langchain-forge 0.1.0__tar.gz

langchain_forge-0.1.0/PKG-INFO

@@ -0,0 +1,100 @@
+Metadata-Version: 2.4
+Name: langchain-forge
+Version: 0.1.0
+Summary: Forge Verify middleware for LangGraph/LangChain — verify every tool call before execution
+Author-email: Veritera AI <engineering@veritera.ai>
+License: MIT
+Project-URL: Homepage, https://veritera.ai
+Project-URL: Documentation, https://veritera.ai/docs
+Project-URL: Repository, https://github.com/VeriteraAI/langchain-forge
+Keywords: veritera,forge,langchain,langgraph,middleware,guardrail,verification
+Classifier: Development Status :: 4 - Beta
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Programming Language :: Python :: 3
+Classifier: Topic :: Security
+Classifier: Topic :: Software Development :: Libraries
+Requires-Python: >=3.10
+Description-Content-Type: text/markdown
+Requires-Dist: veritera>=0.2.0
+Requires-Dist: langchain-core>=0.3.0
+
+# langchain-forge
+
+Forge Verify middleware for [LangGraph](https://github.com/langchain-ai/langgraph) and [LangChain](https://github.com/langchain-ai/langchain). Verifies every AI agent tool call against your policies **before** execution.
+
+## Install
+
+```bash
+pip install langchain-forge
+```
+
+## Quick Start
+
+```python
+import os
+from langgraph.prebuilt import create_react_agent
+from langchain_core.tools import tool
+from forge_langgraph import ForgeVerifyMiddleware
+
+os.environ["VERITERA_API_KEY"] = "vt_live_..."
+os.environ["OPENAI_API_KEY"] = "sk-..."
+
+@tool
+def send_payment(amount: float, recipient: str) -> str:
+    """Send a payment to a recipient."""
+    return f"Sent ${amount} to {recipient}"
+
+@tool
+def delete_record(record_id: str) -> str:
+    """Delete a database record."""
+    return f"Deleted {record_id}"
+
+# Add Forge middleware — one line
+middleware = ForgeVerifyMiddleware(policy="finance-controls")
+
+agent = create_react_agent(
+    model="gpt-4.1",
+    tools=[send_payment, delete_record],
+    middleware=[middleware],
+)
+
+# Every tool call is verified before execution
+result = agent.invoke({"messages": [("user", "Send $500 to vendor@acme.com")]})
+```
+
+## How It Works
+
+1. LangGraph decides to call a tool
+2. **Before execution**, the middleware calls Forge `/v1/verify`
+3. If **approved**: the tool runs normally
+4. If **denied**: the LLM receives a denial message and can explain why
+
+## Standalone Tool
+
+If you prefer the LLM to call verification explicitly:
+
+```python
+from forge_langgraph import forge_verify_tool
+
+verify = forge_verify_tool(policy="finance-controls")
+agent = create_react_agent(model, tools=[send_payment, verify])
+```
+
+## Configuration
+
+```python
+middleware = ForgeVerifyMiddleware(
+    api_key="vt_live_...",           # or VERITERA_API_KEY env var
+    agent_id="prod-finance-bot",
+    policy="finance-controls",
+    fail_closed=True,                # deny when API is unreachable
+    skip_actions=["read_balance"],   # skip read-only tools
+    on_blocked=lambda a, r: print(f"BLOCKED: {a} — {r}"),
+    on_verified=lambda a, r: print(f"APPROVED: {a}"),
+)
+```
+
+## License
+
+MIT — [Veritera AI](https://veritera.ai)

