Skip to content

openagp/sdk-python

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
.github
.github
 
 
openagp
openagp
 
 
scripts
scripts
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
CHANGELOG.md
CHANGELOG.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
pyproject.toml
pyproject.toml
 
 

Repository files navigation

openagp/sdk-python

Reference Python SDK for AGP — vendor-side and plane-side.

PyPI License Spec

Install

pip install openagp

Python 3.10+. Runtime depends on cryptography, rfc8785, jsonschema, referencing.

Quick start

from openagp import generate_keypair, sign, verify, InvalidSignature

# vendor side
keys = generate_keypair()

event = {
    "agp_version": "0.1",
    "schema_version": "1.0",
    "event_id": "evt_01JFXY8B5Z9RHQXM3WTNPK4VG2",
    "occurred_at": "2026-08-12T14:23:11.412Z",
    "actor": {
        "vendor": "yourcompany.com",
        "agent_id": "agt_42",
    },
    "action": {
        "type": "tool_call",
        "tool_name": "browser.navigate",
    },
}

signed = sign(event, private_key_b64=keys.private_key_b64, key_id="yourcompany-2026-q2")

# plane side
verify(signed, public_key_b64=keys.public_key_b64)   # raises InvalidSignature on tamper

What the SDK does (and doesn't)

Implements — per ADR 0001:

  • RFC 8785 JCS canonicalization
  • Ed25519 sign / verify
  • JSON Schema validation against bundled v0.1 schemas (Draft 2020-12)
  • Tamper detection via signature
  • Algorithm-substitution rejection (only Ed25519 is accepted)

Does NOT implement yet (Phase 1+):

  • HTTP client / server scaffolds (FastAPI vendor + plane apps)
  • Policy DSL evaluation
  • Real-time decision callback (Flow C)
  • Registry resolution and key rotation
  • Replay-cache / event_id deduplication

Schemas

The SDK ships a bundled copy of every AGP JSON Schema under openagp/_schemas/. These are kept in lockstep with the canonical schemas in openagp/spec — CI fails if they drift. To sync after pulling the latest spec:

scripts/sync-schemas.sh

Development

Clone alongside openagp/spec (tests load fixtures and test vectors from a sibling checkout — CI clones both repos automatically):

git clone https://github.com/openagp/spec
git clone https://github.com/openagp/sdk-python
cd sdk-python
pip install -e ".[dev]"

Then:

pytest                  # run all tests, including the cross-language vectors
ruff check openagp tests  # lint
scripts/sync-schemas.sh   # pull canonical schemas from ../spec/schemas/

Bundled schemas under openagp/_schemas/ must stay in sync with ../spec/schemas/ — CI fails if they drift. Run scripts/sync-schemas.sh after pulling spec changes.

For cross-language sanity, also run the conformance suite locally:

cd ../cts && make vectors    # builds agp-cts + runs embedded test vectors

See CONTRIBUTING.md at the org level for DCO sign-off and PR conventions, and SUPPORT.md for where to ask questions or file bugs.

CLI

A small validator CLI ships with the SDK:

python -m openagp.tools.validate --kind event --instance path/to/event.json
python -m openagp.tools.validate --schema schemas/event.json --instance fixtures/events/01-tool-call-allowed.json

Status

Scaffold + Phase 0 sign/verify roundtrip. The full Phase 1 SDK is in progress (see §4.2 Phase 1 of the spec).

License

Apache-2.0.

About

Reference Python SDK for the Agent Governance Protocol

Topics

python sdk agp openagp

Resources

Readme

License

Apache-2.0 license

Code of conduct

Code of conduct

Contributing

Contributing

Security policy

Security policy
Activity
Custom properties

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages