Skip to content

avp-protocol/avp-agent

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
docs
docs
 
 
examples
examples
 
 
src/avp_agent
src/avp_agent
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
pyproject.toml
pyproject.toml
 
 

Repository files navigation

AVP Agent

AI Agent with Secure Credential Management using the Agent Vault Protocol

AVP Agent is a Python framework for building AI agents with built-in secure credential management. It implements the Agent Vault Protocol (AVP) specification, providing:

  • Secure credential storage across multiple backends (file, keychain, hardware, remote)
  • Skill-based architecture for extensibility
  • Framework integrations for LangChain, CrewAI, and MCP
  • Hardware security key support (NexusClaw, TROPIC01)
  • Audit logging for compliance (SOC 2, HIPAA, PCI DSS)

Installation

pip install avp-agent

# With LangChain integration
pip install avp-agent[langchain]

# With CrewAI integration
pip install avp-agent[crewai]

# With hardware support
pip install avp-agent[hardware]

# All integrations
pip install avp-agent[all]

Quick Start

import asyncio
from avp_agent import AVPAgent

async def main():
    # Create agent with secure keychain backend
    async with AVPAgent(backend="keychain") as agent:
        # Store API key securely
        await agent.skills.credentials.store(
            "anthropic_api_key",
            "sk-ant-your-key-here",
        )

        # Retrieve when needed
        api_key = await agent.skills.credentials.retrieve("anthropic_api_key")

        # Use in your application
        print(f"Using API key: {api_key[:10]}...")

asyncio.run(main())

Core Skills

Credentials

Store, retrieve, delete, and list secrets.

# Store with labels
await agent.skills.credentials.store(
    "api_key", "value",
    labels={"provider": "anthropic", "env": "prod"},
)

# Retrieve
value = await agent.skills.credentials.retrieve("api_key")

# List with filters
secrets = await agent.skills.credentials.list(labels={"env": "prod"})

# Delete
await agent.skills.credentials.delete("api_key")

Rotation

Credential rotation with policies and version tracking.

# Rotate credential
await agent.skills.rotation.rotate("api_key", new_value="new-value")

# Set rotation policy
await agent.skills.rotation.set_policy(
    "api_key",
    interval_days=90,
    auto_rotate=True,
)

# Check what needs rotation
due = await agent.skills.rotation.get_due_for_rotation()

Migration

Transfer secrets between backends.

# Plan migration
plan = await agent.skills.migration.plan("file", "keychain")

# Execute with verification
results = await agent.skills.migration.execute(
    "file", "keychain",
    verify=True,
    delete_source=False,
)

Audit

Access audit logs and compliance reporting.

# Get statistics
stats = await agent.skills.audit.get_statistics(days=30)

# Generate compliance report
report = await agent.skills.audit.compliance_report(
    standards=["SOC2", "HIPAA"],
)

Hardware

Hardware security operations (requires hardware backend).

# Verify device
is_genuine = await agent.skills.hardware.verify_device()

# Sign data
signature = await agent.skills.hardware.sign(
    "signing_key",
    data=b"message",
    algorithm="ed25519",
)

# Get attestation
proof = await agent.skills.hardware.attest("api_key")

Framework Integrations

LangChain

from avp_agent.integrations.langchain import load_secrets

# Replace load_dotenv() with load_secrets()
load_secrets("avp.toml")

# Now use LangChain normally
from langchain_anthropic import ChatAnthropic
chat = ChatAnthropic()  # Uses ANTHROPIC_API_KEY from vault

CrewAI

from avp_agent.integrations.crewai import AVPCredentialStore

credentials = AVPCredentialStore("avp.toml", workspace="researcher")

researcher = Agent(
    role="Researcher",
    llm_config={"api_key": credentials.get("openai_api_key")},
)

MCP (Model Context Protocol)

from avp_agent.integrations.mcp import MCPIntegration

mcp = MCPIntegration(agent)
tools = mcp.get_tool_definitions()  # 7 AVP tools for AI assistants

CLI

# Store a secret
avp-agent store api_key "sk-..."

# Retrieve (outputs value only for piping)
avp-agent get api_key

# List secrets
avp-agent list

# Rotate
avp-agent rotate api_key "new-value"

# Migrate backends
avp-agent migrate file keychain --verify

# Audit statistics
avp-agent audit --days 30

# List skills
avp-agent skills

Configuration

Create avp.toml:

[avp]
version = "0.1.0"

[backend]
type = "keychain"  # file, keychain, hardware, remote
fallback = ["file"]

[session]
default_ttl = 3600
max_ttl = 86400

[audit]
enabled = true
log_path = "~/.avp/audit.log"

[skills]
enabled = ["credentials", "rotation", "migration", "audit"]
auto_rotate = false
rotation_interval_days = 90

Security Backends

Backend Security Level Use Case
file Basic Development, backward compatibility
keychain Good Production (blocks 90% of attacks)
hardware Maximum High-security, compliance
remote Team Centralized management

Compliance

AVP Agent supports:

  • SOC 2 Type II - Access controls, encryption, monitoring
  • HIPAA - PHI protection, audit trails
  • PCI DSS 4.0 - Cardholder data protection
  • GDPR - Data protection by design
  • FIPS 140-3 - Hardware backend (Level 3)

Examples

See the examples/ directory:

  • basic_usage.py - Core operations
  • langchain_example.py - LangChain integration
  • crewai_example.py - CrewAI multi-agent
  • hardware_example.py - Hardware security keys

License

Apache 2.0 - See LICENSE for details.

Links

About

AI Agent with secure credential management using AVP

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages