Client SDK for Warden — build and sign canonical Warden delegation tokens, and route agent frameworks through the Warden MCP proxy.
Project description
warden-agent-sdk (Python)
Client SDK for Warden — build and sign canonical Warden delegation tokens, and route agent frameworks through the Warden MCP proxy.
Warden's identity boundary is a single signed token that says who an agent acts
for (RFC 8693): sub is the accountable human, act is the nested acting chain
whose leaf is the agent, and roles/attrs/rel/scope carry
RBAC/ABAC/ReBAC/grant. This SDK is the convenience layer for producing that token
and wiring it in. The proxy always accepts a raw conforming token with no SDK
at all — this package is convenience, not a new trust surface.
Install
pip install warden-agent-sdk # core (pure stdlib): token builder + conformance
pip install "warden-agent-sdk[jwt]" # + asymmetric JWT signing (PyJWT)
Not on PyPI yet? Install from source until the first release:
pip install "git+https://github.com/vijayvedula/warden.git#subdirectory=sdk/python"
Build a token
from warden_sdk import TokenBuilder
tok = (
TokenBuilder(sub="alice@example.com", agent="prod-agent")
.via("svc-principal") # act chain: alice -> svc -> agent
.role("analyst")
.relation("can_read", "table:sales") # ReBAC
.grant("query_table") # agent's delegated scope
.audience("warden:prod")
.expires_in(300)
)
# Local/dev: a keyed dev envelope (verified with `--token-key`)
tok.write_dev_envelope(".warden/token.json", key="dev-secret")
# Production: a compact JWT signed by an asymmetric key (or your KMS)
from warden_sdk import JwtSigner
signer = JwtSigner.from_file("issuer_ec_priv.pem", alg="ES256", default_kid="k1")
jwt = tok.to_jwt(signer, at_jwt=True)
Identity adapters
Map a platform's native identity to canonical claims. Adapters are pure data mapping — they never sign authority themselves.
from warden_sdk.adapters import aws, databricks, google, azure
tok = aws.from_sts_session({
"accountable": "alice@example.com",
"session_name": "agent-session",
"session_tags": {"team": "research"}, # STS session tags -> ABAC attrs
"iam_roles": ["arn:aws:iam::…:role/analyst"],
"session_policy_actions": ["query_table"],
}, agent="prod-agent", audience="warden:prod")
| Adapter | Native source | Entry point |
|---|---|---|
aws |
STS AssumeRole session + session tags (Bedrock AgentCore) | from_sts_session |
databricks |
on-behalf-of-user + Unity Catalog grants | from_obo |
google |
workload identity / service account (Vertex ADK / A2A) | from_workload_identity |
azure |
Entra ID managed identity + OBO | from_entra_obo |
Orchestration shims
Point an agent framework's MCP client at warden proxy instead of the tool
server — no other agent code changes.
from warden_sdk import ProxyConfig
from warden_sdk.orchestration import langgraph as wl
from langchain_mcp_adapters.client import MultiServerMCPClient
cfg = ProxyConfig(upstream="python3 tools_server.py", agent="prod-agent",
token=".warden/token.json", audience="warden:prod")
client = MultiServerMCPClient(wl.warden_mcp_servers(cfg))
tools = await client.get_tools() # discovered THROUGH Warden
warden_sdk.orchestration.google_adk provides the equivalent for the Google ADK
MCP toolset.
Conformance
A token is conformant iff it passes warden token verify — the exact check the
proxy runs. The kit shells out to the real binary so first-party and community
adapters are verifiable against ground truth:
from warden_sdk import TokenBuilder, verify_token
env = TokenBuilder(sub="alice", agent="prod-agent").audience("warden:prod") \
.dev_envelope(key="dev-secret")
verify_token(env, agent="prod-agent", audience="warden:prod",
token_key="dev-secret").raise_for_status()
Develop
pip install -e ".[dev]"
cargo build # from the repo root, so the conformance tests find `warden`
pytest
ruff check .
Source-available under the Functional Source License 1.1 (FSL-1.1-ALv2) — free for any use except a Competing Use; each version becomes Apache-2.0 two years after release. See LICENSE.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file warden_agent_sdk-0.1.0.tar.gz.
File metadata
- Download URL: warden_agent_sdk-0.1.0.tar.gz
- Upload date:
- Size: 20.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.9.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
9199cee99129314cec5fb31ed39086f097c22b98f3efcb38b5b616cdc26d8c63
|
|
| MD5 |
035f4d193ffc7a231bc68d3ed490349c
|
|
| BLAKE2b-256 |
5c8744fb888c9ab21021829ec96fa8e385ffdb56185c99637db544bc839e92fd
|
File details
Details for the file warden_agent_sdk-0.1.0-py3-none-any.whl.
File metadata
- Download URL: warden_agent_sdk-0.1.0-py3-none-any.whl
- Upload date:
- Size: 25.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.9.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
c119752e8c89d1f9ad83d5f993b32489ed0d5f608492bbb8856cc1187da68cc3
|
|
| MD5 |
4c1340c47c23c12ed198cfa1763b2f90
|
|
| BLAKE2b-256 |
815841346dd4390633337c90e50766651e2902f04b437338f424e8552ccd1442
|