Python SDK (pip install xybern)
Python SDK, pip install xybern¶
The Xybern SDK is the frictionless way to bring an existing agent stack under governance. Install once and it discovers every AI agent in your process, gives each a cryptographic identity, registers them to your workspace, and, when you turn enforcement on, authorises every action before it executes.
✓ Detected frameworks: CrewAI, LangGraph, 2 MCP servers
✓ Found 12 agents · 48 tools
✓ Registered to workspace "Acme Corp" (each issued a cryptographic identity)
✓ Mode: OBSERVE — actions logged, nothing blocked yet
→ run `xybern enforce on` to start authorising
Where to add it¶
Add these two lines once, at your application's startup, before your agents run. That's the whole integration; you don't sprinkle it around your code.
from xybern import auto
auto.connect()
# ... then your normal code: build agents, run the crew/graph, serve requests, etc.
| Your setup | Where to put it |
|---|---|
| Agent script (CrewAI / LangChain / OpenAI Agents / LlamaIndex) | Top of your main file, before you create agents |
| FastAPI | Right after app = FastAPI() (or in startup) |
| Celery | In the Celery app module (runs in each worker) |
| MCP server | Top of the server entry, before it serves tools |
| Django | In an AppConfig.ready() or wsgi.py |
| Jupyter notebook | The first cell |
# Example — CrewAI
from xybern import auto
auto.connect() # ← here, first
from crewai import Agent, Crew
researcher = Agent(role="Researcher", ...) # auto-registered with an identity
Two things to know
- Multi-process (gunicorn, multiple Celery workers): it must run in each worker process, so put it in the module every worker imports (your app factory / worker bootstrap), not a one-off script.
- Earlier is better, but it's forgiving: agents created after
connect()are registered on creation; ones that already exist are still found by the startup scan and their actions still intercepted.
Auto-discovery¶
The SDK never scans your machine, it inspects what's importable in the running process and hooks the creation + execution points of supported frameworks:
LangChain · CrewAI · OpenAI Agents SDK · MCP servers · LangGraph · AutoGen · Semantic Kernel · LlamaIndex (plus FastAPI / Celery). Every detector is defensive: a version it doesn't recognise degrades to "presence detected" rather than touching your code, so installing the SDK can never break your app.
As your application creates agents and tools, they appear automatically in the Xybern dashboard, each registered with its own identity.
Observe-first, fail-open¶
The default mode is OBSERVE: actions are logged and inventoried, but nothing is ever blocked. Flip to enforcement only when you're ready:
In enforce mode each action is authorised before execution (allow / block /
escalate). If Xybern is unreachable the SDK fails open by default, so it can
never take your agents down. Action content is sent as a SHA-256 hash by
default, not raw payloads.
Logging in¶
| Method | How |
|---|---|
| Device code | xybern login, opens a browser, approve and pick a workspace; a scoped key is minted and saved to ~/.xybern/credentials.json |
| API key | xybern login --api-key xb_..., or export XYBERN_API_KEY=xb_..., or auto.connect(api_key="xb_...") |
CLI¶
xybern login [--api-key xb_...]
xybern agents # dry-run discovery — what would be found
xybern doctor # per-framework enforcement coverage (run in your project env)
xybern status
xybern enforce on|off
xybern logout
Configuration¶
| Option | Default | Meaning |
|---|---|---|
mode |
observe |
observe (log only) or enforce |
fail_open |
true |
allow actions through if Xybern is unreachable (enforce mode) |
redact |
true |
send content hashes instead of raw content |
frameworks |
all detected | restrict instrumentation to specific frameworks |
Every authorised action is recorded in your Provenance Vault, signed, policy-bound, and externally anchored.