XAT signing for LangChain -- every tool call gets an Agent-Signature header. OpenAPI x-agent-trust.
Project description
xat-langchain
XAT signing for LangChain. Every tool call gets an Agent-Signature header.
Based on the x-agent-trust extension in the OpenAPI Extensions Registry.
Install
pip install xat-langchain
Usage
Wrap existing tools
from xat_langchain import XATToolkit
toolkit = XATToolkit(key_file="agent.pem", agent_id="my-agent")
signed_tools = toolkit.wrap(existing_tools)
# Every HTTP call these tools make now carries Agent-Signature
agent = create_react_agent(llm, signed_tools)
Decorator
from xat_langchain import xat_tool
import requests
@xat_tool(key_file="agent.pem", agent_id="my-agent")
def search(query: str) -> str:
return requests.get(f"https://api.example.com/search?q={query}").text
With AWS KMS (production)
import boto3
kms = boto3.client("kms", region_name="eu-west-2")
async def kms_sign(data: bytes) -> bytes:
import hashlib
digest = hashlib.sha256(data).digest()
response = kms.sign(
KeyId="arn:aws:kms:eu-west-2:123456:key/abcd",
Message=digest,
MessageType="DIGEST",
SigningAlgorithm="ECDSA_SHA_256"
)
return response["Signature"]
toolkit = XATToolkit(kms_sign=kms_sign, agent_id="prod-agent")
Audit trail
from xat_langchain import XATCallbackHandler
handler = XATCallbackHandler()
agent.invoke({"input": "..."}, config={"callbacks": [handler]})
print(handler.signed_calls)
What it does
- Wraps LangChain tool HTTP calls with automatic
Agent-Signaturesigning - ECDSA P-256 (ES256) over a canonical request string
- Private key never enters memory when using KMS providers
- Works with any LangChain tool that makes HTTP requests
Links
Author
Raza Sharif, CyberSecAI Ltd
License
Apache-2.0
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
xat_langchain-0.1.0.tar.gz
(5.4 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file xat_langchain-0.1.0.tar.gz.
File metadata
- Download URL: xat_langchain-0.1.0.tar.gz
- Upload date:
- Size: 5.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
d49439b81f1763984a380cb2e8d1f2ecef8f597bae5710b855328f6cd9fa4fbf
|
|
| MD5 |
b085e1ba36fbd711299bc8da4b5bbf2a
|
|
| BLAKE2b-256 |
7ebb9b70ad0a616fbfa0a02a1dcadc82611ec575becdbec9163ea97248ed9536
|
File details
Details for the file xat_langchain-0.1.0-py3-none-any.whl.
File metadata
- Download URL: xat_langchain-0.1.0-py3-none-any.whl
- Upload date:
- Size: 6.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
aa60bdbe7fc3c949a21c0ef302a01bdc8907be4c193f9f78de0c3e708150c626
|
|
| MD5 |
74dd52f49bcb6bd8261cdbae4d5321d1
|
|
| BLAKE2b-256 |
a1faeca01a1d7338cd5bd7f76f992845812ae5acba2149bab60a8f883565a088
|
