Metadata-Version: 2.4
Name: ory-strands
Version: 0.12.1
Summary: Ory Agent Security for AWS Strands Agents — per-tool authorization, tracing, and identity propagation via tool-invocation hooks. Built on ory-argus.
Author: Ory
License-Expression: Apache-2.0
Keywords: agent,ai,authorization,aws,bedrock,ory,permissions,strands
Requires-Python: >=3.10
Requires-Dist: ory-argus<1,>=0.8
Requires-Dist: strands-agents>=1.0
Provides-Extra: dev
Requires-Dist: pytest>=8; extra == 'dev'
Requires-Dist: ruff>=0.6; extra == 'dev'
Description-Content-Type: text/markdown

# ory-strands

Ory Agent Security for [AWS Strands Agents](https://strandsagents.com/).

Authorizes every tool call against Ory Permissions via Strands' tool-invocation hooks,
traces invocations, and propagates user → agent identity — built on
[`ory-argus`](https://pypi.org/project/ory-argus/).

```bash
pip install ory-strands
```

```python
from strands import Agent
from ory_strands import OryHooks

agent = Agent(model=..., tools=[search, send_email], hooks=[OryHooks()])
```

`OryHooks` subscribes to `BeforeToolCallEvent` (authorize) and
`AfterToolCallEvent` (trace). In **enforce** mode (`ORY_PERMISSION_MODE=enforce`) a
denied tool is **cancelled** — Strands returns the denial as an error tool result and the
tool never runs. In **observe** mode (default) the tool runs and a `permission.observe_deny`
span is recorded.

Credentials come from the shared `~/.config/ory-agent-plugins/config.json`, so a login from
any Ory harness or `ory-argus login` is reused automatically. See
[docs/sdk-integrations.md](https://github.com/ory-corp/ory-agent-plugins/blob/main/docs/sdk-integrations.md).
