Skip to main content

Identity & authorisation infrastructure for AI agents — install once, discover every agent, authorise every action.

Project description

Xybern

Identity & authorisation infrastructure for AI agents. Install once — Xybern discovers every AI agent in your system, gives each a cryptographic identity, and (when you turn enforcement on) authorises every action before it executes.

pip install xybern
xybern login          # browser device-code flow (auto-links your workspace)
from xybern import auto
auto.connect()        # discovers frameworks + agents + tools, registers them, instruments them
✓ Detected frameworks: CrewAI, LangGraph, 2 MCP servers
✓ Found 12 agents · 48 tools
✓ Registered to workspace "Acme Corp" (each issued a cryptographic identity)
✓ Mode: OBSERVE — actions logged, nothing blocked yet

Where to add it

Add these two lines once, at your app's startup — before your agents run. That's the whole integration.

from xybern import auto
auto.connect()
# ... then your normal code: build agents, run the crew/graph, serve, etc.
Your setup Where to put it
Agent script (CrewAI / LangChain / OpenAI Agents / LlamaIndex) Top of your main file, before creating agents
FastAPI Right after app = FastAPI()
Celery In the Celery app module (runs in each worker)
MCP server Top of the server entry, before serving tools
Django An AppConfig.ready() or wsgi.py
Jupyter First cell

Multi-process (gunicorn / multiple Celery workers): run it in the module each worker imports, so every process is covered.

What it does

  • Auto-discovery — detects and instruments LangChain, CrewAI, OpenAI Agents SDK, MCP servers, LangGraph, AutoGen, Semantic Kernel, LlamaIndex (and FastAPI/Celery). No manual wiring; agents appear in your Xybern dashboard as your app creates them.
  • Cryptographic identity — every discovered agent is registered and issued an identity, so its actions are attributable and signable.
  • Authorisation before execution — each tool/agent action passes through Xybern's policy engine; allow / block / escalate.
  • Observe-first & fail-open — default mode only logs (never blocks). When you switch to enforce, the SDK fails open if Xybern is unreachable, so it can't take your agents down.
  • Privacy — sends content hashes by default, not raw payloads.

Modes

auto.connect()                 # OBSERVE (default): log + inventory, never blocks
auto.connect(mode="enforce")   # authorise actions (allow/block/escalate)

or persist it: xybern enforce on / xybern enforce off.

CLI

xybern login [--api-key xb_...]   # device-code flow, or paste a key / set XYBERN_API_KEY
xybern agents                     # dry-run: what would be discovered
xybern doctor                     # per-framework enforcement coverage
xybern status
xybern enforce on|off
xybern logout

Auth options

  1. Device codexybern login opens a browser; approve + pick a workspace; a scoped key is minted and stored in ~/.xybern/credentials.json.
  2. API keyxybern login --api-key xb_..., or export XYBERN_API_KEY=xb_..., or auto.connect(api_key="xb_...").

Configuration

Option Default Meaning
mode observe observe (log only) or enforce (act on decisions)
fail_open True allow actions through if Xybern is unreachable (enforce mode)
redact True send content hashes instead of raw content
frameworks all restrict to specific frameworks

Docs: https://docs.xybern.com/authorization/sdk

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

xybern-2.1.0.tar.gz (20.4 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

xybern-2.1.0-py3-none-any.whl (18.9 kB view details)

Uploaded Python 3

File details

Details for the file xybern-2.1.0.tar.gz.

File metadata

  • Download URL: xybern-2.1.0.tar.gz
  • Upload date:
  • Size: 20.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.12.3

File hashes

Hashes for xybern-2.1.0.tar.gz
Algorithm Hash digest
SHA256 245021cbbeb05dc2a4bb95846fe3e426eaafc7d92a0c439162a181520c884b54
MD5 4a6369baf07beb06ae8b01dddd360172
BLAKE2b-256 f983d31203f58f703c2a0f8b01d770b69420719ed50d69e4daba5d68188ffa31

See more details on using hashes here.

File details

Details for the file xybern-2.1.0-py3-none-any.whl.

File metadata

  • Download URL: xybern-2.1.0-py3-none-any.whl
  • Upload date:
  • Size: 18.9 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.12.3

File hashes

Hashes for xybern-2.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 d36bb1938cd98783cc6c826171776982b98b2fd8733b1bd136ef9146853e982b
MD5 0070b700bdeae5f00f4cbcb91af872b7
BLAKE2b-256 83b2ab631af96b945b18763702778ac1c70a3a8833ae117f979da2aa24f7afe6

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page