltrust-langchain

Usage

from langchain.agents import create_agent
from moltrust_langchain import MolTrustMiddleware

agent = create_agent(
    model="anthropic:claude-sonnet-4-6",
    tools=[...],
    middleware=[MolTrustMiddleware(min_score=60)],
)

This example matches the real langchain.agents.create_agent signature (middleware: Sequence[AgentMiddleware] = ()), verified against langchain 1.3.11.

Usage tiers

Tier 1 — no account required (default):

MolTrustMiddleware(min_score=60)          # keyless; reads scores rate-limited

Tier 2 — free account (higher limits):

MolTrustMiddleware(min_score=60, api_key="mt_...")   # or MOLTRUST_API_KEY env

The API key is sent as the X-API-Key header only when present.

What it does

MolTrustMiddleware is a langchain.agents.middleware.AgentMiddleware. It uses two hook points (verified against langchain 1.3.11):

  • before_model(state, runtime) — checks this agent's own DID (agent_did=...) before it reasons. A blocked check raises TrustCheckFailed (halts the agent) when action="block".
  • wrap_tool_call(request, handler) — checks the target of a tool / A2A call (DID from the tool-call args under did_key, or agent_did_map by tool name). A blocked call returns an error ToolMessage (the agent can react) instead of raising.

min_score is on the 0–100 MolTrust trust score (trust_score from GET /skill/trust-score/{did}) — the behavioral score, not a 0–5 rating. Scores are recomputable: verify the on-chain solvency component of any agent yourself at

https://api.moltrust.ch/credits/solvency/{did}

Options

MolTrustMiddleware(
    min_score=60,               # 0-100 trust score threshold
    action="block",             # "block" | "warn" | "log"
    agent_did="did:moltrust:…",  # this agent's DID (before_model self-check)
    agent_did_map={"call_agent": "did:moltrust:…"},  # tool → target DID
    did_key="did",              # DID key in tool-call args / runtime context
    pass_without_did=True,       # allow calls with no resolvable DID
    check_model=True, check_tools=True,
)

Difference from Microsoft AGT

Microsoft's Agent Governance Toolkit enforces policieswhat an agent may do (scope, sandboxing, zero-trust identity). MolTrust verifies behavioral trustis this agent trustworthy, based on verifiable history. Complementary, not competing: AGT bounds authority; MolTrust decides who has earned it.

Honest limitations (0.1.0)

  • LangChain agents have no MolTrust DID by default — supply agent_did (for the self-check) and/or a did in tool-call args or agent_did_map (for targets).
  • A withheld score (registered agent, too few endorsements → API returns trust_score: null) is treated like an unregistered agent: fail-closed in block, fail-open in warn/log.
  • On a registry/transport error the middleware fails open (logs, allows) so a MolTrust hiccup never breaks your agent.
  • Synchronous hooks only. For fully async agents (ainvoke/astream), async abefore_model/awrap_tool_call are a follow-up.

License

MIT © CryptoKRI GmbH — see LICENSE.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distributions

No source distribution files available for this release.See tutorial on generating distribution archives.

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

moltrust_langchain-0.1.0-py3-none-any.whl (10.9 kB view details)

Uploaded Python 3

File details

Details for the file moltrust_langchain-0.1.0-py3-none-any.whl.

File metadata

File hashes

Hashes for moltrust_langchain-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 50da59b9aca93ab242c24d861ce82c468ba4b866024c617f2dea2f964dea0352
MD5 27d87fe74bced70889269796cac7e478
BLAKE2b-256 b788ae9f7bafc453470d2e1e1fa21706e2eb98954e3f2afc606e4e4e1b266b68

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page