Skip to main content

LangChain adapter for Sentinel AI agent governance — wrap any LangChain tool so every call is authorized (and audited) by the Sentinel gateway before it runs. Private beta: cosimo@plannest.net

Project description

sentinel-agent-trust-langchain

PyPI License: Apache 2.0

LangChain adapter for Sentinel AI — the identity & governance layer for AI agents. Wrap any LangChain tool so that every call is authorized (and audited) by the Sentinel gateway before it runs: your tool code and your agent code stay untouched.

Sentinel is in private beta. For source access, a hosted sandbox organization key, or to collaborate: cosimo@plannest.net

Install

pip install sentinel-agent-trust-langchain

Depends only on the public SDK (sentinel-agent-trust) and langchain-core — no heavyweight extras.

Quickstart

import os
from langchain_core.tools import tool
from sentinel_langchain import SentinelGuard

@tool
def create_refund(customer: str, amount: float) -> str:
    """Issue a refund to a customer."""
    return billing.refund(customer, amount)

guard = SentinelGuard(
    agent_id="agt_...",
    private_key=os.environ["SENTINEL_AGENT_PRIVATE_KEY"],  # base64 Ed25519 seed
    gateway_url="https://your-gateway.example.com",
)

tools = guard.wrap_all([create_refund])   # ← the only change to your agent

# then use the governed tools anywhere LangChain tools go:
# from langchain.agents import create_agent
# agent = create_agent(model, tools)

Every tool call is signed with the agent's Ed25519 key and checked against your policies in real time. The wrapped tool keeps the same name, description, and argument schema — the LLM sees no difference.

What the model sees

Sentinel's decision is translated into an observation the model can act on (the underlying tool is never executed unless the gateway approves):

Gateway outcome Tool behavior
200 approved the wrapped tool runs, result returned as usual
403 denied (policy, constraint, budget) not executed; observation says the denial is final for these arguments — don't retry, branch
202 approval required not executed; observation carries the approval_id and says to inform the user and retry the identical call after a human approves
gateway unreachable not executed (fail-closed); observation says it's transient and safe to retry

This mapping is what keeps agents out of retry loops: a policy denial reads as a hard "no", an approval-pending reads as "park it", an outage reads as "try again shortly".

Mapping tools to your policy taxonomy

By default a tool named create_refund is authorized as action tool.create_refund on resource tool://create_refund, so a single policy with action_pattern: "tool.*" governs every wrapped tool. For business-level policies, map tools explicitly:

tools = guard.wrap_all(
    [create_refund, read_contact],
    overrides={
        "create_refund": {"action": "crm.refund.create", "resource": "crm://refunds"},
        "read_contact":  {"action": "crm.contact.read",  "resource": "crm://contacts/*"},
    },
)

…and the policy on the Sentinel side:

{
  "action_pattern": "crm.refund.create",
  "constraints": {"max_amount": 5000, "max_total_amount_per_day": 20000},
  "approval_thresholds": {"amount": 500}
}

Each refund ≤ 5000, at most 20 000/day in total, and a human approves anything from 500 up — enforced outside the model, no prompt engineering.

The tool's parsed arguments are sent as the action payload, so constraints like max_amount apply to the actual amount argument the model chose.

Async

Both paths are supported: tool.invoke(...) and await tool.ainvoke(...). The authorization call runs in a worker thread in the async path, so it never blocks the event loop.

CrewAI and other frameworks

CrewAI (and most agent frameworks) can consume LangChain tools directly, so wrapping with SentinelGuard before handing tools to your crew works today. A native CrewAI adapter is on the roadmap.

Demo

With the repo's demo gateway running (cd gateway && go run .):

pip install -e sdk/python -e sdk/adapters/langchain
python examples/langchain_crm_agent.py

License

Apache 2.0 (the adapter and SDKs). The Sentinel platform is licensed separately under BSL 1.1 — see the repository root.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

sentinel_agent_trust_langchain-0.1.1.tar.gz (13.1 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

sentinel_agent_trust_langchain-0.1.1-py3-none-any.whl (12.2 kB view details)

Uploaded Python 3

File details

Details for the file sentinel_agent_trust_langchain-0.1.1.tar.gz.

File metadata

File hashes

Hashes for sentinel_agent_trust_langchain-0.1.1.tar.gz
Algorithm Hash digest
SHA256 9be31ecb0ca0d2221b6e8f346bde22a3386dc84d92ec440f0e0acacaab0454ca
MD5 7d53ff96f731a13398e2bd937bd6c5c5
BLAKE2b-256 92a1031a1bbef7d687bb3ebf7c8da906d602ddc72be9ee204a8a968df8cec94f

See more details on using hashes here.

Provenance

The following attestation bundles were made for sentinel_agent_trust_langchain-0.1.1.tar.gz:

Publisher: release.yml on viperformanz/sentinel-ai

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file sentinel_agent_trust_langchain-0.1.1-py3-none-any.whl.

File metadata

File hashes

Hashes for sentinel_agent_trust_langchain-0.1.1-py3-none-any.whl
Algorithm Hash digest
SHA256 d382ef10344b968fdd64ae54ed4a7d211d3c127b723ae60f4e8b79bc043b94f2
MD5 113d0696924e306a9e0d9dbc6460030e
BLAKE2b-256 6bde864f63a4c52437d1f8b8a1777815b0d9490c0fd40e5877878cc86fb8b08f

See more details on using hashes here.

Provenance

The following attestation bundles were made for sentinel_agent_trust_langchain-0.1.1-py3-none-any.whl:

Publisher: release.yml on viperformanz/sentinel-ai

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page