Skip to main content

Client SDK for Warden — build and sign canonical Warden delegation tokens, and route agent frameworks through the Warden MCP proxy.

Project description

warden-agent-sdk (Python)

Client SDK for Warden — build and sign canonical Warden delegation tokens, and route agent frameworks through the Warden MCP proxy.

Warden's identity boundary is a single signed token that says who an agent acts for (RFC 8693): sub is the accountable human, act is the nested acting chain whose leaf is the agent, and roles/attrs/rel/scope carry RBAC/ABAC/ReBAC/grant. This SDK is the convenience layer for producing that token and wiring it in. The proxy always accepts a raw conforming token with no SDK at all — this package is convenience, not a new trust surface.

Install

pip install warden-agent-sdk            # core (pure stdlib): token builder + conformance
pip install "warden-agent-sdk[jwt]"     # + asymmetric JWT signing (PyJWT)

Not on PyPI yet? Install from source until the first release:

pip install "git+https://github.com/vijayvedula/warden.git#subdirectory=sdk/python"

Build a token

from warden_sdk import TokenBuilder

tok = (
    TokenBuilder(sub="alice@example.com", agent="prod-agent")
    .via("svc-principal")                     # act chain: alice -> svc -> agent
    .role("analyst")
    .relation("can_read", "table:sales")      # ReBAC
    .grant("query_table")                     # agent's delegated scope
    .audience("warden:prod")
    .expires_in(300)
)

# Local/dev: a keyed dev envelope (verified with `--token-key`)
tok.write_dev_envelope(".warden/token.json", key="dev-secret")

# Production: a compact JWT signed by an asymmetric key (or your KMS)
from warden_sdk import JwtSigner
signer = JwtSigner.from_file("issuer_ec_priv.pem", alg="ES256", default_kid="k1")
jwt = tok.to_jwt(signer, at_jwt=True)

Identity adapters

Map a platform's native identity to canonical claims. Adapters are pure data mapping — they never sign authority themselves.

from warden_sdk.adapters import aws, databricks, google, azure

tok = aws.from_sts_session({
    "accountable": "alice@example.com",
    "session_name": "agent-session",
    "session_tags": {"team": "research"},     # STS session tags -> ABAC attrs
    "iam_roles": ["arn:aws:iam::…:role/analyst"],
    "session_policy_actions": ["query_table"],
}, agent="prod-agent", audience="warden:prod")
Adapter Native source Entry point
aws STS AssumeRole session + session tags (Bedrock AgentCore) from_sts_session
databricks on-behalf-of-user + Unity Catalog grants from_obo
google workload identity / service account (Vertex ADK / A2A) from_workload_identity
azure Entra ID managed identity + OBO from_entra_obo

Orchestration shims

Point an agent framework's MCP client at warden proxy instead of the tool server — no other agent code changes.

from warden_sdk import ProxyConfig
from warden_sdk.orchestration import langgraph as wl
from langchain_mcp_adapters.client import MultiServerMCPClient

cfg = ProxyConfig(upstream="python3 tools_server.py", agent="prod-agent",
                  token=".warden/token.json", audience="warden:prod")
client = MultiServerMCPClient(wl.warden_mcp_servers(cfg))
tools = await client.get_tools()   # discovered THROUGH Warden

warden_sdk.orchestration.google_adk provides the equivalent for the Google ADK MCP toolset.

Conformance

A token is conformant iff it passes warden token verify — the exact check the proxy runs. The kit shells out to the real binary so first-party and community adapters are verifiable against ground truth:

from warden_sdk import TokenBuilder, verify_token

env = TokenBuilder(sub="alice", agent="prod-agent").audience("warden:prod") \
    .dev_envelope(key="dev-secret")
verify_token(env, agent="prod-agent", audience="warden:prod",
             token_key="dev-secret").raise_for_status()

Develop

pip install -e ".[dev]"
cargo build            # from the repo root, so the conformance tests find `warden`
pytest
ruff check .

Source-available under the Functional Source License 1.1 (FSL-1.1-ALv2) — free for any use except a Competing Use; each version becomes Apache-2.0 two years after release. See LICENSE.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

warden_agent_sdk-0.1.0.tar.gz (20.9 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

warden_agent_sdk-0.1.0-py3-none-any.whl (25.0 kB view details)

Uploaded Python 3

File details

Details for the file warden_agent_sdk-0.1.0.tar.gz.

File metadata

  • Download URL: warden_agent_sdk-0.1.0.tar.gz
  • Upload date:
  • Size: 20.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.9.6

File hashes

Hashes for warden_agent_sdk-0.1.0.tar.gz
Algorithm Hash digest
SHA256 9199cee99129314cec5fb31ed39086f097c22b98f3efcb38b5b616cdc26d8c63
MD5 035f4d193ffc7a231bc68d3ed490349c
BLAKE2b-256 5c8744fb888c9ab21021829ec96fa8e385ffdb56185c99637db544bc839e92fd

See more details on using hashes here.

File details

Details for the file warden_agent_sdk-0.1.0-py3-none-any.whl.

File metadata

File hashes

Hashes for warden_agent_sdk-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 c119752e8c89d1f9ad83d5f993b32489ed0d5f608492bbb8856cc1187da68cc3
MD5 4c1340c47c23c12ed198cfa1763b2f90
BLAKE2b-256 815841346dd4390633337c90e50766651e2902f04b437338f424e8552ccd1442

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page