aegis-langchain 1.0.0__tar.gz

aegis_langchain-1.0.0/LICENSE

@@ -0,0 +1,201 @@
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for describing the origin of the Work and
+      reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may accept warranty
+      and/or charge a fee for support, warranty, indemnity, or other
+      liability obligations and/or rights consistent with this License.
+      However, in accepting such obligations, You may act only on Your
+      own behalf and on Your sole responsibility, not on behalf of any
+      other Contributor, and only if You agree to indemnify, defend,
+      and hold each Contributor harmless for any liability incurred by,
+      or claims asserted against, such Contributor by reason of your
+      accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright 2026 Abhishek Mishra
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

aegis_langchain-1.0.0/PKG-INFO

@@ -0,0 +1,94 @@
+Metadata-Version: 2.4
+Name: aegis-langchain
+Version: 1.0.0
+Summary: LangChain governance middleware for Aegis ACP
+Author: Aegis ACP
+Keywords: ai,governance,langchain,security,aegis
+Classifier: Development Status :: 4 - Beta
+Classifier: Intended Audience :: Developers
+Classifier: Topic :: Security
+Classifier: Programming Language :: Python :: 3
+Requires-Python: >=3.10
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: httpx>=0.25
+Provides-Extra: langchain
+Requires-Dist: langchain-core>=0.1; extra == "langchain"
+Dynamic: author
+Dynamic: classifier
+Dynamic: description
+Dynamic: description-content-type
+Dynamic: keywords
+Dynamic: license-file
+Dynamic: provides-extra
+Dynamic: requires-dist
+Dynamic: requires-python
+Dynamic: summary
+
+# aegis-langchain
+
+> Drop-in LangChain middleware that routes every tool invocation through Aegis's runtime governance pipeline before execution.
+
+[![PyPI](https://img.shields.io/badge/pypi-aegis--langchain-blue)](https://pypi.org/project/aegis-langchain/)
+[![Python](https://img.shields.io/badge/python-3.10%2B-blue)]()
+[![License](https://img.shields.io/badge/license-Apache--2.0-green)]()
+
+```bash
+pip install aegis-langchain
+```
+
+## What it does
+
+Wraps a LangChain agent (`AgentExecutor` / `Runnable`) so every tool the agent decides to call is **pre-checked by Aegis** (`POST /execute`) before the tool actually runs. Blocked calls return a descriptive message back to the agent loop; allowed calls pass through unchanged.
+
+Aegis decides what to block based on **action semantics** — the `DROP TABLE`, `rm -rf`, `kubectl delete`, external-PII-egress patterns in `services/policy/policies/action_semantics_deny.rego`. The deny is earned from the content of the action, not from a hardcoded "critical" tag on the agent. So a buyer flipping the agent's risk level can't accidentally bypass it.
+
+Every check produces a signed audit row in the Aegis chain. Verify any of them offline with `aegis-verify` (the `tools/aegis_verify/` CLI).
+
+## Three-line install
+
+```python
+from aegis_langchain import AegisMiddleware
+
+agent = AegisMiddleware(
+    my_langchain_agent,
+    api_key="acp_...",        # or AEGIS_API_KEY env var
+    aegis_url="https://ha.aegisagent.in",   # or AEGIS_URL env
+    tenant_id="00000000-0000-0000-0000-000000000001",
+    agent_id="<your-agent-uuid>",
+)
+
+result = agent.invoke({"input": "analyze the customer table and clean up old rows"})
+# Each tool invocation is pre-checked. Blocked tools return a message
+# explaining the deny; the agent reasons over it like any other tool
+# observation.
+```
+
+Works with any LangChain agent that uses tools (`AgentExecutor`, structured-chat agents, custom runnables that invoke tools via `tool_call`).
+
+## Fail-closed by default
+
+If the Aegis gateway is unreachable, tool invocations return deny with reason `aegis_unreachable_fail_closed`. Letting unchecked calls through because the security plane was down defeats the integration's purpose.
+
+## What you can verify offline
+
+After any allowed (or denied) tool call:
+
+1. `GET /receipts/key` — ed25519 PEM
+2. `GET /compliance/export/eu-ai-act?period_start=…&period_end=…` — signed bundle
+3. `aegis-verify --bundle bundle.json` — V1–V6 checks pass without any network call back to Aegis
+
+## Requirements
+
+- Python 3.10+
+- `langchain-core>=0.1` (auto-pulled with `pip install "aegis-langchain[langchain]"`)
+
+## See also
+
+- [aegis-anthropic](https://pypi.org/project/aegis-anthropic/) — same pattern for Anthropic tool_use
+- [aegis-openai](https://pypi.org/project/aegis-openai/) — same pattern for OpenAI tool_calls
+- [Aegis live demo](https://ha.aegisagent.in/live-demo) — three real scenarios across three risk profiles
+
+## License
+
+Apache 2.0.

aegis_langchain-1.0.0/README.md

@@ -0,0 +1,67 @@
+# aegis-langchain
+
+> Drop-in LangChain middleware that routes every tool invocation through Aegis's runtime governance pipeline before execution.
+
+[![PyPI](https://img.shields.io/badge/pypi-aegis--langchain-blue)](https://pypi.org/project/aegis-langchain/)
+[![Python](https://img.shields.io/badge/python-3.10%2B-blue)]()
+[![License](https://img.shields.io/badge/license-Apache--2.0-green)]()
+
+```bash
+pip install aegis-langchain
+```
+
+## What it does
+
+Wraps a LangChain agent (`AgentExecutor` / `Runnable`) so every tool the agent decides to call is **pre-checked by Aegis** (`POST /execute`) before the tool actually runs. Blocked calls return a descriptive message back to the agent loop; allowed calls pass through unchanged.
+
+Aegis decides what to block based on **action semantics** — the `DROP TABLE`, `rm -rf`, `kubectl delete`, external-PII-egress patterns in `services/policy/policies/action_semantics_deny.rego`. The deny is earned from the content of the action, not from a hardcoded "critical" tag on the agent. So a buyer flipping the agent's risk level can't accidentally bypass it.
+
+Every check produces a signed audit row in the Aegis chain. Verify any of them offline with `aegis-verify` (the `tools/aegis_verify/` CLI).
+
+## Three-line install
+
+```python
+from aegis_langchain import AegisMiddleware
+
+agent = AegisMiddleware(
+    my_langchain_agent,
+    api_key="acp_...",        # or AEGIS_API_KEY env var
+    aegis_url="https://ha.aegisagent.in",   # or AEGIS_URL env
+    tenant_id="00000000-0000-0000-0000-000000000001",
+    agent_id="<your-agent-uuid>",
+)
+
+result = agent.invoke({"input": "analyze the customer table and clean up old rows"})
+# Each tool invocation is pre-checked. Blocked tools return a message
+# explaining the deny; the agent reasons over it like any other tool
+# observation.
+```
+
+Works with any LangChain agent that uses tools (`AgentExecutor`, structured-chat agents, custom runnables that invoke tools via `tool_call`).
+
+## Fail-closed by default
+
+If the Aegis gateway is unreachable, tool invocations return deny with reason `aegis_unreachable_fail_closed`. Letting unchecked calls through because the security plane was down defeats the integration's purpose.
+
+## What you can verify offline
+
+After any allowed (or denied) tool call:
+
+1. `GET /receipts/key` — ed25519 PEM
+2. `GET /compliance/export/eu-ai-act?period_start=…&period_end=…` — signed bundle
+3. `aegis-verify --bundle bundle.json` — V1–V6 checks pass without any network call back to Aegis
+
+## Requirements
+
+- Python 3.10+
+- `langchain-core>=0.1` (auto-pulled with `pip install "aegis-langchain[langchain]"`)
+
+## See also
+
+- [aegis-anthropic](https://pypi.org/project/aegis-anthropic/) — same pattern for Anthropic tool_use
+- [aegis-openai](https://pypi.org/project/aegis-openai/) — same pattern for OpenAI tool_calls
+- [Aegis live demo](https://ha.aegisagent.in/live-demo) — three real scenarios across three risk profiles
+
+## License
+
+Apache 2.0.

