SDK Enforcement Client
SDK Enforcement Client¶
The Python and JavaScript SDKs expose the full enforcement control plane via client.enforce, no raw HTTP required. Every endpoint in the Authorisation API has a corresponding SDK method.
Info
Version: Available from xybern>=1.18.0 (Python) and @xybern/sdk>=1.18.0 (JavaScript).
Python¶
from xybern import Xybern
client = Xybern(api_key="xb_your_key")
# ── Core intercept ──────────────────────────────────────────────
result = client.enforce.intercept(
action_type="execute_trade",
action_content="Buy 500 AAPL @ market",
agent_id="agent_abc123",
metadata={"symbol": "AAPL", "qty": 500},
)
print(result["decision"]) # allow | block | escalate
# Block until a human resolves the escalation
if result["decision"] == "escalate":
esc_id = result.get("escalation_id")
status = client.enforce.wait_for_escalation(esc_id, timeout=3600.0)
# status["status"] == "approved" | "rejected"
# ── Agents ──────────────────────────────────────────────────────
agent = client.enforce.register_agent(
name="TradeBot", framework="langchain",
scopes=["execute_trade", "query_database"],
)
print(agent["credential"]["private_key"]) # one-time — store securely
# ── Delegation ──────────────────────────────────────────────────
grant = client.enforce.delegate(
source_agent_id="agent_A",
target_agent_id="agent_B",
scopes=["trade:read"],
duration_minutes=60,
max_uses=10,
)
# ── JIT temporal window ─────────────────────────────────────────
window = client.enforce.create_temporal_window(
agent_id="agent_abc123",
scopes=["database_write"],
duration_minutes=30,
reason="Emergency schema migration",
)
# ── Breakglass ──────────────────────────────────────────────────
bg = client.enforce.trigger_breakglass(
agent_id="agent_abc123",
justification="Critical prod incident — P0",
severity="critical",
duration_minutes=60,
)
# ── Policy packs (policy-as-code) ───────────────────────────────
client.enforce.deploy_policy_pack(
name="finance-v2",
version="2.1.0",
policy_definitions=[
{
"name": "Block high-value trades",
"policy_type": "threshold",
"action_types": ["execute_trade"],
"decision": "escalate",
"trust_threshold": 80,
}
],
)
# ── Federation ──────────────────────────────────────────────────
link = client.enforce.propose_federation(
target_workspace_id="ws_partner_org",
allowed_action_types=["query_database"],
max_trust_level=70,
)
token = client.enforce.issue_federation_token(
link_id=link["link"]["link_id"],
source_agent_id="agent_abc123",
scopes=["query_database"],
ttl_seconds=300,
)
# ── Webhooks ────────────────────────────────────────────────────
client.enforce.create_webhook(
url="https://your-system.com/xybern-events",
events=["decision.block", "breakglass.*", "federation.*"],
)
# ── Roles (RBAC) ────────────────────────────────────────────────
role = client.enforce.create_role(
name="read-only-agent",
allowed_action_types=["query_database", "read_file"],
denied_action_types=["execute_trade", "send_email"],
min_trust_level=40,
)
client.enforce.assign_role(role["role"]["role_id"], "agent_abc123")
JavaScript / TypeScript¶
import { Xybern } from '@xybern/sdk';
const client = new Xybern({ apiKey: 'xb_your_key' });
// ── Core intercept ──────────────────────────────────────────────
const result = await client.enforce.intercept({
actionType: 'execute_trade',
actionContent: 'Buy 500 AAPL @ market',
agentId: 'agent_abc123',
metadata: { symbol: 'AAPL', qty: 500 },
});
// result.decision === 'allow' | 'block' | 'escalate'
// Block until resolved (with timeout)
if (result.decision === 'escalate') {
const status = await client.enforce.waitForEscalation(result.escalationId, {
pollIntervalMs: 5000,
timeoutMs: 3_600_000,
});
// status.status === 'approved' | 'rejected'
}
// ── Register agent ──────────────────────────────────────────────
const agent = await client.enforce.registerAgent({
name: 'TradeBot',
framework: 'langchain',
scopes: ['execute_trade', 'query_database'],
});
// ── Batch intercept (up to 500 actions) ────────────────────────
const batch = await client.enforce.batchIntercept([
{ ref: 'step-1', actionType: 'read_file', actionContent: 'Read config.json' },
{ ref: 'step-2', actionType: 'execute_trade', actionContent: 'Buy 500 AAPL' },
{ ref: 'step-3', actionType: 'send_email', actionContent: 'Notify compliance' },
]);
// batch.allowed / batch.blocked / batch.escalated
// ── Policy pack deployment ──────────────────────────────────────
await client.enforce.deployPolicyPack({
name: 'finance-v2',
version: '2.1.0',
policyDefinitions: [
{
name: 'Block high-value trades',
policyType: 'threshold',
actionTypes: ['execute_trade'],
decision: 'escalate',
trustThreshold: 80,
},
],
});
// ── Temporal window ─────────────────────────────────────────────
await client.enforce.createTemporalWindow({
agentId: 'agent_abc123',
scopes: ['database_write'],
durationMinutes: 30,
reason: 'Emergency schema migration',
});
Full method reference¶
All methods are available on both client.enforce (Python) and client.enforce (JavaScript). The complete list covers:
| Category | Methods |
|---|---|
| Core | intercept, batch_intercept, intercept_agent_comm |
| Agents | register_agent, get_agent, update_agent, deactivate_agent, get_agent_history, get_agent_communications |
| Credentials | list_credentials, get_active_credential, rotate_credential, revoke_credential |
| Policies | list_policies, create_policy, update_policy, delete_policy, promote_shadow_policy, get_shadow_report |
| Decisions | list_decisions, get_decision |
| Escalations | list_escalations, get_escalation_status, resolve_escalation, wait_for_escalation |
| Delegations | delegate, verify_delegation, revoke_delegation, list_delegations |
| Temporal Windows | create_temporal_window, extend_temporal_window, revoke_temporal_window, check_temporal_window |
| Breakglass | trigger_breakglass, close_breakglass, review_breakglass, get_breakglass_stats |
| Roles (RBAC) | create_role, assign_role, unassign_role, list_role_agents |
| Federation | propose_federation, accept_federation, issue_federation_token, revoke_federation |
| Webhooks | create_webhook, test_webhook, rotate_webhook_secret, get_webhook_deliveries |
| Policy Packs | deploy_policy_pack, rollback_policy_pack, validate_policy_pack |