Skillget

asqav-sdk

mcp
Security Audit
Pass
Health Pass
  • License — License: MIT
  • Description — Repository has a description
  • Active repo — Last push 0 days ago
  • Community trust — 37 GitHub stars
Code Pass
  • Code scan — Scanned 12 files during light audit, no dangerous patterns found
Permissions Pass
  • Permissions — No dangerous permissions requested
Purpose
This Python SDK provides governance capabilities for AI agents, including audit trails, policy enforcement, and quantum-safe cryptographic signatures. It acts as a thin client that delegates all heavy cryptographic operations to a remote server.

Security Assessment
Overall risk: Medium. The SDK makes external network requests to its backend API (asqav.com) to log actions, enforce policies, and handle signatures. You must provide an API key via `asqav.init(api_key="...")`, which introduces a risk of accidental key exposure in your source code. The automated code scan of 12 files found no dangerous patterns, hardcoded secrets, or dangerous permission requests. There are no signs of local shell execution. However, since this tool's core function is to transmit a record of your agent's actions to a third-party server, you are inherently sharing operational data and metadata with an external service.

Quality Assessment
Overall quality: Good. The project is actively maintained, with its most recent code push happening today. It is properly licensed under the permissive MIT license. The repository has garnered 37 GitHub stars, indicating a small but present level of community validation. The code itself is lightweight and requires zero native dependencies, relying entirely on server-side infrastructure for its promised features.

Verdict
Use with caution: the code itself is safe and well-maintained, but you must be comfortable sending your AI agent's operational metadata and actions to a third-party API.
SUMMARY

Python SDK for AI agent governance - audit trails, policy enforcement, quantum-safe signatures. Works with LangChain, CrewAI, MCP.

README.md

asqav

Governance for AI agents. Audit trails, policy enforcement, and compliance.

PyPI version CI Downloads License: MIT Python versions GitHub stars

Website | Docs | SDK Guide | Compliance

asqav SDK

Thin Python SDK for asqav.com. All ML-DSA cryptography runs server-side. Zero native dependencies.

Install

pip install asqav

import asqav

asqav.init(api_key="sk_...")
agent = asqav.Agent.create("my-agent")
sig = agent.sign("api:call", {"model": "gpt-4"})

Your agent now has a cryptographic identity, a signed audit trail, and a verifiable action record.

Why

Without governance With asqav
No record of what agents did Every action signed with ML-DSA (FIPS 204)
Any agent can do anything Policies block dangerous actions in real-time
One person approves everything Multi-party authorization for critical actions
Manual compliance reports Automated EU AI Act and DORA reports
Breaks when quantum computers arrive Quantum-safe from day one

Decorators and context managers

@asqav.sign
def call_model(prompt: str):
    return openai.chat.completions.create(model="gpt-4", messages=[{"role": "user", "content": prompt}])

with asqav.session() as s:
    s.sign("step:fetch", {"source": "api"})
    s.sign("step:process", {"records": 150})

Async support

agent = await asqav.AsyncAgent.create("my-agent")
sig = await agent.sign("api:call", {"model": "gpt-4"})

All API calls retry automatically with exponential backoff on transient failures.

CLI

pip install asqav[cli]

asqav verify sig_abc123
asqav agents list
asqav agents create my-agent
asqav sync

Local mode

Sign actions offline when the API is unreachable. Queue syncs when connectivity returns.

from asqav import local_sign

local_sign("agt_xxx", "task:complete", {"result": "done"})
# Later: asqav sync

Works with your stack

Native integrations for 5 frameworks. Each extends AsqavAdapter for version-resilient signing.

pip install asqav[langchain]
pip install asqav[crewai]
pip install asqav[litellm]
pip install asqav[haystack]
pip install asqav[openai-agents]
pip install asqav[all]

LangChain

from asqav.extras.langchain import AsqavCallbackHandler

handler = AsqavCallbackHandler(api_key="sk_...")
chain.invoke(input, config={"callbacks": [handler]})

CrewAI

from asqav.extras.crewai import AsqavCrewHook

hook = AsqavCrewHook(api_key="sk_...")
task = Task(description="Research competitors", callbacks=[hook.task_callback])

LiteLLM / Haystack / OpenAI Agents SDK

from asqav.extras.litellm import AsqavGuardrail
from asqav.extras.haystack import AsqavComponent
from asqav.extras.openai_agents import AsqavGuardrail

See integration docs for full setup guides.

Policy enforcement

asqav.create_policy(
    name="no-deletions",
    action_pattern="data:delete:*",
    action="block_and_alert",
    severity="critical"
)

Multi-party signing

Distributed approval where no single entity can authorize alone:

config = asqav.create_signing_group("agt_xxx", min_approvals=2, total_shares=3)
session = asqav.request_action("agt_xxx", "finance.transfer", {"amount": 50000})
asqav.approve_action(session.session_id, "ent_xxx")

Features

  • Signed actions - every agent action gets a ML-DSA-65 signature with RFC 3161 timestamp
  • Decorators - @asqav.sign wraps any function with cryptographic signing
  • Async - full async support with AsyncAgent and automatic retry
  • CLI - verify signatures, manage agents, sync offline queue from the terminal
  • Local mode - sign actions offline, sync later
  • Framework integrations - LangChain, CrewAI, LiteLLM, Haystack, OpenAI Agents SDK
  • Policy enforcement - block or alert on action patterns before execution
  • Multi-party signing - m-of-n approval using threshold ML-DSA
  • Agent identity - create, suspend, revoke, and rotate agent keys
  • Audit export - JSON/CSV trails for compliance reporting
  • Tokens - scoped JWTs and selective-disclosure tokens (SD-JWT)

Ecosystem

Package What it does
asqav Python SDK
asqav-mcp MCP server for Claude Desktop/Code
asqav-compliance CI/CD compliance scanner

Free tier

Get started at no cost. Free tier includes agent creation, signed actions, audit export, and framework integrations. Threat detection and monitoring on Pro ($39/mo). Compliance reports and incident management on Business ($149/mo). See asqav.com for pricing.

Links

License

MIT - see LICENSE for details.

If asqav helps you, consider giving it a star. It helps others find the project.

Reviews (0)

No results found