DEV Community

João André Gomes Marques
João André Gomes Marques

Posted on

Add governance to Hugging Face smolagents in 4 lines

#ai #opensource #python #security

I was building an agent with Hugging Face's smolagents last month and hit a problem that kept bugging me. The agent ran tools, made decisions, called APIs - and I had zero record of what happened. If something went wrong, I'd be guessing.

smolagents gives you a clean way to build tool-calling agents. But once a tool runs, there's no audit trail. No proof of what was called, when, or what it returned. For hobby projects, fine. For anything touching production data, that's a gap.

Here's how I plugged it with asqav in 4 lines.

The setup 

pip install asqav[smolagents]
Enter fullscreen mode Exit fullscreen mode 
from asqav.extras.smolagents import AsqavSmolagentsHook

hook = AsqavSmolagentsHook(agent_name="my-smolagent")
signed_tool = hook.wrap_tool(my_tool)
Enter fullscreen mode Exit fullscreen mode

That's it. wrap_tool takes your existing tool and returns a wrapped version that signs three events:

  • tool:start - when the tool is called, with its input parameters
  • tool:end - when it completes, with the output
  • tool:error - if it throws, with the exception details

Each event gets a cryptographic signature using ML-DSA-65 (that's FIPS 204 - the post-quantum standard). Signatures happen server-side so the SDK stays thin. You get a tamper-evident log of every tool execution your agent performed.

What I like about the design

It's fail-open. If the signing service is down or something goes wrong with the signature, it logs a warning and moves on. Your agent keeps working. Governance shouldn't be a single point of failure for your pipeline.

You also don't need to change your tool's code. The hook wraps the tool at the boundary - your tool function stays exactly the same. Swap it in, swap it out, your logic doesn't care.

When this matters

If you're running smolagents that touch external APIs, databases, or anything with side effects - you probably want to know what happened after the fact. Debugging is one thing. But if you need to show an auditor or a compliance team what your agent did last Tuesday at 3am, "I think it worked fine" doesn't cut it.

The signed events give you a verifiable chain. Each signature can be independently verified, and the log can't be quietly edited after the fact.

Try it

The SDK is open source: github.com/jagmarques/asqav-sdk

Grab an API key from asqav.com/dashboard and wrap your first tool. Four lines, and you've got a governance layer that doesn't get in the way.

Top comments (0)