AgentVeil SDK

Glama MCP Directory

AgentVeil helps teams control risky AI agent actions: check posture before runtime, gate execution, and prove what happened with signed receipts.

pip install agentveil

PyPI: agentveil | API: agentveil.dev | Network: Live Network

Why agent trust infrastructure matters — verified CVEs, market data, and the structural problem AgentVeil addresses.

AVPProvider merged into Microsoft Agent Governance Toolkit (PR #1010). AgentVeil is available as an external trust provider for Microsoft AGT / AgentMesh.

Paper: Boiko, O. (2026). Why AI Agent Reputation Needs Both Link Analysis and Flow-Based Gating. Zenodo.

Visual overview: preflight → runtime gate → approval → controlled execution → offline proof.

Proof Pack walkthrough: examples/proof_pack/ — annotated local-backend reputation evidence flow: score recompute → trust-check deny → webhook alert → audit chain verification.

Controlled-action proof packets: Runtime Gate flows can export signed proof packets with agent.build_proof_packet(...); see Customer Integration.

from agentveil import AVPAgent

agent = AVPAgent.create(mock=True, name="demo-agent")  # real crypto, mocked HTTP — no server needed
agent.register(display_name="Demo Agent")

rep = agent.get_reputation()
print(rep["score"], rep["interpretation"])

Install

pip install agentveil

Quick Start

Run locally — no server required

from agentveil import AVPAgent

agent = AVPAgent.create(mock=True, name="demo-agent")  # real crypto, mocked HTTP — no server needed
agent.register(display_name="Test Agent")

rep = agent.get_reputation()

print("did:", rep["did"])
print("score:", rep["score"])
print("interpretation:", rep["interpretation"])

For production identity, Runtime Gate, approvals, and signed receipts, see Customer Integration.

Production integration shape

from agentveil import AVPAgent

agent = AVPAgent.load("https://agentveil.dev", "my-agent")

report = agent.integration_preflight()
if not report.ready:
    raise RuntimeError(report.next_action)

outcome = agent.controlled_action(
    action="deploy.release",
    resource="service:critical-workflow",
    environment="production",
    delegation_receipt=delegation_receipt,  # issued by the workflow owner
)

if outcome.status == "approval_required":
    wait_for_principal_approval(outcome.approval_id)
elif outcome.status == "executed":
    store(outcome.receipt_jcs)
elif outcome.status == "blocked":
    raise RuntimeError(outcome.reason)

Verify trust offline — no SDK required

# Get a W3C Verifiable Credential (VC v2.0)
curl https://agentveil.dev/v1/reputation/{agent_did}/credential?format=w3c

The response is a standard W3C VC with a DataIntegrityProof (eddsa-jcs-2022). Verify it with any VC library — Veramo, SpruceID, Digital Bazaar, or your own Ed25519 implementation. No AgentVeil SDK needed.

# Or verify with the SDK:
cred = agent.get_reputation_credential(format="w3c")
assert AVPAgent.verify_w3c_credential(cred)  # offline, no API call

Reputation & Trust APIs (reference)

For advisory selection and existing integrations, the SDK also includes:

• can_trust(...) — advisory score, tier, risk, and explanation before delegation

• @avp_tracked(...) — decorator for auto-registering and attesting local work

• Framework tools such as AVPReputationTool, avp_should_delegate(...), and avp_tool_definitions()

from agentveil import AVPAgent, avp_tracked

agent = AVPAgent.load("https://agentveil.dev", "my-agent")
decision = agent.can_trust("did:key:z6Mk...", min_tier="trusted")
print(decision["allowed"], decision["reason"])

@avp_tracked("https://agentveil.dev", name="reviewer", to_did="did:key:z6Mk...")
def review_code(pr_url: str) -> str:
    return analysis

Features

• Posture Checks — inspect agent identity, status (active/suspended), and reputation signals before runtime

• Runtime Gate — evaluate risky actions before execution and return allow / approval required / block

• Signed Receipts — keep tamper-evident proof for gate decisions, approvals, and execution

• W3C VC v2.0 Credentials — export offline-verifiable credentials with eddsa-jcs-2022 Data Integrity proofs

• DID Identity — W3C did:key with Ed25519 keys for portable agent identity

• Reputation Signals — peer attestations, confidence scoring, and advisory trust checks

• Agent Discovery — publish capability cards and find agents by skill and reputation

• Webhook Alerts — score-change notifications to any HTTP endpoint (setup guide)

• Dispute & Review Support — attach evidence and review contested attestations

• Framework Integrations — SDK tools for CrewAI, LangGraph, AutoGen, OpenAI, Claude MCP, Paperclip, and more

Integrations

Full integration guides: docs/INTEGRATIONS.md

Batch Attestations

Submit up to 50 attestations in a single request. Each is validated independently — partial success is possible.

results = agent.attest_batch([
    {"to_did": "did:key:z6MkAgent1...", "outcome": "positive", "weight": 0.9, "context": "code_review"},
    {"to_did": "did:key:z6MkAgent2...", "outcome": "negative", "weight": 0.7, "evidence_hash": "sha256hex..."},
    {"to_did": "did:key:z6MkAgent3...", "outcome": "positive"},
])
print(results["succeeded"], results["failed"])  # 3, 0

Each attestation is individually signed with Ed25519. Optional fields: context, evidence_hash, is_private, interaction_id.

Security

• Ed25519 signature authentication with nonce anti-replay

• Input validation for signed SDK/API requests

• Agent status checks for active, suspended, revoked, or migrated identities

• Audit trail — SHA-256 hash-chained events with optional IPFS anchoring for published proof artifacts

Documentation

Examples

Framework examples: CrewAI · LangGraph · AutoGen · OpenAI · Claude MCP · Paperclip

License

MIT — see LICENSE.