Integrate AGT with LangChain, CrewAI, AutoGen, and More

AGT works with any agent framework through two integration paths: the universal govern() wrapper — which adds policy enforcement in two lines with zero framework knowledge — or framework-specific kernel adapters that unlock deeper hooks like tool call interception, memory write logging, and sub-agent delegation tracking. Every adapter intercepts calls before they reach the model, making denied actions structurally impossible rather than merely discouraged.

Integration Paths at a Glance

Integration Type	How It Works	Best For
`govern()` wrapper	Wraps any callable; evaluates YAML policy on every call	Any framework, minimal setup
Kernel adapter (e.g. `LangChainKernel`)	Framework-aware proxy with pre/post hooks	LangChain, CrewAI, AutoGen, OpenAI, Gemini
Middleware (MAF pattern)	Composable async middleware chain	Microsoft Agent Framework
Plugin	Installed into the framework’s plugin system	Dify, Claude Code, GitHub Copilot CLI

All adapters inherit from BaseIntegration in agent_os/integrations/base.py and expose the same three lifecycle hooks:

Hook	When It Fires	What It Does
`pre_execute()`	Before the LLM call	Enforces token limits, timeout, blocked patterns
Tool interception	On each tool/function call	Validates against `allowed_tools` / `blocked_patterns`
`post_execute()`	After the LLM response	Drift detection, output scanning, audit entry

Violations raise PolicyViolationError.

The Two Integration Patterns

Pattern 1: Universal `govern()` Wrapper

The govern() wrapper works with any framework. It evaluates a YAML policy on every call and raises GovernanceDenied if the action is blocked.

from agentmesh.governance import govern

safe_tool = govern(my_tool, policy="policy.yaml")  # every call checked, logged, enforced

Combined with a policy file:

# policy.yaml
apiVersion: governance.toolkit/v1
name: production-policy
default_action: allow
rules:
  - name: block-destructive
    condition: "action.type in ['drop', 'delete', 'truncate']"
    action: deny
    description: "Destructive operations require human approval"

  - name: require-approval-for-send
    condition: "action.type == 'send_email'"
    action: require_approval
    approvers: ["security-team"]

>>> safe_tool(action="read", table="users")
{'table': 'users', 'rows': 42}

>>> safe_tool(action="drop", table="users")
GovernanceDenied: Action denied by policy rule 'block-destructive':
  Destructive operations require human approval

Pattern 2: Framework-Specific Kernel Adapters

Kernel adapters provide deeper integration. The pattern is always: create a policy → create a kernel → wrap the framework object → use the governed object as normal.

┌─────────────┐     ┌──────────────┐     ┌───────────────┐
│  Your Code   │ ──► │  Kernel      │ ──► │  Framework    │
│              │ ◄── │  (governance │ ◄── │  (OpenAI,     │
│              │     │   layer)     │     │   LangChain…) │
└─────────────┘     └──────────────┘     └───────────────┘
                     pre_execute()
                     tool interception
                     post_execute()
                     drift detection
                     audit log

Framework Examples

OpenAI Agents SDK
LangChain
CrewAI
AutoGen
Microsoft Agent Framework

Install the framework package alongside the kernel:

pip install agent-os-kernel openai

from openai import OpenAI
from agent_os.integrations import OpenAIKernel, GovernancePolicy

client = OpenAI()
assistant = client.beta.assistants.create(
    name="analyst",
    model="gpt-4o",
    tools=[{"type": "code_interpreter"}],
)

# 1. Define policy
policy = GovernancePolicy(
    max_tokens=4096,
    max_tool_calls=5,
    allowed_tools=["code_interpreter"],
    blocked_patterns=["rm -rf", "DROP TABLE"],
    log_all_calls=True,
)

# 2. Create kernel
kernel = OpenAIKernel(policy=policy)

# 3. Wrap — returns a GovernedAssistant
governed = kernel.wrap(assistant, client)

# 4. Use exactly like before
thread = client.beta.threads.create()
client.beta.threads.messages.create(thread.id, role="user", content="Summarize Q3 revenue")
run = governed.run(thread.id)

Inspect execution state at any time:

ctx = governed.get_context()
print(ctx.call_count)    # number of LLM round-trips
print(ctx.total_tokens)  # cumulative token usage
print(ctx.tool_calls)    # list of intercepted tool calls

pip install agent-os-kernel langchain-core langchain-openai

LangChainKernel wraps chains, agents, and runnables. It intercepts invoke(), ainvoke(), stream(), and batch(), and provides deep hooks into the tool registry, memory writes, and sub-agent delegation.