aegis_langchain-1.0.0/aegis_langchain/__init__.py

@@ -0,0 +1,224 @@
+"""
+aegis-langchain — LangChain governance middleware for Aegis ACP
+Install: pip install aegis-langchain  (or pip install -e integrations/aegis-langchain)
+
+Usage:
+    from aegis_langchain import AegisMiddleware
+
+    agent = AegisMiddleware(
+        my_langchain_agent,
+        api_key="acp_...",        # or set AEGIS_API_KEY env var
+        tenant_id="...",          # or set AEGIS_TENANT_ID env var
+        agent_id="...",           # optional
+    )
+    result = agent.invoke({"input": "analyze the /etc/passwd file"})
+    # → tool calls are checked by Aegis before execution; blocked = descriptive message
+"""
+from __future__ import annotations
+
+import functools
+import json
+import os
+from typing import Any
+
+import httpx
+
+__all__ = ["AegisMiddleware", "AegisCallbackHandler", "AegisClient"]
+
+
+class AegisClient:
+    """Thin synchronous client for the Aegis /execute governance endpoint."""
+
+    def __init__(
+        self,
+        api_key: str,
+        gateway_url: str = "https://aegisagent.in",
+        tenant_id: str = "",
+        agent_id: str = "langchain-agent",
+        timeout: float = 10.0,
+    ) -> None:
+        self._url = gateway_url.rstrip("/")
+        self._agent_id = agent_id
+        self._headers = {
+            "Authorization": f"Bearer {api_key}",
+            "X-Tenant-ID": tenant_id,
+            "X-Agent-ID": agent_id,
+            "Content-Type": "application/json",
+        }
+        self._timeout = timeout
+
+    def check(self, tool_name: str, parameters: dict[str, Any]) -> dict[str, Any]:
+        try:
+            with httpx.Client(timeout=self._timeout) as client:
+                resp = client.post(
+                    f"{self._url}/execute",
+                    headers=self._headers,
+                    json={
+                        # Canonical field names — `tool_name`/`parameters`
+                        # are accepted as a fallback but the audit row gets
+                        # logged with tool="unknown". Use the right names.
+                        "agent_id": self._agent_id,
+                        "tool":      tool_name,
+                        "arguments": parameters,
+                    },
+                )
+            if resp.status_code in (200, 403):
+                return self._normalize(resp.json())
+            # Fail CLOSED on transport / server errors.
+            return {
+                "action":   "deny",
+                "risk":     1.0,
+                "findings": [f"aegis_http_{resp.status_code}"],
+            }
+        except Exception as exc:
+            return {
+                "action":   "deny",
+                "risk":     1.0,
+                "findings": [f"aegis_error:{type(exc).__name__}"],
+            }
+
+    @staticmethod
+    def _normalize(body: dict[str, Any]) -> dict[str, Any]:
+        """Map every /execute response onto {action, risk, findings}.
+
+        Plain 200 success → unwrap data envelope. 403 with
+        `approval_required` → escalate. 403 with any other error and no
+        action field → deny + carry the error string. Anything else with
+        success=false → fail-closed deny.
+        """
+        data = body.get("data") if isinstance(body, dict) else None
+        if data is None and isinstance(body, dict) and body.get("action"):
+            data = body
+        if isinstance(data, dict) and data.get("action"):
+            return data
+        err = (body.get("error") if isinstance(body, dict) else None) or "denied"
+        action = "escalate" if "approval_required" in str(err).lower() else "deny"
+        return {"action": action, "risk": 1.0, "findings": [str(err)[:120]]}
+
+    def is_blocked(self, decision: dict[str, Any]) -> bool:
+        return decision.get("action", "deny") in (
+            "deny", "block", "policy_deny", "reject", "escalate",
+        )
+
+    def blocked_message(self, tool_name: str, decision: dict[str, Any]) -> str:
+        findings = decision.get("findings", ["policy_violation"])
+        risk = decision.get("risk", 1.0)
+        return f"[BLOCKED by Aegis] Tool '{tool_name}' denied (risk={risk:.3f}): {findings}"
+
+
+class AegisMiddleware:
+    """
+    Drop-in governance wrapper for any LangChain AgentExecutor or Runnable.
+
+    Patches every tool in the agent so each call is checked with Aegis
