Build cross-cloud AI agents with security by default.
The AgentWeave SDK (agentweave) is a Python library for building AI agents with cryptographic identity, mutual TLS authentication, and policy-based authorization built-in. The SDK ensures the secure path is the only path—developers cannot accidentally bypass security controls.
- Cryptographic Identity: SPIFFE/SPIRE workload identities with automatic rotation
- Mutual TLS: All agent communication encrypted and authenticated by default
- Policy Enforcement: Open Policy Agent (OPA) authorization on every request
- A2A Protocol: Standards-based agent-to-agent communication
- Framework Agnostic: Works with any agent framework (LangGraph, CrewAI, etc.)
- Cross-Cloud: Deploy agents across AWS, GCP, Azure, on-prem
- Zero Trust: No shared secrets, no API keys, no passwords
pip install agentweavefrom agentweave import SecureAgent, capability
class HelloAgent(SecureAgent):
@capability("greet")
async def greet(self, name: str) -> dict:
return {"message": f"Hello, {name}!"}
if __name__ == "__main__":
agent = HelloAgent.from_config("config.yaml")
agent.run()config.yaml:
agent:
name: "hello-agent"
trust_domain: "example.com"
capabilities:
- name: "greet"
description: "Greet someone"
identity:
provider: "spiffe"
allowed_trust_domains:
- "example.com"
authorization:
provider: "opa"
default_action: "deny"
server:
port: 8443The SDK wires together:
- SPIFFE identity — fetched from your local SPIRE agent (or via static mTLS certs for development)
- OPA authorization — policy checked before every capability is executed
- A2A server — FastAPI-based JSON-RPC 2.0 endpoint with Agent Card discovery
- mTLS transport — all outbound calls use your SVID certificate
┌─────────────────────────────────────────────────────────────────┐
│ AgentWeave SDK │
├─────────────────────────────────────────────────────────────────┤
│ │
│ Your Agent Code │
│ └── @capability decorators │
│ │
│ ┌───────────────────────────────────────────────────────────┐ │
│ │ Identity Layer (SPIFFE) │ │
│ │ • Cryptographic workload identity │ │
│ │ • Automatic certificate rotation │ │
│ └───────────────────────────────────────────────────────────┘ │
│ │
│ ┌───────────────────────────────────────────────────────────┐ │
│ │ Authorization Layer (OPA) │ │
│ │ • Policy-based access control │ │
│ │ • Default deny, explicit allow │ │
│ └───────────────────────────────────────────────────────────┘ │
│ │
│ ┌───────────────────────────────────────────────────────────┐ │
│ │ Communication Layer (A2A) │ │
│ │ • Agent-to-agent protocol │ │
│ │ • Capability discovery │ │
│ │ • Task-based communication │ │
│ └───────────────────────────────────────────────────────────┘ │
│ │
│ ┌───────────────────────────────────────────────────────────┐ │
│ │ Transport Layer (mTLS) │ │
│ │ • TLS 1.3 enforced │ │
│ │ • Mutual authentication │ │
│ │ • Connection pooling, circuit breakers │ │
│ └───────────────────────────────────────────────────────────┘ │
│ │
└─────────────────────────────────────────────────────────────────┘
│
┌─────────┴─────────┐
│ SPIRE Agent │ (identity)
│ OPA │ (policy)
└───────────────────┘
Every agent has a cryptographic identity (SPIFFE ID):
spiffe://agentweave.io/agent/data-processor/prod
└── trust domain └── workload path
SPIRE automatically:
- Issues X.509 certificates (SVIDs) to workloads
- Rotates certificates before expiry
- Federates trust across organizations
All requests are authorized by policy before execution:
package agentweave.authz
default allow = false
# Allow orchestrator to call processor
allow {
input.caller_spiffe_id == "spiffe://agentweave.io/agent/orchestrator/prod"
input.callee_spiffe_id == "spiffe://agentweave.io/agent/processor/prod"
input.action == "process"
}Agents communicate using the A2A protocol:
# Orchestrator calls processor
result = await self.call_agent(
target="spiffe://agentweave.io/agent/processor/prod",
task_type="process",
payload={"data": records}
)Behind the scenes:
- SDK checks OPA policy (can orchestrator call processor?)
- Establishes mTLS using SPIFFE identities
- Sends A2A task over encrypted channel
- Processor validates caller identity
- Processor checks OPA policy (allow this caller?)
- Executes business logic, returns result
- All steps audited and logged
See examples/simple_agent/ for a minimal echo agent.
See examples/multi_agent/ for an orchestrator + worker pattern with:
- Agent-to-agent communication
- Load distribution
- Error handling
- Health checks
Run it:
cd examples/multi_agent
docker-compose upSee examples/federated/ for cross-organization agent communication.
- Quick Start Guide - Get your first agent running
- Configuration Reference - All config options
- Security Guide - SPIFFE/SPIRE setup, hardening
- A2A Protocol - Agent communication deep dive
Deploy agents across AWS, GCP, Azure with automatic secure communication:
# AWS Agent
agent:
name: "aws-processor"
trust_domain: "agentweave.io"
# GCP Agent
agent:
name: "gcp-analytics"
trust_domain: "agentweave.io"SPIRE federation enables cross-cloud identity trust. Tailscale (optional) provides network connectivity.
Build orchestrator agents that coordinate specialist agents:
Orchestrator
├── Search Agent (queries databases)
├── Analytics Agent (runs ML models)
└── Reporting Agent (generates reports)
Each agent:
- Has unique SPIFFE identity
- Enforces OPA policies
- Communicates via A2A
- Independently deployable
Integrate with agents from other frameworks:
# Call another AgentWeave agent (SPIFFE mTLS enforced)
result = await self.call_agent(
target="spiffe://partner.example.com/agent/summarizer",
task_type="summarize",
payload={"text": document},
)AgentWeave agents communicate via mTLS with SPIFFE identity. For non-AgentWeave agents, use the A2AClient directly with appropriate transport configuration.
| Guarantee | Mechanism |
|---|---|
| Every agent has cryptographic identity | SPIFFE SVID |
| No agent can start without identity | SDK refuses to start |
| All traffic encrypted | TLS 1.3 mandatory |
| Mutual authentication | mTLS with peer verification |
| No request without authorization | OPA check before handler |
| Credentials auto-rotate | SPIRE handles rotation |
| No hardcoded secrets | Runtime identity issuance |
| Full audit trail | Every decision logged |
Design Principle: "Can't mess it up unless the config is wrong."
Security is enforced by the SDK, not by developer discipline.
# Install SPIRE
helm install spire spiffe/spire --namespace spire-system
# Register agent
spire-server entry create \
-spiffeID spiffe://agentweave.io/agent/processor/prod \
-parentID spiffe://agentweave.io/k8s-node \
-selector k8s:ns:agentweave \
-selector k8s:sa:processor
# Deploy agent
kubectl apply -f agent-deployment.yamlSee docs/security.md for complete Kubernetes setup.
cd examples/multi_agent
docker-compose upIncludes:
- SPIRE Server + Agent
- OPA
- Orchestrator agent
- 3x Worker agents
- OpenTelemetry Collector
- Python 3.11+
- SPIRE Server + Agent (for SPIFFE identity in production; optional for dev with static mTLS)
- OPA (for authorization; optional for dev with
allow-allprovider) - Docker (for local development and integration tests)
- Kubernetes (for production deployment)
git clone https://github.com/aj-geddes/agentweave
cd agentweave
python -m venv .venv && source .venv/bin/activate
pip install -e ".[dev]"pytest# Start infrastructure
docker-compose up -d
# Run simple agent
cd examples/simple_agent
python main.py# Validate configuration
agentweave validate config.yaml
# Generate Agent Card
agentweave card generate config.yaml
# Test connectivity
agentweave ping spiffe://agentweave.io/agent/target
# Check authorization
agentweave authz check \
--caller spiffe://agentweave.io/agent/a \
--callee spiffe://agentweave.io/agent/b \
--action processPrometheus metrics at :9090/metrics:
agentweave_requests_total{action="process",status="success"}
agentweave_request_duration_seconds{action="process"}
agentweave_authz_denied_total{reason="policy"}
agentweave_svid_rotation_total
OpenTelemetry traces with automatic context propagation:
# Traces include:
# - Agent-to-agent calls
# - SPIRE identity fetches
# - OPA policy evaluations
# - Business logic executionStructured JSON logs:
{
"timestamp": "2025-12-06T10:30:00Z",
"level": "INFO",
"message": "Request completed",
"caller_spiffe_id": "spiffe://agentweave.io/agent/orchestrator",
"action": "process",
"duration_ms": 45,
"trace_id": "a1b2c3d4..."
}- SPIFFE identity integration
- OPA authorization with decision caching and circuit breaker
- A2A protocol server and client (JSON-RPC 2.0 + SSE)
- mTLS transport (TLS 1.3 by default)
- Static mTLS provider for development
- CLI tools (validate, card, authz check, health)
- Testing utilities (mocks, fixtures, OPA policy simulator)
- Helm chart and production Kubernetes manifests
- Full OpenTelemetry observability integration
- OPA policy library (common agent patterns)
- SVID watcher using SPIFFE streaming API (replace polling)
- Load testing benchmarks
- Security audit
- LangGraph integration example
- CrewAI integration example
- Google ADK compatibility layer
- SPIRE federation cookbook
We welcome contributions! Please see CONTRIBUTING.md.
Apache 2.0 - See LICENSE
- Documentation: docs/
- Examples: examples/
- Issues: GitHub Issues
- Discussions: GitHub Discussions
Built on top of excellent open source projects:
- SPIFFE/SPIRE - Identity framework
- Open Policy Agent - Policy engine
- A2A Protocol - Agent communication standard
- py-spiffe - Python SPIFFE library
If you use AgentWeave SDK in research, please cite:
@software{agentweave,
title = {AgentWeave SDK},
author = {AgentWeave Team},
year = {2026},
url = {https://github.com/aj-geddes/agentweave}
}AgentWeave SDK - Building secure AI agent systems, one capability at a time.