from langchain_openai import ChatOpenAI
from langchain_core.prompts import ChatPromptTemplate
from langchain_core.output_parsers import StrOutputParser
from agent_os.integrations import LangChainKernel, GovernancePolicy

llm = ChatOpenAI(model="gpt-4o")
chain = ChatPromptTemplate.from_template("Explain {topic}") | llm | StrOutputParser()

policy = GovernancePolicy(
    max_tokens=2048,
    timeout_seconds=30,
    blocked_patterns=[
        ("\\b\\d{3}-\\d{2}-\\d{4}\\b", "regex"),   # block SSN patterns
        ("password", "substring"),
    ],
    log_all_calls=True,
)

kernel = LangChainKernel(policy=policy)
governed_chain = kernel.wrap(chain)

# invoke() is now governed
result = governed_chain.invoke({"topic": "zero-trust architecture"})

# Async and streaming work the same way
result = await governed_chain.ainvoke({"topic": "mTLS"})

Deep hooks available in the LangChain kernel:

Hook	What It Catches
Tool registry	Every tool invocation validated against `allowed_tools`
Memory writes	Detects and logs writes to conversation memory
Sub-agent spawning	Tracks when an agent delegates to another agent
PII detection	Built-in patterns catch SSNs, emails, secrets in output

Wrap an agent with tools:

from langchain_core.tools import tool

@tool
def query_database(sql: str) -> str:
    """Run a read-only SQL query."""
    ...

policy = GovernancePolicy(
    allowed_tools=["query_database"],
    blocked_patterns=[
        ("DROP", "substring"),
        ("DELETE", "substring"),
    ],
    max_tool_calls=10,
)

kernel = LangChainKernel(policy=policy)
governed_agent = kernel.wrap(agent_executor)
governed_agent.invoke({"input": "How many users signed up last week?"})

pip install agent-os-kernel crewai

CrewAIKernel wraps an entire crew, governing both kickoff() and kickoff_async(). It intercepts individual agent execution and tool calls within the crew.

from crewai import Agent, Task, Crew
from agent_os.integrations import CrewAIKernel, GovernancePolicy

researcher = Agent(
    role="Researcher",
    goal="Find accurate information",
    tools=[search_tool, scrape_tool],
)
writer = Agent(role="Writer", goal="Write clear reports")

task = Task(
    description="Research and summarize recent AI governance frameworks",
    agent=researcher,
    expected_output="A 500-word summary",
)

crew = Crew(agents=[researcher, writer], tasks=[task])

policy = GovernancePolicy(
    allowed_tools=["search_tool", "scrape_tool"],
    max_tool_calls=20,
    timeout_seconds=600,
    drift_threshold=0.15,
    log_all_calls=True,
)

kernel = CrewAIKernel(policy=policy)
governed_crew = kernel.wrap(crew)

result = governed_crew.kickoff()
# Async: result = await governed_crew.kickoff_async()

pip install agent-os-kernel pyautogen

AutoGen has multiple agents chatting with each other. AutoGenKernel uses govern() to patch multiple agents at once.

from autogen import AssistantAgent, UserProxyAgent
from agent_os.integrations import AutoGenKernel, GovernancePolicy

assistant = AssistantAgent("assistant", llm_config={"model": "gpt-4o"})
user_proxy = UserProxyAgent("user_proxy", code_execution_config={"use_docker": True})

policy = GovernancePolicy(
    blocked_patterns=[
        ("password", "substring"),
        ("\\b\\d{3}-\\d{2}-\\d{4}\\b", "regex"),  # SSN
    ],
    max_tool_calls=10,
    timeout_seconds=300,
    log_all_calls=True,
)

kernel = AutoGenKernel(
    policy=policy,
    deep_hooks_enabled=True,
    on_error=lambda exc, agent_id: print(f"[{agent_id}] Error: {exc}"),
)

# govern() patches agents in-place and returns them
kernel.govern(assistant, user_proxy)

# Initiate chat — all messages pass through governance
user_proxy.initiate_chat(assistant, message="Analyze this dataset")

# Remove governance when done
kernel.unwrap(assistant)
kernel.unwrap(user_proxy)

MAF uses composable async middleware instead of a kernel wrapper. Use the factory to assemble the middleware stack in one call:

from agent_os.integrations import (
    maf_create_governance_middleware,
)

middlewares = maf_create_governance_middleware(
    policy_directory="./policies",
    allowed_tools=["search", "calculator"],
    denied_tools=["shell_exec", "file_write"],
    agent_id="my-agent",
    enable_rogue_detection=True,
    audit_log=my_audit_log,
)