langchain_forge-0.1.0/README.md

@@ -0,0 +1,79 @@
+# langchain-forge
+
+Forge Verify middleware for [LangGraph](https://github.com/langchain-ai/langgraph) and [LangChain](https://github.com/langchain-ai/langchain). Verifies every AI agent tool call against your policies **before** execution.
+
+## Install
+
+```bash
+pip install langchain-forge
+```
+
+## Quick Start
+
+```python
+import os
+from langgraph.prebuilt import create_react_agent
+from langchain_core.tools import tool
+from forge_langgraph import ForgeVerifyMiddleware
+
+os.environ["VERITERA_API_KEY"] = "vt_live_..."
+os.environ["OPENAI_API_KEY"] = "sk-..."
+
+@tool
+def send_payment(amount: float, recipient: str) -> str:
+    """Send a payment to a recipient."""
+    return f"Sent ${amount} to {recipient}"
+
+@tool
+def delete_record(record_id: str) -> str:
+    """Delete a database record."""
+    return f"Deleted {record_id}"
+
+# Add Forge middleware — one line
+middleware = ForgeVerifyMiddleware(policy="finance-controls")
+
+agent = create_react_agent(
+    model="gpt-4.1",
+    tools=[send_payment, delete_record],
+    middleware=[middleware],
+)
+
+# Every tool call is verified before execution
+result = agent.invoke({"messages": [("user", "Send $500 to vendor@acme.com")]})
+```
+
+## How It Works
+
+1. LangGraph decides to call a tool
+2. **Before execution**, the middleware calls Forge `/v1/verify`
+3. If **approved**: the tool runs normally
+4. If **denied**: the LLM receives a denial message and can explain why
+
+## Standalone Tool
+
+If you prefer the LLM to call verification explicitly:
+
+```python
+from forge_langgraph import forge_verify_tool
+
+verify = forge_verify_tool(policy="finance-controls")
+agent = create_react_agent(model, tools=[send_payment, verify])
+```
+
+## Configuration
+
+```python
+middleware = ForgeVerifyMiddleware(
+    api_key="vt_live_...",           # or VERITERA_API_KEY env var
+    agent_id="prod-finance-bot",
+    policy="finance-controls",
+    fail_closed=True,                # deny when API is unreachable
+    skip_actions=["read_balance"],   # skip read-only tools
+    on_blocked=lambda a, r: print(f"BLOCKED: {a} — {r}"),
+    on_verified=lambda a, r: print(f"APPROVED: {a}"),
+)
+```
+
+## License
+
+MIT — [Veritera AI](https://veritera.ai)

langchain_forge-0.1.0/forge_langgraph/__init__.py

@@ -0,0 +1,21 @@
+"""Forge Verify middleware for LangGraph / LangChain.
+
+Intercepts every tool call and verifies it against Forge policies before execution.
+
+Usage:
+    from forge_langgraph import ForgeVerifyMiddleware
+
+    middleware = ForgeVerifyMiddleware(policy="finance-controls")
+
+    agent = create_react_agent(
+        model="gpt-4.1",
+        tools=[send_payment, read_balance],
+        middleware=[middleware],
+    )
+"""
+
+__version__ = "0.1.0"
+
+from .middleware import ForgeVerifyMiddleware, forge_verify_tool
+
+__all__ = ["ForgeVerifyMiddleware", "forge_verify_tool"]

langchain_forge-0.1.0/forge_langgraph/middleware.py

@@ -0,0 +1,168 @@
+"""Forge Verify middleware for LangGraph / LangChain.
+
+Two integration approaches:
+
+1. AgentMiddleware (recommended) — intercepts ALL tool calls automatically:
+     middleware = ForgeVerifyMiddleware(policy="finance-controls")
+     agent = create_react_agent(model, tools, middleware=[middleware])
+
+2. Standalone tool — the LLM calls forge_verify explicitly:
+     tool = forge_verify_tool(policy="finance-controls")
+     agent = create_react_agent(model, tools=[send_payment, tool])
+"""
+
+from __future__ import annotations
+
+import logging
+import os
+from collections.abc import Callable
+from typing import Any, Optional
+
+from veritera import Forge
+
+from langchain_core.tools import BaseTool, tool
+from langchain_core.messages import ToolMessage
+
+logger = logging.getLogger("forge_langgraph")
+
+
+class ForgeVerifyMiddleware:
+    """LangGraph/LangChain middleware that verifies every tool call through Forge.
+
+    Works with create_react_agent and any LangGraph agent that accepts middleware.
+
+    Args:
+        api_key: Forge API key (or set VERITERA_API_KEY env var).
+        base_url: Forge API endpoint.
+        agent_id: Identifier for this agent in Forge audit logs.
+        policy: Policy to evaluate actions against.
+        fail_closed: If True (default), deny when Forge API is unreachable.
+        timeout: Request timeout in seconds.
+        skip_actions: Tool names to skip verification for.
+        on_verified: Callback(action, result) when approved.
+        on_blocked: Callback(action, reason) when denied.
+    """
+
+    def __init__(
+        self,
+        api_key: Optional[str] = None,
+        base_url: str = "https://veritera.ai",
+        agent_id: str = "langgraph-agent",
+        policy: Optional[str] = None,
+        fail_closed: bool = True,
+        timeout: float = 10.0,
+        skip_actions: Optional[list[str]] = None,
+        on_verified: Optional[Callable] = None,
+        on_blocked: Optional[Callable] = None,
+    ):
+        key = api_key or os.environ.get("VERITERA_API_KEY", "")
+        if not key:
+            raise ValueError(
+                "Forge API key required. Pass api_key= or set VERITERA_API_KEY env var."
+            )
+        self._client = Forge(
+            api_key=key,
+            base_url=base_url,
+            timeout=timeout,
+            fail_closed=fail_closed,
+        )
+        self.agent_id = agent_id
+        self.policy = policy
+        self.fail_closed = fail_closed
+        self.skip_actions = set(skip_actions or [])
+        self.on_verified = on_verified
+        self.on_blocked = on_blocked
+
+    def wrap_tool_call(self, request: Any, handler: Callable) -> Any:
+        """Middleware entry point — called by LangGraph before each tool execution.
+
+        If Forge approves: calls handler(request) to execute the tool.
+        If Forge denies: returns a ToolMessage with the denial reason.
+        """
+        tool_name = request.tool_call.get("name", "unknown")
+        tool_args = request.tool_call.get("args", {})
+        tool_call_id = request.tool_call.get("id", "")
+
+        # Skip configured actions
+        if tool_name in self.skip_actions:
+            return handler(request)
+
+        # Verify through Forge (sync)
+        try:
+            result = self._client.verify_sync(
+                action=tool_name,
+                agent_id=self.agent_id,
+                params=tool_args if isinstance(tool_args, dict) else {"raw": str(tool_args)},
+                policy=self.policy,
+            )
+        except Exception as exc:
+            logger.error("Forge verify error for %s: %s", tool_name, exc)
+            if self.fail_closed:
+                if self.on_blocked:
+                    self.on_blocked(tool_name, str(exc))
+                return ToolMessage(
+                    content=f"Action '{tool_name}' blocked — policy verification unavailable.",
+                    tool_call_id=tool_call_id,
+                )
+            return handler(request)
+
+        if result.verified:
+            logger.debug("Forge APPROVED: %s (proof=%s)", tool_name, result.proof_id)
+            if self.on_verified:
+                self.on_verified(tool_name, result)
+            return handler(request)
+
+        reason = result.reason or "Policy violation"
+        logger.warning("Forge DENIED: %s — %s", tool_name, reason)
+        if self.on_blocked:
+            self.on_blocked(tool_name, reason)
+        return ToolMessage(
+            content=f"Action '{tool_name}' denied by Forge: {reason}",
+            tool_call_id=tool_call_id,
+        )
+
+
+def forge_verify_tool(
+    api_key: Optional[str] = None,
+    base_url: str = "https://veritera.ai",
+    agent_id: str = "langgraph-agent",
+    policy: Optional[str] = None,
+) -> BaseTool:
+    """Create a LangChain tool that the LLM can call to verify actions.
+
+    This is an alternative to the middleware approach — the LLM decides
+    when to call verification explicitly.
+
+    Usage:
+        verify = forge_verify_tool(policy="finance-controls")
+        agent = create_react_agent(model, tools=[send_payment, verify])
+    """
+    key = api_key or os.environ.get("VERITERA_API_KEY", "")
+    client = Forge(api_key=key, base_url=base_url, fail_closed=True)
+
+    @tool
+    def forge_verify(action: str, params: str = "{}") -> str:
+        """Verify an AI agent action against Forge security policies before executing it.
+
+        Args:
+            action: The action identifier to verify (e.g. 'payment.create')
+            params: JSON string of action parameters
+        """
+        import json as _json
+
+        try:
+            parsed = _json.loads(params)
+        except _json.JSONDecodeError:
+            parsed = {"raw": params}
+
+        result = client.verify_sync(
+            action=action,
+            agent_id=agent_id,
+            params=parsed,
+            policy=policy,
+        )
+        if result.verified:
+            return f"APPROVED: {result.verdict} | proof_id: {result.proof_id} | latency: {result.latency_ms}ms"
+        return f"DENIED: {result.reason} | proof_id: {result.proof_id}"
+
+    return forge_verify

langchain_forge-0.1.0/langchain_forge.egg-info/PKG-INFO

@@ -0,0 +1,100 @@
+Metadata-Version: 2.4
+Name: langchain-forge
+Version: 0.1.0
+Summary: Forge Verify middleware for LangGraph/LangChain — verify every tool call before execution
+Author-email: Veritera AI <engineering@veritera.ai>
+License: MIT
+Project-URL: Homepage, https://veritera.ai
+Project-URL: Documentation, https://veritera.ai/docs
+Project-URL: Repository, https://github.com/VeriteraAI/langchain-forge
+Keywords: veritera,forge,langchain,langgraph,middleware,guardrail,verification
+Classifier: Development Status :: 4 - Beta
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Programming Language :: Python :: 3
+Classifier: Topic :: Security
+Classifier: Topic :: Software Development :: Libraries
+Requires-Python: >=3.10
+Description-Content-Type: text/markdown
+Requires-Dist: veritera>=0.2.0
+Requires-Dist: langchain-core>=0.3.0
+
+# langchain-forge
+
+Forge Verify middleware for [LangGraph](https://github.com/langchain-ai/langgraph) and [LangChain](https://github.com/langchain-ai/langchain). Verifies every AI agent tool call against your policies **before** execution.
+
+## Install
+
+```bash
+pip install langchain-forge
+```
+
+## Quick Start
+
+```python
+import os
+from langgraph.prebuilt import create_react_agent
+from langchain_core.tools import tool
+from forge_langgraph import ForgeVerifyMiddleware
+
+os.environ["VERITERA_API_KEY"] = "vt_live_..."
+os.environ["OPENAI_API_KEY"] = "sk-..."
+
+@tool
+def send_payment(amount: float, recipient: str) -> str:
+    """Send a payment to a recipient."""
+    return f"Sent ${amount} to {recipient}"
+
+@tool
+def delete_record(record_id: str) -> str:
+    """Delete a database record."""
+    return f"Deleted {record_id}"
+
+# Add Forge middleware — one line
+middleware = ForgeVerifyMiddleware(policy="finance-controls")
+
+agent = create_react_agent(
+    model="gpt-4.1",
+    tools=[send_payment, delete_record],
+    middleware=[middleware],
+)
+
+# Every tool call is verified before execution
+result = agent.invoke({"messages": [("user", "Send $500 to vendor@acme.com")]})
+```
+
+## How It Works
+
+1. LangGraph decides to call a tool
+2. **Before execution**, the middleware calls Forge `/v1/verify`
+3. If **approved**: the tool runs normally
+4. If **denied**: the LLM receives a denial message and can explain why
+
+## Standalone Tool
+
+If you prefer the LLM to call verification explicitly:
+
+```python
+from forge_langgraph import forge_verify_tool
+
+verify = forge_verify_tool(policy="finance-controls")
+agent = create_react_agent(model, tools=[send_payment, verify])
+```
+
+## Configuration
+
+```python
+middleware = ForgeVerifyMiddleware(
+    api_key="vt_live_...",           # or VERITERA_API_KEY env var
+    agent_id="prod-finance-bot",
+    policy="finance-controls",
+    fail_closed=True,                # deny when API is unreachable
+    skip_actions=["read_balance"],   # skip read-only tools
+    on_blocked=lambda a, r: print(f"BLOCKED: {a} — {r}"),
+    on_verified=lambda a, r: print(f"APPROVED: {a}"),
+)
+```
+
+## License
+
+MIT — [Veritera AI](https://veritera.ai)

langchain_forge-0.1.0/langchain_forge.egg-info/SOURCES.txt

@@ -0,0 +1,9 @@
+README.md
+pyproject.toml
+forge_langgraph/__init__.py
+forge_langgraph/middleware.py
+langchain_forge.egg-info/PKG-INFO
+langchain_forge.egg-info/SOURCES.txt
+langchain_forge.egg-info/dependency_links.txt
+langchain_forge.egg-info/requires.txt
+langchain_forge.egg-info/top_level.txt

langchain_forge-0.1.0/langchain_forge.egg-info/dependency_links.txt

@@ -0,0 +1 @@
+

langchain_forge-0.1.0/langchain_forge.egg-info/requires.txt

@@ -0,0 +1,2 @@
+veritera>=0.2.0
+langchain-core>=0.3.0

langchain_forge-0.1.0/langchain_forge.egg-info/top_level.txt

@@ -0,0 +1 @@
+forge_langgraph

langchain_forge-0.1.0/pyproject.toml

@@ -0,0 +1,33 @@
+[project]
+name = "langchain-forge"
+version = "0.1.0"
+description = "Forge Verify middleware for LangGraph/LangChain — verify every tool call before execution"
+readme = "README.md"
+license = {text = "MIT"}
+requires-python = ">=3.10"
+authors = [{name = "Veritera AI", email = "engineering@veritera.ai"}]
+keywords = ["veritera", "forge", "langchain", "langgraph", "middleware", "guardrail", "verification"]
+classifiers = [
+    "Development Status :: 4 - Beta",
+    "Intended Audience :: Developers",
+    "License :: OSI Approved :: MIT License",
+    "Programming Language :: Python :: 3",
+    "Topic :: Security",
+    "Topic :: Software Development :: Libraries",
+]
+dependencies = [
+    "veritera>=0.2.0",
+    "langchain-core>=0.3.0",
+]
+
+[project.urls]
+Homepage = "https://veritera.ai"
+Documentation = "https://veritera.ai/docs"
+Repository = "https://github.com/VeriteraAI/langchain-forge"
+
+[build-system]
+requires = ["setuptools>=68.0"]
+build-backend = "setuptools.build_meta"
+
+[tool.setuptools.packages.find]
+include = ["forge_langgraph*"]

langchain_forge-0.1.0/setup.cfg

@@ -0,0 +1,4 @@
+[egg_info]
+tag_build = 
+tag_date = 0
+