pip install agentveil

PyPI: agentveil | API: agentveil.dev | Network: Live Network

Why agent trust infrastructure matters — verified CVEs, market data, and the structural problem AgentVeil addresses.

AVPProvider merged into Microsoft Agent Governance Toolkit (PR #1010). AgentVeil is available as an external trust provider for Microsoft AGT / AgentMesh.

Paper: Boiko, O. (2026). Why AI Agent Reputation Needs Both Link Analysis and Flow-Based Gating. Zenodo.

Visual overview: preflight → runtime gate → approval → controlled execution → offline proof.

Proof Pack walkthrough: examples/proof_pack/ — annotated local-backend reputation evidence flow: score recompute → trust-check deny → webhook alert → audit chain verification.

Controlled-action proof packets: Runtime Gate flows can export signed proof packets with agent.build_proof_packet(...); see Customer Integration.

from datetime import timedelta
from agentveil import AVPAgent

owner = AVPAgent.create(mock=True, name="workflow-owner")
agent = AVPAgent.create(mock=True, name="demo-agent")
agent.register(display_name="Demo Agent")

delegation = owner.issue_delegation_receipt(
    agent_did=agent.did,
    allowed_categories=["deploy"],
    valid_for=timedelta(minutes=15),
)
print(agent.verify_delegation_receipt(delegation)["valid"])

Quick Start

Run locally — no server required

from datetime import timedelta
from agentveil import AVPAgent

owner = AVPAgent.create(mock=True, name="workflow-owner")
agent = AVPAgent.create(mock=True, name="demo-agent")
agent.register(display_name="Test Agent")

delegation = owner.issue_delegation_receipt(
    agent_did=agent.did,
    allowed_categories=["deploy"],
    valid_for=timedelta(minutes=15),
)
verification = agent.verify_delegation_receipt(delegation)

print("delegation valid:", verification["valid"])
print("scope:", verification["scope"][0]["value"])

For production identity, Runtime Gate, approvals, and signed receipts, see Customer Integration.

Production integration shape

from agentveil import AVPAgent

agent = AVPAgent.load("https://agentveil.dev", "my-agent")

report = agent.integration_preflight()
if not report.ready:
    raise RuntimeError(report.next_action)

outcome = agent.controlled_action(
    action="deploy.release",
    resource="service:critical-workflow",
    environment="production",
    delegation_receipt=delegation_receipt,  # issued by the workflow owner
)

if outcome.status == "approval_required":
    wait_for_principal_approval(outcome.approval_id)
elif outcome.status == "executed":
    store(outcome.receipt_jcs)
elif outcome.status == "blocked":
    raise RuntimeError(outcome.reason)

Verify trust offline — no SDK required

# Get a W3C Verifiable Credential (VC v2.0)
curl https://agentveil.dev/v1/reputation/{agent_did}/credential?format=w3c

The response is a standard W3C VC with a DataIntegrityProof (eddsa-jcs-2022). Verify it with any VC library — Veramo, SpruceID, Digital Bazaar, or your own Ed25519 implementation. No AgentVeil SDK needed.

# Or verify with the SDK:
cred = agent.get_reputation_credential(format="w3c")
assert AVPAgent.verify_w3c_credential(cred)  # offline, no API call

---

Why This Exists

AI agents increasingly hold direct access to production credentials, deploy workflows, and developer infrastructure. AgentVeil provides three things:

1. Pre-runtime checks — find risky agent capabilities (bypass paths, exposed credentials, missing approvals) before they reach production
2. Runtime gating — evaluate risky actions before execution, route through signed approval when needed
3. Verifiable evidence — produce signed receipts your audit / customer / partner can verify offline, no SDK or AVP API required

See Security Context for verified CVEs, market data, and the structural problem AgentVeil addresses.

---

Comparison

	Without AgentVeil	With AgentVeil
Risky capability discovery	Found in incident review	Pre-runtime posture check finds bypass paths, exposed credentials, missing approvals
Risky action execution	Agent calls deploy / transfer / delete directly	Evaluated before execution → allow / approval_required / block
Approval on critical steps	Rubber-stamped or skipped	Signed approval receipt — single-use, expiring, bound to exact action/resource/env
Audit evidence	"Agent triggered X" in app logs	Signed receipt with action hash, decision hash, approval hash, timestamp — verifiable offline by audit / customer / partner

---

Decision Inputs (advisory)

These advisory APIs feed the Runtime Gate's risk assessment. They inform action gating decisions but do not grant execution authority on their own.