# Register with your MAF agent
for mw in middlewares:
    agent.add_middleware(mw)

The factory assembles middleware in order:

AuditTrailMiddleware — tamper-proof pre/post execution logging
GovernancePolicyMiddleware — declarative policy evaluation
CapabilityGuardMiddleware — tool allow/deny enforcement
RogueDetectionMiddleware — anomaly-based rogue agent detection

Full Framework Support Table

Framework	Integration Type
Microsoft Agent Framework	Native Middleware
Semantic Kernel	Native (.NET + Python)
AutoGen	Adapter
LangGraph / LangChain	Adapter
CrewAI	Adapter
OpenAI Agents SDK	Middleware
Claude Code	Governance plugin package
Google ADK	Adapter
LlamaIndex	Middleware
Haystack	Pipeline
Mastra	Adapter
Dify	Plugin
Azure AI Foundry	Deployment Guide
GitHub Copilot CLI	Governance installer

All 22+ adapters live in agent-governance-python/agent-os/src/agent_os/integrations/. When your framework isn’t listed, extend BaseIntegration — the custom adapter section in Tutorial 03 walks through the minimal implementation.

Common GovernancePolicy Patterns

readonly_policy = GovernancePolicy(
    name="read-only",
    max_tokens=4096,
    max_tool_calls=10,
    allowed_tools=["search", "retrieve", "summarize"],
    blocked_patterns=[
        ("DELETE", "substring"),
        ("DROP", "substring"),
        ("INSERT", "substring"),
        ("UPDATE", "substring"),
        ("rm ", "substring"),
        ("write_file", "substring"),
    ],
    require_human_approval=False,
    log_all_calls=True,
)

Policies serialize to YAML for version-controlled policy-as-code:

# Save
production_policy.to_yaml("policies/production.yaml")

# Load
policy = GovernancePolicy.from_yaml("policies/production.yaml")

# Diff two policies
changes = production_policy.diff(dev_policy)
for field, (prod_val, dev_val) in changes.items():
    print(f"  {field}: {prod_val} → {dev_val}")

Multi-Framework Unified Governance

A real-world pattern: one policy across multiple frameworks with a centralized violation handler.

from agent_os.integrations import (
    GovernancePolicy,
    OpenAIKernel,
    LangChainKernel,
    AnthropicKernel,
    GovernanceEventType,
)

# One policy for the whole system
policy = GovernancePolicy.from_yaml("policies/production.yaml")

# Centralized violation handler
def on_violation(data):
    send_to_siem(data)
    page_on_call(data["agent_id"], data["reason"])

# OpenAI assistant
oai_kernel = OpenAIKernel(policy=policy)
oai_kernel.on(GovernanceEventType.POLICY_VIOLATION, on_violation)
governed_assistant = oai_kernel.wrap(assistant, client)

# LangChain RAG chain
lc_kernel = LangChainKernel(policy=policy)
lc_kernel.on(GovernanceEventType.POLICY_VIOLATION, on_violation)
governed_chain = lc_kernel.wrap(rag_chain)

# Anthropic summarizer
anth_kernel = AnthropicKernel(policy=policy)
anth_kernel.on(GovernanceEventType.POLICY_VIOLATION, on_violation)
governed_claude = anth_kernel.wrap(anthropic_client)

Every call across all three frameworks is governed by the same policy, violations route to the same handler, and the audit trail is unified.

Get Started

Core Concepts

Guides

Compliance

Reference

Integrate AGT with LangChain, CrewAI, AutoGen, and More

Integration Paths at a Glance

The Two Integration Patterns

Pattern 1: Universal `govern()` Wrapper

Pattern 2: Framework-Specific Kernel Adapters

Framework Examples

Full Framework Support Table

Common GovernancePolicy Patterns

Multi-Framework Unified Governance

Build docs developers (and LLMs) love

Get Started

Core Concepts

Guides

Compliance

Reference

Documentation Index

​Integration Paths at a Glance

​The Two Integration Patterns

​Pattern 1: Universal govern() Wrapper

​Pattern 2: Framework-Specific Kernel Adapters

​Framework Examples

​Full Framework Support Table

​Common GovernancePolicy Patterns

​Multi-Framework Unified Governance

Build docs developers (and LLMs) love

Integration Paths at a Glance

The Two Integration Patterns

Pattern 1: Universal `govern()` Wrapper

Pattern 2: Framework-Specific Kernel Adapters

Framework Examples

Full Framework Support Table

Common GovernancePolicy Patterns

Multi-Framework Unified Governance