+    before execution. Blocked calls return a descriptive message instead
+    of running — the agent sees the block and responds appropriately.
+    """
+
+    def __init__(
+        self,
+        agent: Any,
+        api_key: str | None = None,
+        gateway_url: str | None = None,
+        tenant_id: str | None = None,
+        agent_id: str | None = None,
+        timeout: float = 10.0,
+    ) -> None:
+        self._agent = agent
+        self._client = AegisClient(
+            api_key=api_key or os.environ["AEGIS_API_KEY"],
+            gateway_url=gateway_url or os.environ.get("AEGIS_URL", "https://aegisagent.in"),
+            tenant_id=tenant_id or os.environ.get("AEGIS_TENANT_ID", ""),
+            agent_id=agent_id or os.environ.get("AEGIS_AGENT_ID", "langchain-agent"),
+            timeout=timeout,
+        )
+        self._patch_tools()
+
+    def _patch_tools(self) -> None:
+        tools = getattr(self._agent, "tools", None)
+        if not tools:
+            return
+        for tool in tools:
+            tool._run = self._make_governed_run(tool.name, tool._run)
+            if hasattr(tool, "_arun"):
+                tool._arun = self._make_governed_arun(tool.name, tool._arun)
+
+    def _make_governed_run(self, tool_name: str, original_run: Any) -> Any:
+        client = self._client
+
+        @functools.wraps(original_run)
+        def governed_run(*args: Any, **kwargs: Any) -> Any:
+            params = kwargs if kwargs else ({"args": list(args)} if args else {})
+            decision = client.check(tool_name, params)
+            if client.is_blocked(decision):
+                return client.blocked_message(tool_name, decision)
+            return original_run(*args, **kwargs)
+
+        return governed_run
+
+    def _make_governed_arun(self, tool_name: str, original_arun: Any) -> Any:
+        client = self._client
+
+        @functools.wraps(original_arun)
+        async def governed_arun(*args: Any, **kwargs: Any) -> Any:
+            params = kwargs if kwargs else ({"args": list(args)} if args else {})
+            decision = client.check(tool_name, params)
+            if client.is_blocked(decision):
+                return client.blocked_message(tool_name, decision)
+            return await original_arun(*args, **kwargs)
+
+        return governed_arun
+
+    def invoke(self, *args: Any, **kwargs: Any) -> Any:
+        return self._agent.invoke(*args, **kwargs)
+
+    def stream(self, *args: Any, **kwargs: Any) -> Any:
+        return self._agent.stream(*args, **kwargs)
+
+    async def ainvoke(self, *args: Any, **kwargs: Any) -> Any:
+        return await self._agent.ainvoke(*args, **kwargs)
+
+    async def astream(self, *args: Any, **kwargs: Any) -> Any:
+        async for chunk in self._agent.astream(*args, **kwargs):
+            yield chunk
+
+    def __getattr__(self, name: str) -> Any:
+        return getattr(self._agent, name)
+
+
+class AegisCallbackHandler:
+    """
+    LangChain callback handler for monitor-only mode (no blocking).
+    Every tool call is logged to Aegis for observability without enforcement.
+
+    Usage:
+        agent.invoke(input, config={"callbacks": [AegisCallbackHandler(api_key="acp_...")]})
+    """
+
+    def __init__(
+        self,
+        api_key: str | None = None,
+        gateway_url: str | None = None,
+        tenant_id: str | None = None,
+        agent_id: str | None = None,
+    ) -> None:
+        self._client = AegisClient(
+            api_key=api_key or os.environ["AEGIS_API_KEY"],
+            gateway_url=gateway_url or os.environ.get("AEGIS_URL", "https://aegisagent.in"),
+            tenant_id=tenant_id or os.environ.get("AEGIS_TENANT_ID", ""),
+            agent_id=agent_id or os.environ.get("AEGIS_AGENT_ID", "langchain-agent"),
+        )
+
+    def on_tool_start(self, serialized: dict, input_str: str, **_kwargs: Any) -> None:
+        tool_name = serialized.get("name", "unknown")
+        try:
+            params = json.loads(input_str) if isinstance(input_str, str) else {"input": input_str}
+        except Exception:
+            params = {"input": str(input_str)}
+        self._client.check(tool_name, params)
+
+    def on_tool_end(self, output: str, **kwargs: Any) -> None:
+        pass
+
+    def on_tool_error(self, error: Exception, **kwargs: Any) -> None:
+        pass