For advisory selection and existing integrations, the SDK also includes:

• can_trust(...) — advisory score, tier, risk, and explanation before delegation
• @avp_tracked(...) — decorator for auto-registering and attesting local work
• Framework tools such as AVPReputationTool, avp_should_delegate(...), and avp_tool_definitions()

from agentveil import AVPAgent, avp_tracked

agent = AVPAgent.load("https://agentveil.dev", "my-agent")
decision = agent.can_trust("did:key:z6Mk...", min_tier="trusted")
print(decision["allowed"], decision["reason"])

@avp_tracked("https://agentveil.dev", name="reviewer", to_did="did:key:z6Mk...")
def review_code(pr_url: str) -> str:
    return analysis

---

Features

Action control surface

• Posture Checks — inspect agent identity, status (active/suspended), and reputation signals before runtime
• Runtime Gate — evaluate risky actions before execution and return allow / approval required / block
• Signed Receipts — keep tamper-evident proof for gate decisions, approvals, and execution
• W3C VC v2.0 Credentials — export offline-verifiable credentials with eddsa-jcs-2022 Data Integrity proofs
• Webhook Alerts — score-change notifications to any HTTP endpoint (setup guide)
• Framework Integrations — SDK tools for CrewAI, LangGraph, AutoGen, OpenAI, Claude MCP, Paperclip, and more

Supporting signals (advisory)

• Reputation Signals — peer attestations, confidence scoring, and advisory trust checks
• Agent Discovery — publish capability cards and find agents by skill and reputation
• Dispute & Review Support — attach evidence and review contested attestations

---

Integrations

Stack	Install	Integration surface
Any Python	pip install agentveil	AVPAgent, integration_preflight(), controlled_action(), build_proof_packet()
CrewAI	pip install agentveil crewai	AVPReputationTool, AVPDelegationTool, AVPAttestationTool
LangGraph	pip install agentveil langgraph	ToolNode([avp_check_reputation, avp_should_delegate, avp_log_interaction])
AutoGen	pip install agentveil autogen-core	avp_reputation_tools()
OpenAI	pip install agentveil openai	avp_tool_definitions() + handle_avp_tool_call(...) from agentveil.tools.openai
MCP clients	pip install 'agentveil[mcp]'	agentveil-mcp for Claude Desktop, Cursor, Windsurf, and VS Code (docs)
Gemini	pip install agentveil google-generativeai	Function-calling example: examples/gemini_example.py
PydanticAI	pip install agentveil pydantic-ai	Tool example: examples/pydantic_ai_example.py
Paperclip	pip install agentveil	avp_should_delegate(...), avp_evaluate_team(...), avp_plugin_tools()
AWS Bedrock	pip install agentveil boto3	Converse API example: examples/aws_bedrock.py
Microsoft AGT / AgentMesh	pip install agentmesh-avp	AVPProvider package for Agent Governance Toolkit / AgentMesh integration

Full integration guides: docs/INTEGRATIONS.md

---

Batch Attestations

Attestations from peer agents build reputation history that feeds future Runtime Gate decisions.

Submit up to 50 attestations in a single request. Each is validated independently — partial success is possible.

results = agent.attest_batch([
    {"to_did": "did:key:z6MkAgent1...", "outcome": "positive", "weight": 0.9, "context": "code_review"},
    {"to_did": "did:key:z6MkAgent2...", "outcome": "negative", "weight": 0.7, "evidence_hash": "sha256hex..."},
    {"to_did": "did:key:z6MkAgent3...", "outcome": "positive"},
])
print(results["succeeded"], results["failed"])  # 3, 0

Each attestation is individually signed with Ed25519. Optional fields: context, evidence_hash, is_private, interaction_id.

---

Security

• Ed25519 signature authentication with nonce anti-replay
• W3C did:key identity with Ed25519 keys for portable agent identity
• Input validation for signed SDK/API requests
• Agent status checks for active, suspended, revoked, or migrated identities
• Audit trail — SHA-256 hash-chained events with optional IPFS anchoring for published proof artifacts

---

Documentation

Doc	Description
API Reference	Full SDK method reference with examples
Customer Integration	Controlled-action flow, secrets, errors, and compliance evidence
Integrations	Framework-specific setup guides
Webhook Alerts	Push notification setup
Protocol Spec	AgentVeil wire format and authentication
Security Context	Why agent trust matters — CVEs and market data
Changelog	Version history

---

Examples

Example	Description
first_controlled_action.py	Action control demo — preflight → Runtime Gate → approval routing → signed receipt
proof_pack/	Evidence walkthrough — score recompute → trust-check deny → webhook alert → audit chain verification. Local backend required.
standalone_demo.py	Reputation flow demo — registration, peer attestations, scoring (mock mode, no server)
quickstart.py	Register, publish card, check reputation
two_agents.py	Full A2A interaction with attestations
verify_credential_standalone.py	Offline credential verification (no SDK needed)

Framework examples: CrewAI · LangGraph · AutoGen · OpenAI · Claude MCP · Paperclip

---

Community

• ⭐ Star this repo — helps others discover AgentVeil
• 🐛 Open an issue — bugs, questions, feature requests
• 📖 Customer Integration guide — production setup

---

License

MIT — see LICENSE.