You built an AI agent pipeline. It works. Users depend on it. Now someone asks you to add governance - audit trails, policy checks, cryptographic signing. Reasonable request. But the thought of plugging a new library into a production pipeline makes your stomach turn.
What if it adds latency? What if a signing failure kills a chain run? What if a policy misconfiguration blocks legitimate actions?
This is the observe mode problem. You need to see what governance would do before you let it do anything.
The solution: observe mode
asqav 0.2.11 ships an observe flag on every framework adapter. When enabled, the handler logs every action it would sign but makes zero API calls. Your pipeline runs exactly as before. You just get visibility into what governance would look like.
import asqav
from asqav.extras.langchain import AsqavCallbackHandler
asqav.init(api_key="sk_...")
# observe=True: logs actions, never calls the signing API
handler = AsqavCallbackHandler(
agent_name="my-agent",
observe=True,
)
chain.invoke(input, config={"callbacks": [handler]})
# Check your logs for lines like:
# OBSERVE: would sign chain:start with context {...}
# OBSERVE: would sign llm:start with context {...}
The handler hooks into every chain start, tool call, and LLM interaction. With observe=True, each event gets logged with the exact action type and context that would have been signed. No network calls. No latency. No risk.
Once you are comfortable with what you see in the logs, flip observe=False and governance goes live.
Semantic patterns instead of glob strings
Another friction point: action type strings. In older versions you had to remember namespaces like data:delete:* or api:call:external:*. Now you can use semantic labels:
agent = asqav.Agent.create("db-agent")
# Before: agent.sign("data:delete:*", {"table": "users"})
# Now:
agent.sign("sql-destructive", {"table": "users"})
The SDK resolves sql-destructive to data:delete:* internally. Other built-in patterns include sql-read, file-write, http-external, shell-execute, pii-access, and more. You can still use raw glob strings if you prefer.
Preflight with plain-English explanations
Before 0.2.11, agent.preflight() returned a boolean and a list of reason codes. Now it includes a human-readable explanation:
result = agent.preflight("sql-destructive")
print(result.cleared) # False
print(result.explanation) # "Blocked: action not permitted by current policy rules"
print(result.reasons) # ["blocked by policy: no-delete-production"]
This is useful for debugging policy configurations and for showing end users why an agent action was denied.
Getting started
pip install asqav==0.2.11
The SDK is open source, MIT licensed, and works with LangChain, CrewAI, LlamaIndex, OpenAI Agents, smolagents, DSPy, LiteLLM, and Haystack. Start with observe mode, review the logs, then go live when you are ready.
Top comments (0)