aegis_langchain-1.0.0/aegis_langchain.egg-info/PKG-INFO

@@ -0,0 +1,94 @@
+Metadata-Version: 2.4
+Name: aegis-langchain
+Version: 1.0.0
+Summary: LangChain governance middleware for Aegis ACP
+Author: Aegis ACP
+Keywords: ai,governance,langchain,security,aegis
+Classifier: Development Status :: 4 - Beta
+Classifier: Intended Audience :: Developers
+Classifier: Topic :: Security
+Classifier: Programming Language :: Python :: 3
+Requires-Python: >=3.10
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: httpx>=0.25
+Provides-Extra: langchain
+Requires-Dist: langchain-core>=0.1; extra == "langchain"
+Dynamic: author
+Dynamic: classifier
+Dynamic: description
+Dynamic: description-content-type
+Dynamic: keywords
+Dynamic: license-file
+Dynamic: provides-extra
+Dynamic: requires-dist
+Dynamic: requires-python
+Dynamic: summary
+
+# aegis-langchain
+
+> Drop-in LangChain middleware that routes every tool invocation through Aegis's runtime governance pipeline before execution.
+
+[![PyPI](https://img.shields.io/badge/pypi-aegis--langchain-blue)](https://pypi.org/project/aegis-langchain/)
+[![Python](https://img.shields.io/badge/python-3.10%2B-blue)]()
+[![License](https://img.shields.io/badge/license-Apache--2.0-green)]()
+
+```bash
+pip install aegis-langchain
+```
+
+## What it does
+
+Wraps a LangChain agent (`AgentExecutor` / `Runnable`) so every tool the agent decides to call is **pre-checked by Aegis** (`POST /execute`) before the tool actually runs. Blocked calls return a descriptive message back to the agent loop; allowed calls pass through unchanged.
+
+Aegis decides what to block based on **action semantics** — the `DROP TABLE`, `rm -rf`, `kubectl delete`, external-PII-egress patterns in `services/policy/policies/action_semantics_deny.rego`. The deny is earned from the content of the action, not from a hardcoded "critical" tag on the agent. So a buyer flipping the agent's risk level can't accidentally bypass it.
+
+Every check produces a signed audit row in the Aegis chain. Verify any of them offline with `aegis-verify` (the `tools/aegis_verify/` CLI).
+
+## Three-line install
+
+```python
+from aegis_langchain import AegisMiddleware
+
+agent = AegisMiddleware(
+    my_langchain_agent,
+    api_key="acp_...",        # or AEGIS_API_KEY env var
+    aegis_url="https://ha.aegisagent.in",   # or AEGIS_URL env
+    tenant_id="00000000-0000-0000-0000-000000000001",
+    agent_id="<your-agent-uuid>",
+)
+
+result = agent.invoke({"input": "analyze the customer table and clean up old rows"})
+# Each tool invocation is pre-checked. Blocked tools return a message
+# explaining the deny; the agent reasons over it like any other tool
+# observation.
+```
+
+Works with any LangChain agent that uses tools (`AgentExecutor`, structured-chat agents, custom runnables that invoke tools via `tool_call`).
+
+## Fail-closed by default
+
+If the Aegis gateway is unreachable, tool invocations return deny with reason `aegis_unreachable_fail_closed`. Letting unchecked calls through because the security plane was down defeats the integration's purpose.
+
+## What you can verify offline
+
+After any allowed (or denied) tool call:
+
+1. `GET /receipts/key` — ed25519 PEM
+2. `GET /compliance/export/eu-ai-act?period_start=…&period_end=…` — signed bundle
+3. `aegis-verify --bundle bundle.json` — V1–V6 checks pass without any network call back to Aegis
+
+## Requirements
+
+- Python 3.10+
+- `langchain-core>=0.1` (auto-pulled with `pip install "aegis-langchain[langchain]"`)
+
+## See also
+
+- [aegis-anthropic](https://pypi.org/project/aegis-anthropic/) — same pattern for Anthropic tool_use
+- [aegis-openai](https://pypi.org/project/aegis-openai/) — same pattern for OpenAI tool_calls
+- [Aegis live demo](https://ha.aegisagent.in/live-demo) — three real scenarios across three risk profiles
+
+## License
+
+Apache 2.0.

