SDK Auto-Capture

SDK Auto-Capture¶

Integrate once, every AI agent action is automatically captured on the Authorisation Layer dashboard. No manual intercept() call per action. Three patterns available depending on your stack.

Option 1: @guard Decorator¶

Wrap any Python function. Every call is intercepted, signed, and recorded. Blocked actions raise AgentBlockedError and the wrapped function never executes. When an action is escalated and wait_on_escalate=True (default), the agent blocks until a human approves or rejects on the Authorisation Layer dashboard.

from xybern import Xybern, AgentCredential, AgentBlockedError

client = Xybern(api_key="xb_your_key")
cred   = AgentCredential.load("./trading_agent.cred")

@client.agents.guard(credential=cred)
def execute_trade(ticker, quantity, notional_usd=0):
    place_order(ticker, quantity)   # only runs if Authorisation Layer allows it

@client.agents.guard(credential=cred)
def query_portfolio(account):
    return get_holdings(account)

# Every call → captured on Authorisation Layer dashboard, identity verified
execute_trade("AAPL", 100, notional_usd=19000)   # → ALLOW
execute_trade("TSLA", 1000, notional_usd=5000000) # → BLOCK (raises AgentBlockedError)

The @guard decorator accepts the following optional parameters for human-in-the-loop escalation gating:

Parameter	Default	Description
`credential`	required	Path to `.cred` file or `AgentCredential` object
`wait_on_escalate`	`True`	Block execution until a human approves or rejects on the dashboard
`escalation_timeout`	`300`	Maximum seconds to wait for a human decision before raising `AgentBlockedError`
`escalation_poll_interval`	`5`	Seconds between each poll of the escalation status endpoint
`metadata_fn`	`None`	Callable `(args, kwargs) → dict` for fine-grained policy metadata

Provide a metadata_fn for fine-grained policy evaluation:

@client.agents.guard(
    credential=cred,
    metadata_fn=lambda args, kw: {
        "ticker":       kw.get("ticker"),
        "notional_usd": kw.get("notional_usd", 0),
        "strategy":     kw.get("strategy", ""),
    }
)
def execute_trade(ticker, quantity, notional_usd=0, strategy=""):
    place_order(ticker, quantity)

Option 2: LangChain Callback Handler¶

Zero changes to tool code. Attach XybernLangChainCallback to any LangChain agent, every tool call is intercepted before execution.

from xybern import Xybern, XybernLangChainCallback, AgentCredential
from langchain.agents import initialize_agent

client  = Xybern(api_key="xb_your_key")
cred    = AgentCredential.load("./trading_agent.cred")
handler = XybernLangChainCallback(client=client, credential=cred)

agent = initialize_agent(tools, llm, callbacks=[handler])
# Done — every tool call appears on the Authorisation Layer dashboard

Option 3: XybernToolkit¶

Wrap a list of plain callables for non-LangChain agents. Exposes tools as attributes with full auto-interception.

from xybern import Xybern, XybernToolkit, AgentCredential

client = Xybern(api_key="xb_your_key")
cred   = AgentCredential.load("./trading_agent.cred")

def execute_trade(ticker, quantity, notional_usd=0): ...
def query_portfolio(account): ...
def risk_analysis(sector): ...

tools = XybernToolkit(client=client, credential=cred,
                      tools=[execute_trade, query_portfolio, risk_analysis])

# All calls auto-captured — same API as the original functions
tools.execute_trade("AAPL", 100, notional_usd=19000)
tools.query_portfolio("ACC-001")
print(tools.list_tools())  # ["execute_trade", "query_portfolio", "risk_analysis"]

AgentCredential, Key Management¶

Method	Description
`cred.save(path)`	Write JSON credential file, chmod 600
`AgentCredential.load(path)`	Load credential from file
`AgentCredential.from_env("PREFIX")`	Load from env vars: `PREFIX_AGENT_ID`, `PREFIX_PRIVATE_KEY`, etc.
`cred.to_env_snippet("PREFIX")`	Generate `export` lines for secrets managers / CI
`client.agents.rotate_credential(agent_id)`	Rotate keypair, old key immediately invalid

Success

Every decision is live on the dashboard. Whether via @guard , XybernLangChainCallback , or direct intercept() , every enforcement decision is recorded in real time under Authorisation Layer → Control Plane → Enforcement Decisions with full metadata, trust score, and policy reasoning.