Skip to main content
Drako’s runtime enforcement wraps your existing agent framework in a compliance middleware layer. Every tool call passes through a 13-stage enforcement pipeline — policy evaluation, DLP scanning, intent fingerprinting, HITL checkpoints, and audit logging — before executing.

How govern() works

The top-level govern() function auto-detects your framework and returns the appropriate middleware: 
from drako import govern

# Works with CrewAI, LangGraph, AutoGen, and more
agent = govern(agent)
Framework-specific wrapper functions are also available for explicit control over middleware options.

CrewAI

1

Install

pip install drako[crewai]
2

Wrap your crew

from drako import govern

crew = govern(crew)
result = crew.kickoff()
The CrewAIComplianceMiddleware wraps the crew transparently — all attributes and methods are proxied to the underlying crew object. The compliance layer intercepts:
  • Pre-kickoff: verifies the identity of every agent in the crew
  • Pre-tool: evaluates policy before each tool _run() call
  • Post-task: records an audit log entry after each task completes
  • On-error: fires on_error hooks and notifies the trust engine
from drako import with_compliance

# Async kickoff is also supported
crew = with_compliance(crew)
result = await crew.akickoff()

CrewAI-specific rules

RuleWhat it detects
FW-001Code execution tools without sandboxing
FW-002Memory isolation gaps between agents
FW-003Unconstrained agent delegation
FW-001 flags CodeInterpreterTool and similar tools that execute arbitrary code. If you use these tools intentionally, add explicit ODD policies in .drako.yaml to document the decision.

LangGraph

1

Install

pip install drako[langgraph]
2

Wrap your compiled graph

from drako import govern

app = govern(graph.compile())
result = app.invoke(input)
The LangGraph integration works as a DrakoCheckpointer — a checkpoint wrapper that intercepts every state transition. It evaluates policy and records audit logs on put and aput calls without requiring changes to your graph definition. You can compose it with an existing checkpointer: 
from drako import with_langgraph_compliance
from langgraph.checkpoint.sqlite import SqliteSaver

memory = SqliteSaver.from_conn_string(":memory:")
app = with_langgraph_compliance(graph.compile(), inner_checkpointer=memory)
Streaming is fully supported: 
for chunk in app.stream(input):
    print(chunk)

LangGraph-specific rules

RuleWhat it detects
FW-004ToolNode with no tool call restrictions
FW-005Graph compiled without a checkpointer (no state persistence)

AutoGen

1

Install

pip install drako[autogen]
2

Wrap your group chat

from drako import govern

chat = govern(group_chat)
chat.run()
The AutoGen integration adds a DrakoObserver as a silent participant in the GroupChat. The observer:
  • Registers with all existing agents in the chat
  • Intercepts every message exchange without generating replies
  • Records each message in the audit trail
  • Evaluates policies on each exchange
from drako import with_autogen_compliance

# Async message handling is also supported
chat = with_autogen_compliance(group_chat)

AutoGen-specific rules

RuleWhat it detects
FW-006Use of LocalCommandLineCodeExecutor without restrictions
FW-007No output validation on code execution results

Other Python frameworks

The following frameworks are detected by import pattern. Drako applies general governance rules (SEC, GOV, DET, ODD) without framework-specific rules.

PydanticAI

Detected by import. Rule FW-010 flags untyped tool return values.

LlamaIndex

Detected by import. General rules apply.

LangChain

Detected by import. General rules apply.

Semantic Kernel

AST detection. FW-008 flags auto-imported plugins; FW-009 flags missing cost guards.

TypeScript and JavaScript

Drako scans TypeScript and JavaScript agent projects using Tree-sitter. 
pip install drako[typescript]
17 additional rules apply to TS/JS projects covering the SEC, GOV, COM, DET, and ODD categories. Supported frameworks include:
  • LangChain.js
  • Vercel AI SDK
  • Mastra
  • AutoGen.js
drako scan ./my-ts-agent
The TypeScript scanner requires the drako[typescript] extra. The base drako package only scans Python projects.

Supported frameworks summary

FrameworkDetectionFramework-specific rules
CrewAIASTFW-001 → FW-003
LangGraphASTFW-004 → FW-005
AutoGenASTFW-006 → FW-007
Semantic KernelASTFW-008 → FW-009
PydanticAIImportFW-010
LlamaIndexImportGeneral rules
LangChainImportGeneral rules
TypeScript/JavaScriptTree-sitter17 additional rules

Build docs developers (and LLMs) love

Get started for freeTalk to us