Skip to main content

LangChain request-signing adapter for the VAID standard: sign every outbound agent HTTP request with a VAID proof-of-possession via a thin httpx.Auth seam.

Project description

vaid-langchain

Sign every outbound HTTP request a LangChain agent makes with a VAID proof-of-possession, without forking LangChain.

from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PrivateKey
from vaid_pop import RequestSigner
from vaid_langchain import make_vaid_tool

signer = RequestSigner(vaid=my_vaid_doc, private_key=my_key)   # hand-provisioned
tool = make_vaid_tool(signer, base_url="https://api.example.com")
# give `tool` to a LangChain agent — every call it makes to the backend is
# VAID-signed with the four x-synthera-* headers.

Run the zero-dependency demo (mock backend, no server/LLM/API key):

python examples/quickstart.py

How it works — the seam is the HTTP client, not the tool layer

Agent frameworks hook at the tool-call layer (a function name + kwargs). VAID proof-of-possession signs an HTTP request — it binds (method, request-target, body_sha256). So the clean, non-forking seam is the HTTP client the tool uses: VaidAuth is an httpx.Auth subclass that runs on every outbound request and attaches the PoP headers.

That means VaidAuth is the whole reusable adapter — usable with any httpx client, LangChain not required:

import httpx
from vaid_langchain import VaidAuth
client = httpx.Client(base_url="https://api.example.com", auth=VaidAuth(signer))
client.post("/vaid/mint", json={...})   # signed

make_vaid_tool is just LangChain's idiomatic wrapper (a StructuredTool) around a client carrying that auth. Signing itself defers to vaid_pop.RequestSigner — canonicalization is never reimplemented, so a conforming verifier derives identical bytes.

The signed request target includes the query string — a security decision

The signed path is the on-the-wire request target: percent-encoded path + ?query (httpx request.url.raw_path), never path-only.

This is a security decision, not a demo convenience. Signing path-only would leave query parameters (?tenant=…, ?limit=…, ids, filters) outside the signature, so an attacker could alter them under a still-valid signature. Since the query frequently carries authorization-relevant material, it must be part of the signed target. The convention is pinned and covered by an explicit cross-language round-trip test (tests/test_path_convention.py), including a case proving that using the wrong attribute (query-dropping .path) fails verification loudly rather than silently. A verifier MUST reconstruct the same target (path + query) it received.

Provisioning is hand-done — NOT managed by this SDK

This adapter signs requests; it does not provision identity. Getting the agent's VAID document and its Ed25519 private key into the process is the caller's responsibility:

  • Mint the VAID with the reference mint (vaid-mint) or your deployment's managed authority.
  • Load the private key from your own secret store / env / file.

The quickstart hard-codes a demo VAID + key purely to run offline. Do not ship hard-coded keys — treat the agent's private key (and, per the mint's delegation model, any parent VAID it holds) as a credential.

Install (local dev)

Depends on vaid-pop. For a local checkout:

pip install -e python/vaid-pop
pip install -e python/vaid-langchain[test]   # includes langchain-core + pytest

Other frameworks

CrewAI and Google ADK integrate through the same VaidAuth seam (subclass crewai.tools.BaseTool / wrap an ADK FunctionTool over a VaidAuth-bearing client). Only LangChain ships today; the shared auth is what makes the others near-copies.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

vaid_langchain-0.1.0.tar.gz (12.5 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

vaid_langchain-0.1.0-py3-none-any.whl (11.9 kB view details)

Uploaded Python 3

File details

Details for the file vaid_langchain-0.1.0.tar.gz.

File metadata

  • Download URL: vaid_langchain-0.1.0.tar.gz
  • Upload date:
  • Size: 12.5 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.14.5

File hashes

Hashes for vaid_langchain-0.1.0.tar.gz
Algorithm Hash digest
SHA256 aeb866e4557fe9a4e3f447f40cc8a69d1be6b76f859836ff6282a4e40504c745
MD5 51fa3e3c48e2c75b7438d15584eef464
BLAKE2b-256 7434e370f852463a8e0b442816e2da707532c812d7e4d9d451c997db010a9a4d

See more details on using hashes here.

File details

Details for the file vaid_langchain-0.1.0-py3-none-any.whl.

File metadata

  • Download URL: vaid_langchain-0.1.0-py3-none-any.whl
  • Upload date:
  • Size: 11.9 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.14.5

File hashes

Hashes for vaid_langchain-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 2b902bd65355670fe9a120955757606abc85b127b9c32685e2e8b4e22a32bee1
MD5 8c55bcec7dd990c15255158b6147e33f
BLAKE2b-256 3583828e772e05e6fd58e6cb8ce71be37931a37da4a60a1f4338f99228fc9e35

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page