Skip to content

Latest commit

 

History

History

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
 
 
 
 
 
 
 
 
 
 
 
 

README.md

langchain-research-agent

Requirement Version
Agent Assembly Python SDK (agent-assembly) >= 0.0.1rc6

Install:

uv add agent-assembly==0.0.1rc6
# or
pip install agent-assembly==0.0.1rc6

A richer ReAct variant of langchain-basic-agent. It shows how Agent Assembly governs a LangChain research agent that reasons through a question using a web-search tool and a calculator tool — under a single balanced governance policy.

What this example demonstrates

  • Initializing Agent Assembly with init_assembly() in sdk-only mode.
  • A ReAct-style research trajectory over two tools: web_search and calculator.
  • A balanced policy that bundles four controls at once:
    • Network allowlist — outbound egress is only allowed to *.openai.com.
    • Daily budget — tool calls are metered against a $1.00 / day cap.
    • Tool-call logging — every governed call is recorded as an audit event.
    • Credential-leak block — any tool input carrying a secret is denied.
  • A credential-leak demo that uses a SAFE, FAKE key (sk-FAKE...) — never a real secret — to show the leak rule firing.
  • --mock mode: the whole demo runs offline with no API keys, so CI can run it.

Prerequisites

Requirement Version
Python >= 3.12
uv latest
Agent Assembly Python SDK >= 0.0.1rc6

No running Agent Assembly gateway and no API keys are required for the mock demo.

Setup

cd python/langchain-research-agent
uv sync --extra dev

Run

uv run python src/main.py --mock

--mock replays a scripted ReAct trajectory offline. This is the only run mode this example implements — running without --mock (with an OPENAI_API_KEY set) prints a notice that the live LangChain integration is not implemented here and exits without doing anything.

Expected governance output

================================================================
  Agent Assembly — LangChain ReAct Research Agent
================================================================

Initializing Agent Assembly (gateway: http://localhost:8080, sdk-only mode)...
  Agent:    langchain-research-agent
  Gateway:  http://localhost:8080
  Mode:     sdk-only (mock (offline))

Balanced policy (local simulation of gateway policy):
  ALLOWLIST — outbound egress to *.openai.com, openai.com
  BUDGET    — $1.00 / day, metered per tool call
  LOG       — every tool call recorded as an audit event
  BLOCK     — any tool input that leaks a credential

Running ReAct research trajectory:
----------------------------------------------
  → web_search({"query": "speed of light"})
     ✅ ALLOWED  — The speed of light in vacuum is 299792458 metres per second.

  → web_search({"query": "population of France"})
     ✅ ALLOWED  — France has a population of approximately 68000000 people.

  → calculator({"expression": "299792458 / 68000000"})
     ✅ ALLOWED  — 299792458 / 68000000 = 4.40871

  → web_search({"query": "fetch https://evil-exfil.example.com/leak"})
     ❌ BLOCKED  — Tool 'web_search' attempted egress to 'evil-exfil.example.com', which is not on the network allowlist (*.openai.com).

Credential-leak demo (SAFE FAKE key):
----------------------------------------------
  → web_search({"query": "summarize using api_key=sk-FAKE0000DEMO0000NOTAREALKEY0000"})
     ❌ BLOCKED  — Tool 'web_search' input contains a credential and is blocked by policy rule 'block_credential_leak'.

Governance events recorded this run:
----------------------------------------------
  ✅ web_search   allow — allowed (charged $0.02; spent=$0.02 / limit=$1.00 (2%))
  ✅ web_search   allow — allowed (charged $0.02; spent=$0.04 / limit=$1.00 (4%))
  ✅ calculator   allow — allowed (charged $0.00; spent=$0.04 / limit=$1.00 (4%))
  ❌ web_search   deny  — Tool 'web_search' attempted egress to 'evil-exfil.example.com', which is not on the network allowlist (*.openai.com).
  ❌ web_search   deny  — Tool 'web_search' input contains a credential and is blocked by policy rule 'block_credential_leak'.

Final budget: spent=$0.04 / limit=$1.00 (4%)

Assembly context shut down.

How to read the governance events

Event Governance control Outcome
web_search("speed of light") tool-call capture + budget ALLOWED, charged $0.02
web_search("population of France") tool-call capture + budget ALLOWED, charged $0.02
calculator(...) tool-call capture + budget ALLOWED, $0.00 (local compute)
web_search(... evil-exfil.example.com ...) network allowlist BLOCKED — host not on *.openai.com
web_search(... api_key=sk-FAKE... ) credential-leak block BLOCKED — secret detected in input

The final block replays the full audit trail and the running budget total — the governance evidence a real gateway would persist server-side.

Run tests

uv run pytest tests/ -v

A real LangChain integration is not shipped in this example

This example is an offline scripted governance demo — it replays a fixed ReAct trajectory so the governance wiring can be exercised deterministically, with no API keys. It does not drive a real LangChain agent loop, and there is no runnable "live" mode: invoking it without --mock prints a notice to that effect and exits.

Wiring a real agent is left as an integration exercise. Conceptually it means driving a real LangChain ReAct loop over the web_search and calculator tools with an LLM provider, and replacing BalancedPolicyEngine with the gateway-backed interceptor so the SDK enforces the policy rules configured in the gateway automatically. That real loop is intentionally out of scope for this example gallery, so nothing here promises a live command that the code does not run.

Links