Metadata-Version: 2.4
Name: xybern
Version: 2.0.0
Summary: Identity & authorisation infrastructure for AI agents — install once, discover every agent, authorise every action.
Author-email: Xybern <info@xybern.com>
License: MIT
Project-URL: Homepage, https://www.xybern.com
Project-URL: Documentation, https://docs.xybern.com/authorization/sdk
Keywords: ai,agents,authorization,identity,governance,langchain,crewai,mcp,provenance
Requires-Python: >=3.8
Description-Content-Type: text/markdown
Requires-Dist: requests>=2.25.0
Provides-Extra: crypto
Requires-Dist: cryptography>=41.0.0; extra == "crypto"
Provides-Extra: dev
Requires-Dist: pytest; extra == "dev"

# Xybern

**Identity & authorisation infrastructure for AI agents.** Install once — Xybern
discovers every AI agent in your system, gives each a cryptographic identity, and
(when you turn enforcement on) authorises every action *before* it executes.

```bash
pip install xybern
xybern login          # browser device-code flow (auto-links your workspace)
```

```python
from xybern import auto
auto.connect()        # discovers frameworks + agents + tools, registers them, instruments them
```

```
✓ Detected frameworks: CrewAI, LangGraph, 2 MCP servers
✓ Found 12 agents · 48 tools
✓ Registered to workspace "Acme Corp" (each issued a cryptographic identity)
✓ Mode: OBSERVE — actions logged, nothing blocked yet
```

## What it does

- **Auto-discovery** — detects and instruments LangChain, CrewAI, OpenAI Agents SDK,
  MCP servers, LangGraph, AutoGen, Semantic Kernel, LlamaIndex (and FastAPI/Celery).
  No manual wiring; agents appear in your Xybern dashboard as your app creates them.
- **Cryptographic identity** — every discovered agent is registered and issued an
  identity, so its actions are attributable and signable.
- **Authorisation before execution** — each tool/agent action passes through Xybern's
  policy engine; `allow` / `block` / `escalate`.
- **Observe-first & fail-open** — default mode only *logs* (never blocks). When you
  switch to enforce, the SDK fails open if Xybern is unreachable, so it can't take
  your agents down.
- **Privacy** — sends content **hashes** by default, not raw payloads.

## Modes

```python
auto.connect()                 # OBSERVE (default): log + inventory, never blocks
auto.connect(mode="enforce")   # authorise actions (allow/block/escalate)
```
or persist it: `xybern enforce on` / `xybern enforce off`.

## CLI

```
xybern login [--api-key xb_...]   # device-code flow, or paste a key / set XYBERN_API_KEY
xybern agents                     # dry-run: what would be discovered
xybern status
xybern enforce on|off
xybern logout
```

## Auth options

1. **Device code** — `xybern login` opens a browser; approve + pick a workspace; a
   scoped key is minted and stored in `~/.xybern/credentials.json`.
2. **API key** — `xybern login --api-key xb_...`, or `export XYBERN_API_KEY=xb_...`,
   or `auto.connect(api_key="xb_...")`.

## Configuration

| Option | Default | Meaning |
| --- | --- | --- |
| `mode` | `observe` | `observe` (log only) or `enforce` (act on decisions) |
| `fail_open` | `True` | allow actions through if Xybern is unreachable (enforce mode) |
| `redact` | `True` | send content hashes instead of raw content |
| `frameworks` | all | restrict to specific frameworks |

Docs: https://docs.xybern.com/authorization/sdk
