Official Python SDK for Vorim AI — AI Agent Identity, Permissions & Audit
Project description
vorim
Official Python SDK for Vorim AI — the identity, permissions, and audit layer for AI agents.
Vorim AI provides cryptographic agent identities (Ed25519), fine-grained permissions (7 scopes), immutable audit trails, and trust scoring (0-100) for production AI agent deployments. EU AI Act compliant out of the box.
vorim.ai — Create a free account and get your API key in 30 seconds. Documentation — Full API reference, framework integrations, and examples. Quick Start — Set up in under 5 minutes.
Install
pip install vorim
With framework integrations:
pip install vorim[langchain] # LangChain / LangGraph
pip install vorim[crewai] # CrewAI
pip install vorim[openai] # OpenAI Agents SDK
pip install vorim[all] # All integrations
Requires Python 3.10+.
Quick Start
from vorim import Vorim
vorim = Vorim(api_key="agid_sk_live_...")
# Register an agent (returns Ed25519 keypair, private key shown once)
result = vorim.register(
name="invoice-processor",
capabilities=["read_documents", "extract_data"],
scopes=["agent:read", "agent:execute"],
)
print(result.agent.agent_id) # agid_acme_a1b2c3d4
print(result.agent.trust_score) # 50
# Check permissions (<5ms via Redis)
check = vorim.check(result.agent.agent_id, "agent:execute")
if check.allowed:
# Emit audit event
vorim.emit(
agent_id=result.agent.agent_id,
event_type="tool_call",
action="process_invoice",
resource="INV-2026-0042",
result="success",
latency_ms=142,
)
# Verify any agent's trust (public, no auth required)
trust = vorim.verify(result.agent.agent_id)
print(f"Trust score: {trust.trust_score}/100")
Async Client
from vorim import AsyncVorim
async with AsyncVorim(api_key="agid_sk_live_...") as vorim:
result = await vorim.register(
name="my-agent",
capabilities=["search"],
scopes=["agent:read"],
)
trust = await vorim.verify(result.agent.agent_id)
print(f"Trust score: {trust.trust_score}/100")
API Reference
Vorim(api_key, base_url?, timeout?, auto_sign=True)
| Method | Description |
|---|---|
register(name, capabilities, scopes) |
Register an agent; caches the returned Ed25519 private key for auto-signing |
check(agent_id, scope) |
Check if agent has permission (sub-5ms) |
emit(agent_id, event_type, action, ..., sign=None) |
Emit an audit event. Auto-signed if the agent's key is in the keyring |
emit_batch(events, sign=None) |
Emit up to 1,000 audit events. Auto-signs each one |
verify(agent_id) |
Verify agent identity and trust score (public) |
get_agent(agent_id) |
Get agent details |
list_agents(status?, page?, per_page?) |
List agents with filtering |
revoke(agent_id) |
Permanently revoke an agent |
grant(agent_id, scope, valid_until?, rate_limit?) |
Grant a permission scope |
use_agent_key(agent_id, private_key_pem) |
Restore a private key into the in-memory keyring after process restart |
forget_agent_key(agent_id) |
Remove a private key from the keyring |
Module-level helpers: canonical_payload_v0(event) (returns the bytes that get signed) and sign_payload(payload, private_key_pem) (returns ed25519:<base64>).
AsyncVorim has the same interface with await on all methods.
Per-event signing (auto-signing)
From v3.4.0, every audit event is signed at source with the agent's Ed25519 private key — no code change required. register() caches the returned key in memory and emit() attaches the signature transparently. The bytes signed are event_type|action|resource|input_hash|output_hash|result (pipe-joined, empty strings for missing fields).
result = vorim.register(name="agent", capabilities=[], scopes=[])
# Auto-signed. The signature is attached before the request leaves the process.
vorim.emit(
agent_id=result.agent.agent_id,
event_type="tool_call",
action="transfer_funds",
result="success",
)
To verify signatures server-side, the API operator sets VORIM_VERIFY_AUDIT_SIGNATURES=true.
Restoring keys across process restarts. The in-memory keyring is lost on restart. Load the private key from your secret store:
vorim.use_agent_key(agent_id, private_key_pem)
vorim.forget_agent_key(agent_id) # revoke from memory
Opting out. Per event with sign=False, or globally with auto_sign=False:
vorim.emit(agent_id=..., event_type=..., action=..., result=..., sign=False)
vorim = Vorim(api_key=..., auto_sign=False)
Permission Scopes
| Scope | Description |
|---|---|
agent:read |
Read data on behalf of owner |
agent:write |
Write or modify data |
agent:execute |
Trigger actions or tool calls |
agent:transact |
Financial or contractual actions |
agent:communicate |
Send messages or emails |
agent:delegate |
Sub-delegate to other agents |
agent:elevate |
Request permission elevation |
Framework Integrations
LangChain / LangGraph
from vorim import Vorim
from vorim.integrations.langchain import vorim_tool, VorimCallbackHandler
vorim = Vorim(api_key="agid_sk_live_...")
@vorim_tool(vorim, agent_id="agid_acme_...", permission="agent:execute")
def search(query: str) -> str:
"""Search documents."""
return f"Results for {query}"
# search() is now a standard LangChain tool with built-in permission checks + audit
CrewAI
from vorim import Vorim
from vorim.integrations.crewai import register_crew
vorim = Vorim(api_key="agid_sk_live_...")
crew = register_crew(vorim, {
"crew_name": "content-pipeline",
"members": [
{
"role": "researcher",
"name": "crew-researcher",
"capabilities": ["web_search"],
"scopes": ["agent:read", "agent:execute"],
},
],
})
OpenAI Function Calling
from openai import OpenAI
from vorim import Vorim
from vorim.integrations.openai_agents import VorimToolRegistry
vorim = Vorim(api_key="agid_sk_live_...")
client = OpenAI()
registry = VorimToolRegistry(vorim=vorim, agent_id="agid_acme_...")
registry.add(
name="search",
description="Search documents",
parameters={"type": "object", "properties": {"query": {"type": "string"}}},
execute=lambda args: f"Results for {args['query']}",
)
response = client.chat.completions.create(
model="gpt-4o",
messages=[{"role": "user", "content": "Search for AI papers"}],
tools=registry.to_openai_tools(),
)
# Permission checked + audited automatically
tool_messages = registry.execute_tool_calls(
response.choices[0].message.tool_calls or []
)
Resources
License
MIT
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file vorim-3.6.1.tar.gz.
File metadata
- Download URL: vorim-3.6.1.tar.gz
- Upload date:
- Size: 47.0 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.8
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
3b3dd175117dd425efe536bed19820894cfe4a8fdd7bd77069f831ae43302edb
|
|
| MD5 |
e6ad233f4bf1e0e5bc1e27fff220d218
|
|
| BLAKE2b-256 |
f8dd24bfba24fe0a6324f3f7420f5a741c88c55b657a994f056b7d04dc020b04
|
File details
Details for the file vorim-3.6.1-py3-none-any.whl.
File metadata
- Download URL: vorim-3.6.1-py3-none-any.whl
- Upload date:
- Size: 42.3 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.8
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
26065b82c17d3eb0d18a64b4dbe2a4b2553525f440d61a123dd0feb006ce99b0
|
|
| MD5 |
a44a23bbebf30967b6b8ab7d7e88e40f
|
|
| BLAKE2b-256 |
ca38d525816e61c61b99c2ee1ace0c3a40be4d4400705fea04b18ae10b7ef02c
|
