| Requirement | Version |
|---|---|
| Agent Assembly Python SDK (agent-assembly) | >= 0.0.1rc6 |
Install:
uv add agent-assembly==0.0.1rc6
# or
pip install agent-assembly==0.0.1rc6A richer ReAct variant of langchain-basic-agent. It
shows how Agent Assembly
governs a LangChain research agent that
reasons through a question using a web-search tool and a calculator tool — under
a single balanced governance policy.
- Initializing Agent Assembly with
init_assembly()insdk-onlymode. - A ReAct-style research trajectory over two tools:
web_searchandcalculator. - A balanced policy that bundles four controls at once:
- Network allowlist — outbound egress is only allowed to
*.openai.com. - Daily budget — tool calls are metered against a
$1.00 / daycap. - Tool-call logging — every governed call is recorded as an audit event.
- Credential-leak block — any tool input carrying a secret is denied.
- Network allowlist — outbound egress is only allowed to
- A credential-leak demo that uses a SAFE, FAKE key (
sk-FAKE...) — never a real secret — to show the leak rule firing. --mockmode: the whole demo runs offline with no API keys, so CI can run it.
| Requirement | Version |
|---|---|
| Python | >= 3.12 |
| uv | latest |
| Agent Assembly Python SDK | >= 0.0.1rc6 |
No running Agent Assembly gateway and no API keys are required for the mock demo.
cd python/langchain-research-agent
uv sync --extra devuv run python src/main.py --mock--mock replays a scripted ReAct trajectory offline. This is the only run mode
this example implements — running without --mock (with an OPENAI_API_KEY
set) prints a notice that the live LangChain integration is not implemented here
and exits without doing anything.
================================================================
Agent Assembly — LangChain ReAct Research Agent
================================================================
Initializing Agent Assembly (gateway: http://localhost:8080, sdk-only mode)...
Agent: langchain-research-agent
Gateway: http://localhost:8080
Mode: sdk-only (mock (offline))
Balanced policy (local simulation of gateway policy):
ALLOWLIST — outbound egress to *.openai.com, openai.com
BUDGET — $1.00 / day, metered per tool call
LOG — every tool call recorded as an audit event
BLOCK — any tool input that leaks a credential
Running ReAct research trajectory:
----------------------------------------------
→ web_search({"query": "speed of light"})
✅ ALLOWED — The speed of light in vacuum is 299792458 metres per second.
→ web_search({"query": "population of France"})
✅ ALLOWED — France has a population of approximately 68000000 people.
→ calculator({"expression": "299792458 / 68000000"})
✅ ALLOWED — 299792458 / 68000000 = 4.40871
→ web_search({"query": "fetch https://evil-exfil.example.com/leak"})
❌ BLOCKED — Tool 'web_search' attempted egress to 'evil-exfil.example.com', which is not on the network allowlist (*.openai.com).
Credential-leak demo (SAFE FAKE key):
----------------------------------------------
→ web_search({"query": "summarize using api_key=sk-FAKE0000DEMO0000NOTAREALKEY0000"})
❌ BLOCKED — Tool 'web_search' input contains a credential and is blocked by policy rule 'block_credential_leak'.
Governance events recorded this run:
----------------------------------------------
✅ web_search allow — allowed (charged $0.02; spent=$0.02 / limit=$1.00 (2%))
✅ web_search allow — allowed (charged $0.02; spent=$0.04 / limit=$1.00 (4%))
✅ calculator allow — allowed (charged $0.00; spent=$0.04 / limit=$1.00 (4%))
❌ web_search deny — Tool 'web_search' attempted egress to 'evil-exfil.example.com', which is not on the network allowlist (*.openai.com).
❌ web_search deny — Tool 'web_search' input contains a credential and is blocked by policy rule 'block_credential_leak'.
Final budget: spent=$0.04 / limit=$1.00 (4%)
Assembly context shut down.
| Event | Governance control | Outcome |
|---|---|---|
web_search("speed of light") |
tool-call capture + budget | ALLOWED, charged $0.02 |
web_search("population of France") |
tool-call capture + budget | ALLOWED, charged $0.02 |
calculator(...) |
tool-call capture + budget | ALLOWED, $0.00 (local compute) |
web_search(... evil-exfil.example.com ...) |
network allowlist | BLOCKED — host not on *.openai.com |
web_search(... api_key=sk-FAKE... ) |
credential-leak block | BLOCKED — secret detected in input |
The final block replays the full audit trail and the running budget total — the governance evidence a real gateway would persist server-side.
uv run pytest tests/ -vThis example is an offline scripted governance demo — it replays a fixed
ReAct trajectory so the governance wiring can be exercised deterministically,
with no API keys. It does not drive a real LangChain agent loop, and there
is no runnable "live" mode: invoking it without --mock prints a notice to that
effect and exits.
Wiring a real agent is left as an integration exercise. Conceptually it means
driving a real LangChain ReAct loop over the web_search and calculator tools
with an LLM provider, and replacing BalancedPolicyEngine with the
gateway-backed interceptor so the SDK enforces the policy rules configured in
the gateway automatically. That real loop is intentionally out of scope for this
example gallery, so nothing here promises a live command that the code does not
run.