OpenBox governance and observability SDK for LangChain
Project description
OpenBox LangChain SDK — Python
LangChain-Core adapter for OpenBox governance. Provides callback handlers that emit tool and LLM lifecycle events to OpenBox Core's policy engine, enabling real-time governance, guardrails, HITL approval flows, and base-SDK hook governance (HTTP/DB/File I/O) for LangChain agents.
Installation
pip install openbox-langchain-sdk-python
Quick Start
from langchain.agents import create_agent
from openbox_langchain import create_openbox_langchain_middleware
# 1. Create middleware
middleware = create_openbox_langchain_middleware(
api_url="https://core.openbox.ai",
api_key="obx_live_...",
agent_did="did:aip:...",
agent_private_key="...",
agent_name="MyAgent",
)
# 2. Create agent with middleware
agent = create_agent(
model="openai:gpt-4o",
tools=[...],
middleware=[middleware],
)
# 3. Invoke — governance applied automatically
result = agent.invoke({"messages": [("user", "your query")]})
How It Works
Two-layer governance architecture:
| Layer | Mechanism | Governs |
|---|---|---|
| 1 | LangChain-Core Callbacks | Tool and LLM lifecycle emission via ActivityBridge |
| 2 | Base SDK Hook Governance | HTTP requests, DB queries, file I/O at process boundary |
Core components:
ActivityBridge— Ownership channel for tool and LLM events; prevents duplicate governance evaluationOpenBoxLangChainCoreAsyncCallbackHandler/...SyncCallbackHandler— LangChain-Core callbacks emitting tool and LLM lifecycle events to OpenBox Core- AgentMiddleware (for
create_agent) — Wraps model and tool calls with additional governance context
Configuration
middleware = create_openbox_langchain_middleware(
api_url="https://core.openbox.ai", # OpenBox Core URL
api_key="obx_live_...", # API key (obx_live_* or obx_test_*)
agent_did="did:aip:...", # Required by default; can use OPENBOX_AGENT_DID
agent_private_key="...", # Required by default; can use OPENBOX_AGENT_PRIVATE_KEY
agent_name="MyAgent", # Agent name (from dashboard)
governance_timeout=30.0, # HTTP timeout in seconds
validate=True, # Validate API key on startup
session_id="session-123", # Optional session tracking
tool_type_map={ # Optional tool classification
"search_web": "http",
"query_db": "database",
},
)
Agent Identity and DID Signing
OpenBox issues each registered agent a decentralized identifier (DID) and private key. DID signing is enabled by default for newly registered agents. The OpenBox UI returns both values when the agent is created. Pass them to the middleware so governance events are signed and attributable to that agent.
You can provide them directly:
middleware = create_openbox_langchain_middleware(
api_url="https://core.openbox.ai",
api_key="obx_live_...",
agent_did="did:aip:...",
agent_private_key="...",
)
Or set them through the environment:
export OPENBOX_AGENT_DID="did:aip:..."
export OPENBOX_AGENT_PRIVATE_KEY="..."
If DID signing is explicitly disabled for the agent in OpenBox, these values can be omitted. Otherwise, provide both values together.
Supported Agent Types
create_agent(model, tools, middleware=[...])— recommended- Any LangChain agent builder that accepts
middleware
Verdict Enforcement
5-tier verdict system:
- ALLOW — Request permitted
- CONSTRAIN — Request constrained (e.g., rate limit)
- REQUIRE_APPROVAL — Human approval required (HITL polling)
- BLOCK — Request blocked with error
- HALT — Entire workflow halted (unrecoverable error)
Requirements
- Python 3.11+
- openbox-sdk-python >= 1.0.0
- langchain-core >= 1.3.3
- LangChain >= 1.0.0 (required only for
[agent]extra, which enablescreate_agentmiddleware)
API Reference
LangChain-Core callbacks:
OpenBoxLangChainCoreAsyncCallbackHandler— Async callback handler for tool/LLM lifecycleOpenBoxLangChainCoreSyncCallbackHandler— Sync callback handler for tool/LLM lifecycleActivityBridge— Ownership channel for lifecycle event deduplication
AgentMiddleware (optional):
create_openbox_langchain_middleware()— Creates configured middleware forcreate_agent
See openbox_langchain.__init__.py for full API export list.
License
MIT
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file openbox_langchain_sdk_python-1.0.0.tar.gz.
File metadata
- Download URL: openbox_langchain_sdk_python-1.0.0.tar.gz
- Upload date:
- Size: 307.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
eb1f6e0c91048512ffade336dbfbc7f720783af3e639a5f96242750284422e2d
|
|
| MD5 |
cc102519b2e2014c881370d3f863d6b9
|
|
| BLAKE2b-256 |
47991d6d2035187ae070e679deaa7694ebfa06a37aeb3bf0d808778c66a1585e
|
Provenance
The following attestation bundles were made for openbox_langchain_sdk_python-1.0.0.tar.gz:
Publisher:
publish.yml on OpenBox-AI/openbox-langchain-sdk-python
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
openbox_langchain_sdk_python-1.0.0.tar.gz -
Subject digest:
eb1f6e0c91048512ffade336dbfbc7f720783af3e639a5f96242750284422e2d - Sigstore transparency entry: 2088130451
- Sigstore integration time:
-
Permalink:
OpenBox-AI/openbox-langchain-sdk-python@b147b39e22677cee322c39584f3d66ed2bc90094 -
Branch / Tag:
refs/tags/1.0.0 - Owner: https://github.com/OpenBox-AI
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@b147b39e22677cee322c39584f3d66ed2bc90094 -
Trigger Event:
push
-
Statement type:
File details
Details for the file openbox_langchain_sdk_python-1.0.0-py3-none-any.whl.
File metadata
- Download URL: openbox_langchain_sdk_python-1.0.0-py3-none-any.whl
- Upload date:
- Size: 51.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
a84add38c86d932295c903574a7352b159a6016ad337922ec3670a7741ba7a6b
|
|
| MD5 |
4ad0985014b5e4c2d3a4c872c0bcd6bd
|
|
| BLAKE2b-256 |
cc566d86923459c675ec3f8c3bb966342725784d2965d34e8373b891f26b4612
|
Provenance
The following attestation bundles were made for openbox_langchain_sdk_python-1.0.0-py3-none-any.whl:
Publisher:
publish.yml on OpenBox-AI/openbox-langchain-sdk-python
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
openbox_langchain_sdk_python-1.0.0-py3-none-any.whl -
Subject digest:
a84add38c86d932295c903574a7352b159a6016ad337922ec3670a7741ba7a6b - Sigstore transparency entry: 2088130542
- Sigstore integration time:
-
Permalink:
OpenBox-AI/openbox-langchain-sdk-python@b147b39e22677cee322c39584f3d66ed2bc90094 -
Branch / Tag:
refs/tags/1.0.0 - Owner: https://github.com/OpenBox-AI
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@b147b39e22677cee322c39584f3d66ed2bc90094 -
Trigger Event:
push
-
Statement type: