Governance for AI agents. Audit trails, policy enforcement, and compliance.
Website | Docs | SDK Guide | Compliance
Thin Python SDK for asqav.com. All ML-DSA cryptography runs server-side. Zero native dependencies.
pip install asqavimport asqav
asqav.init(api_key="sk_...")
agent = asqav.Agent.create("my-agent")
sig = agent.sign("api:call", {"model": "gpt-4"})Your agent now has a cryptographic identity, a signed audit trail, and a verifiable action record.
| Without governance | With asqav |
|---|---|
| No record of what agents did | Every action signed with ML-DSA (FIPS 204) |
| Any agent can do anything | Policies block dangerous actions in real-time |
| One person approves everything | Multi-party authorization for critical actions |
| Manual compliance reports | Automated EU AI Act and DORA reports |
| Breaks when quantum computers arrive | Quantum-safe from day one |
@asqav.sign
def call_model(prompt: str):
return openai.chat.completions.create(model="gpt-4", messages=[{"role": "user", "content": prompt}])
with asqav.session() as s:
s.sign("step:fetch", {"source": "api"})
s.sign("step:process", {"records": 150})agent = await asqav.AsyncAgent.create("my-agent")
sig = await agent.sign("api:call", {"model": "gpt-4"})All API calls retry automatically with exponential backoff on transient failures.
pip install asqav[cli]
asqav verify sig_abc123
asqav agents list
asqav agents create my-agent
asqav syncSign actions offline when the API is unreachable. Queue syncs when connectivity returns.
from asqav import local_sign
local_sign("agt_xxx", "task:complete", {"result": "done"})
# Later: asqav syncNative integrations for 5 frameworks. Each extends AsqavAdapter for version-resilient signing.
pip install asqav[langchain]
pip install asqav[crewai]
pip install asqav[litellm]
pip install asqav[haystack]
pip install asqav[openai-agents]
pip install asqav[all]from asqav.extras.langchain import AsqavCallbackHandler
handler = AsqavCallbackHandler(api_key="sk_...")
chain.invoke(input, config={"callbacks": [handler]})from asqav.extras.crewai import AsqavCrewHook
hook = AsqavCrewHook(api_key="sk_...")
task = Task(description="Research competitors", callbacks=[hook.task_callback])from asqav.extras.litellm import AsqavGuardrail
from asqav.extras.haystack import AsqavComponent
from asqav.extras.openai_agents import AsqavGuardrailSee integration docs for full setup guides.
asqav.create_policy(
name="no-deletions",
action_pattern="data:delete:*",
action="block_and_alert",
severity="critical"
)Distributed approval where no single entity can authorize alone:
config = asqav.create_signing_group("agt_xxx", min_approvals=2, total_shares=3)
session = asqav.request_action("agt_xxx", "finance.transfer", {"amount": 50000})
asqav.approve_action(session.session_id, "ent_xxx")- Signed actions - every agent action gets a ML-DSA-65 signature with RFC 3161 timestamp
- Decorators -
@asqav.signwraps any function with cryptographic signing - Async - full async support with
AsyncAgentand automatic retry - CLI - verify signatures, manage agents, sync offline queue from the terminal
- Local mode - sign actions offline, sync later
- Framework integrations - LangChain, CrewAI, LiteLLM, Haystack, OpenAI Agents SDK
- Policy enforcement - block or alert on action patterns before execution
- Multi-party signing - m-of-n approval using threshold ML-DSA
- Agent identity - create, suspend, revoke, and rotate agent keys
- Audit export - JSON/CSV trails for compliance reporting
- Tokens - scoped JWTs and selective-disclosure tokens (SD-JWT)
| Package | What it does |
|---|---|
| asqav | Python SDK |
| asqav-mcp | MCP server for Claude Desktop/Code |
| asqav-compliance | CI/CD compliance scanner |
Get started at no cost. Free tier includes agent creation, signed actions, audit export, and framework integrations. Threat detection and monitoring on Pro ($39/mo). Compliance reports and incident management on Business ($149/mo). See asqav.com for pricing.
MIT - see LICENSE for details.
If asqav helps you, consider giving it a star. It helps others find the project.