Identity & authorisation infrastructure for AI agents — install once, discover every agent, authorise every action.
Project description
Xybern
Identity & authorisation infrastructure for AI agents. Install once — Xybern discovers every AI agent in your system, gives each a cryptographic identity, and (when you turn enforcement on) authorises every action before it executes.
pip install xybern
xybern login # browser device-code flow (auto-links your workspace)
from xybern import auto
auto.connect() # discovers frameworks + agents + tools, registers them, instruments them
✓ Detected frameworks: CrewAI, LangGraph, 2 MCP servers
✓ Found 12 agents · 48 tools
✓ Registered to workspace "Acme Corp" (each issued a cryptographic identity)
✓ Mode: OBSERVE — actions logged, nothing blocked yet
What it does
- Auto-discovery — detects and instruments LangChain, CrewAI, OpenAI Agents SDK, MCP servers, LangGraph, AutoGen, Semantic Kernel, LlamaIndex (and FastAPI/Celery). No manual wiring; agents appear in your Xybern dashboard as your app creates them.
- Cryptographic identity — every discovered agent is registered and issued an identity, so its actions are attributable and signable.
- Authorisation before execution — each tool/agent action passes through Xybern's
policy engine;
allow/block/escalate. - Observe-first & fail-open — default mode only logs (never blocks). When you switch to enforce, the SDK fails open if Xybern is unreachable, so it can't take your agents down.
- Privacy — sends content hashes by default, not raw payloads.
Modes
auto.connect() # OBSERVE (default): log + inventory, never blocks
auto.connect(mode="enforce") # authorise actions (allow/block/escalate)
or persist it: xybern enforce on / xybern enforce off.
CLI
xybern login [--api-key xb_...] # device-code flow, or paste a key / set XYBERN_API_KEY
xybern agents # dry-run: what would be discovered
xybern status
xybern enforce on|off
xybern logout
Auth options
- Device code —
xybern loginopens a browser; approve + pick a workspace; a scoped key is minted and stored in~/.xybern/credentials.json. - API key —
xybern login --api-key xb_..., orexport XYBERN_API_KEY=xb_..., orauto.connect(api_key="xb_...").
Configuration
| Option | Default | Meaning |
|---|---|---|
mode |
observe |
observe (log only) or enforce (act on decisions) |
fail_open |
True |
allow actions through if Xybern is unreachable (enforce mode) |
redact |
True |
send content hashes instead of raw content |
frameworks |
all | restrict to specific frameworks |
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file xybern-2.0.0.tar.gz.
File metadata
- Download URL: xybern-2.0.0.tar.gz
- Upload date:
- Size: 14.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
16a779cfd7ca88472fb4e4218497849566c8c47efb2418791adf766916428bce
|
|
| MD5 |
7add00f06d33f5b8da26b26511ed44fa
|
|
| BLAKE2b-256 |
0e5adcd4230b2732fc985596ab51f5971fcf1f4c4c0a18d3903ce41cd31cc7de
|
File details
Details for the file xybern-2.0.0-py3-none-any.whl.
File metadata
- Download URL: xybern-2.0.0-py3-none-any.whl
- Upload date:
- Size: 16.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
c39fb9ba1b997a63e2357a513b939886dd4d794683a19f8ec65f95c1b9a85b09
|
|
| MD5 |
b49484aaf42d63d035bf5351c7a45224
|
|
| BLAKE2b-256 |
561efac35e62da74805c2e2809c5d9e447587b9ca1401c7b1ef39edc493237af
|