Integration Guide

Get AgentGate running in your project in under 5 minutes.

Full source on GitHub

Prerequisites

  • Python 3.10 or higher
  • AgentGate server running (self-hosted or cloud)
  • An API key (or run in development mode without one)

1. Installation

terminalbash
pip install agentgate-pdp

To run the AgentGate server locally:

terminalbash
git clone https://github.com/ElamOlame31/agentgate-public
cd agentgate-public
pip install -r requirements.txt
python run.py

2. Register your agent

Registration declares the agent's identity, purpose, and authorized scope. AgentGate uses this declaration to verify every subsequent action. The declared_purpose string is embedded at registration and compared against every action via cosine similarity.

register.pypython
from agentgate import AgentGate

gate = AgentGate("http://localhost:8000", api_key="your-key")

# Register the agent with its declared scope
gate.register(
    agent_id="report_bot_001",
    name="ReportBot",
    declared_purpose="Read and summarize quarterly business reports for the executive team",
    authorized_resources=["/reports/*", "/documents/public/*"],
    authorized_actions=["read", "search"],
    delegation_depth=0,              # 0 = not a sub-agent
    processes_external_content=False,# True = enable prompt injection scanning
    requires_human_approval=False,   # True = always ESCALATE to human
)

3. Authorize before each action

Call gate.authorize() before any sensitive operation. The SDK raises AgentGateDenied on DENY so the operation never executes. Use the decorator or context manager for cleaner integration.

authorize.pypython
from agentgate.exceptions import AgentGateDenied, AgentGateEscalated

# Basic authorization check
result = gate.authorize(
    action="read",
    resource="/reports/q3.pdf",
    justification="User requested Q3 quarterly summary",
)

print(result["decision"])          # "PERMIT" | "ESCALATE" | "DENY"
print(result["trust_breakdown"])   # {"identity": 0.92, "delegation": 1.0, "purpose": 0.87, "behavioral": 0.95}
print(result["explanation"])       # Human-readable reasoning string
print(result["attack_flags"])      # [] or ["HIGH_VELOCITY", "SCOPE_VIOLATION", ...]

# Exception-based pattern
try:
    gate.authorize("read", "/confidential/salary.txt")
except AgentGateDenied as e:
    print(f"Denied: {e}")
    # Agent never reads the file

# Decorator pattern — cleaner for wrapping existing functions
@gate.guard("read", resource_arg="path")
def read_document(path: str) -> str:
    return open(path).read()  # only runs if PERMIT

# Context manager pattern
with gate.operation("delete", "/temp/export.csv"):
    os.remove("/temp/export.csv")  # only runs if PERMIT

# Async version (for LangGraph, CrewAI, AutoGen)
from agentgate import AsyncAgentGate

async def main():
    agate = AsyncAgentGate("http://localhost:8000", api_key="your-key")
    await agate.register("async_bot", "AsyncBot", "Process reports", ["/reports/*"], ["read"])
    result = await agate.authorize("read", "/reports/q4.pdf")

# Content scanning (prompt injection detection)
scan = gate.scan(email_body)
if scan["level"] == "injection":
    raise ValueError(f"Injection detected: {scan['evidence']}")

4. LangChain integration

AgentGateToolkit wraps your LangChain tools transparently. The agent framework sees normal LangChain tools — but every call is intercepted.

langchain-integration.pypython
from integrations.langchain_agentgate import AgentGateToolkit
from langchain_core.tools import tool
from langchain_anthropic import ChatAnthropic
from langgraph.prebuilt import create_react_agent

# Define your tools as normal
@tool
def read_document(path: str) -> str:
    """Read a document from the company file system."""
    return open(path).read()

@tool
def list_documents(directory: str) -> str:
    """List all documents in a directory."""
    import os
    return str(os.listdir(directory))

# AgentGateToolkit registers the agent AND wraps tools in one call
toolkit = AgentGateToolkit(
    agentgate_url="http://localhost:8000",
    agent_id="langchain_report_bot",
    name="LangChainReportBot",
    declared_purpose="Read and summarize quarterly business reports for the executive team",
    authorized_resources=["/documents/*"],
    authorized_actions=["read", "search"],
    api_key="your-key",
)

# wrap() returns drop-in replacements — every call goes through AgentGate
safe_tools = toolkit.wrap([read_document, list_documents])

llm = ChatAnthropic(model="claude-haiku-4-5-20251001", max_tokens=512)
agent = create_react_agent(llm, safe_tools)

# Run the agent — tool calls are intercepted transparently
result = agent.invoke({
    "messages": [{"role": "user", "content": "Summarize Q3 and Q4 reports"}]
})

5. AutoGen integration

autogen-integration.pypython
# AutoGen integration — similar pattern
from integrations.autogen_agentgate import AgentGateToolkit as AutoGenToolkit

toolkit = AutoGenToolkit(
    agentgate_url="http://localhost:8000",
    agent_id="autogen_bot_001",
    name="AutoGenResearchBot",
    declared_purpose="Research and summarize public financial reports",
    authorized_resources=["/public/*"],
    authorized_actions=["read", "search"],
    api_key="your-key",
)
# Wrap your AutoGen tools the same way

Exception reference

AgentGateDenied

Raised when decision is DENY (if raise_on_deny=True). Contains action, resource, explanation.

AgentGateEscalated

Raised when decision is ESCALATE (if raise_on_escalate=True).

AgentGateNotRegistered

Raised if .authorize() is called before .register().

AgentGatePending

Raised when decision is PENDING and auto_resolve_pending=False.

AgentGateUnavailable

Raised if the AgentGate server is unreachable.

Full documentation, changelog, and source code on GitHub.

ElamOlame31/agentgate-public