aegis_langchain-1.0.0/aegis_langchain.egg-info/SOURCES.txt

@@ -0,0 +1,9 @@
+LICENSE
+README.md
+setup.py
+aegis_langchain/__init__.py
+aegis_langchain.egg-info/PKG-INFO
+aegis_langchain.egg-info/SOURCES.txt
+aegis_langchain.egg-info/dependency_links.txt
+aegis_langchain.egg-info/requires.txt
+aegis_langchain.egg-info/top_level.txt

aegis_langchain-1.0.0/aegis_langchain.egg-info/dependency_links.txt

@@ -0,0 +1 @@
+

aegis_langchain-1.0.0/aegis_langchain.egg-info/requires.txt

@@ -0,0 +1,4 @@
+httpx>=0.25
+
+[langchain]
+langchain-core>=0.1

aegis_langchain-1.0.0/aegis_langchain.egg-info/top_level.txt

@@ -0,0 +1 @@
+aegis_langchain

aegis_langchain-1.0.0/setup.cfg

@@ -0,0 +1,4 @@
+[egg_info]
+tag_build = 
+tag_date = 0
+

aegis_langchain-1.0.0/setup.py

@@ -0,0 +1,26 @@
+from pathlib import Path
+
+from setuptools import find_packages, setup
+
+_here = Path(__file__).parent
+_readme = (_here / "README.md").read_text() if (_here / "README.md").exists() else ""
+
+setup(
+    name="aegis-langchain",
+    version="1.0.0",
+    description="LangChain governance middleware for Aegis ACP",
+    long_description=_readme,
+    long_description_content_type="text/markdown",
+    author="Aegis ACP",
+    python_requires=">=3.10",
+    packages=find_packages(),
+    install_requires=["httpx>=0.25"],
+    extras_require={"langchain": ["langchain-core>=0.1"]},
+    keywords=["ai", "governance", "langchain", "security", "aegis"],
+    classifiers=[
+        "Development Status :: 4 - Beta",
+        "Intended Audience :: Developers",
+        "Topic :: Security",
+        "Programming Language :: Python :: 3",
+    ],
+)