Framework Integrations
AIP integrates with the most popular AI agent frameworks — LangChain, CrewAI, and AutoGen. Every tool call, task execution, or agent message is automatically signed, boundary-checked, and verified.
Overview
Each integration wraps the framework's native execution with AIP's cryptographic verification pipeline. When your agent calls a tool, executes a task, or sends a message:
- An Intent Envelope is created for the action
- The envelope is signed with the agent's Ed25519 key
- The 8-step verification pipeline checks boundaries, revocation, and trust
- Only if verification passes does the action execute
LangChain Integration
Wraps any LangChain tool with AIP verification using the @aip_tool decorator. Works with create_tool_calling_agent, AgentExecutor, and any LangChain agent type.
Install
pip install aip-protocol langchain langchain-openaiQuick Start — 2 lines
from aip_langchain import aip_tool
@aip_tool(limit=500)
def transfer_funds(amount: float, to: str) -> str:
"""Transfer funds to a recipient."""
return f"Sent ${amount} to {to}"
# Use in any LangChain agent — AIP verification is automaticFull Agent Example
from langchain_openai import ChatOpenAI
from langchain.agents import create_tool_calling_agent, AgentExecutor
from langchain_core.prompts import ChatPromptTemplate
from aip_langchain import aip_tool
# Define tools with AIP protection
@aip_tool(limit=500, geo="US")
def transfer_funds(amount: float, to: str) -> str:
"""Transfer funds to a recipient."""
return f"Sent ${amount} to {to}"
@aip_tool(actions=["read_data"])
def read_invoice(invoice_id: str) -> str:
"""Read an invoice by ID."""
return f"Invoice {invoice_id}: $250.00"
# Create agent
llm = ChatOpenAI(model="gpt-4o")
tools = [transfer_funds, read_invoice]
prompt = ChatPromptTemplate.from_messages([
("system", "You are a procurement agent."),
("human", "{input}"),
("placeholder", "{agent_scratchpad}"),
])
agent = create_tool_calling_agent(llm, tools, prompt)
executor = AgentExecutor(agent=agent, tools=tools)
result = executor.invoke({"input": "Transfer $200 to Acme Corp"})
# ✅ AIP verifies: action=transfer_funds, amount=200 < limit=500
# ✗ $15,000 would be blocked: AIP-E202 monetary limit exceeded@aip_tool Options
@aip_tool(
limit=500, # Per-transaction monetary limit
daily_limit=5000, # Per-day limit
actions=["pay"], # Allowed actions (default: [function_name])
denied=["delete"], # Denied actions
geo="US", # Geographic restriction
domain="acme.com", # DID domain
on_violation="raise", # "raise" | "return_error" | "log"
)
def my_tool(...): ...CrewAI Integration
Protects CrewAI agents and tasks. Intercepts task execution to run AIP verification before the agent performs any action. Supports per-agent boundaries and per-task action scoping.
Install
pip install aip-protocol crewaiUsage
from crewai import Agent, Task, Crew
from aip_crewai import aip_agent, aip_task
# Create an AIP-protected agent
researcher = aip_agent(
Agent(
role="Researcher",
goal="Find market data",
backstory="You are a financial researcher.",
),
actions=["research", "read_data", "analyze"],
limit=100,
)
# Create a protected task
task = aip_task(
Task(
description="Research Q4 earnings for Acme Corp",
agent=researcher,
expected_output="Earnings summary",
),
action="research",
)
# Run the crew — AIP verification is automatic
crew = Crew(agents=[researcher], tasks=[task])
result = crew.kickoff()API
aip_agent(agent, actions=[], limit=0, denied=[], geo=None, domain="localhost")Wraps a CrewAI Agent with AIP verification. Every task the agent executes is boundary-checked.
aip_task(task, action="default")Wraps a CrewAI Task with a specific AIP action scope.
AIPCrew(crew, limit=0, domain="localhost")Wraps an entire CrewAI Crew — all agents and tasks get AIP protection automatically.
AutoGen Integration
Protects Microsoft AutoGen multi-agent conversations. Every message exchange between agents is cryptographically signed and verified through the AIP pipeline.
Install
pip install aip-protocol pyautogenUsage
from autogen import AssistantAgent, UserProxyAgent
from aip_autogen import aip_wrap, AIPConversation
# Create agents
assistant = AssistantAgent("assistant", llm_config={...})
user_proxy = UserProxyAgent("user_proxy")
# Wrap with AIP — 1 line per agent
assistant = aip_wrap(assistant, actions=["respond", "analyze"], limit=500)
user_proxy = aip_wrap(user_proxy, actions=["request", "approve"])
# Or wrap an entire conversation
conv = AIPConversation(
agents=[assistant, user_proxy],
limit=500,
domain="acme.com",
)
# Every message exchange is now AIP-verified
user_proxy.initiate_chat(assistant, message="Analyze Q4 earnings")How It Works Under the Hood
All three integrations follow the same pattern internally:
# What happens when your agent calls a tool/task:
1. Create IntentEnvelope(action, parameters, boundaries)
2. Sign envelope with agent's Ed25519 private key
3. verify_intent() → 8-step pipeline:
Schema → Expiry → Nonce → Signature → Boundaries → Attestation → Revocation → Trust
4. PASS → execute action | FAIL → raise error with AIP-Exxx code
Each integration creates a dedicated AgentPassport with its own Ed25519 keypair. Boundaries (monetary limits, allowed actions, geo restrictions) are enforced cryptographically — not just as config that can be bypassed.
Configuration Options
All integrations share these common configuration options:
| Option | Type | Default | Description |
|---|---|---|---|
actions | list[str] | [] | Allowed actions for this agent/tool |
denied | list[str] | [] | Explicitly denied actions |
limit | float | 0.0 | Per-transaction monetary limit (0 = unlimited) |
daily_limit | float | 0.0 | Per-day monetary limit |
currency | str | "USD" | Currency for monetary limits |
geo | str | None | None | ISO country code restriction (e.g., "US") |
domain | str | "localhost" | DID domain for the agent identity |
on_violation | str | "raise" | "raise" | "return_error" | "log" |
💡 Cloud Features
When connected to AIP Cloud (aip login), integrations automatically get: cross-org revocation mesh, persistent trust scores, replay detection across deployments, and full audit logging. The SDK works fully offline too — cloud features are additive.