a1-ai 2.8.0

A1 — The cryptographic identity and authorization layer that turns anonymous AI agents into accountable, verifiable entities. One Identity. Full Provenance.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241

"""
a1.langgraph_tool — a1 guard for LangGraph agent nodes.

Provides ``a1_node`` — a decorator that wraps a LangGraph node function
with a cryptographic authorization check. The node body only executes if
the full delegation chain carried in the graph state is verified by the
a1 gateway.

Also exports ``A1StateSchema`` — a TypedDict mixin that adds the two
required fields (``signed_chain``, ``executor_pk_hex``) to any LangGraph
state, enabling seamless integration without modifying existing state types.

Requires: ``pip install langgraph langchain-core``

Usage
-----
    from typing import TypedDict
    from langgraph.graph import StateGraph
    from a1.langgraph_tool import a1_node, A1StateSchema
    from a1 import A1Client

    client = A1Client("http://localhost:8080")

    class AgentState(A1StateSchema):
        messages: list
        ticker: str

    @a1_node(intent_name="portfolio.read", client=client)
    async def read_portfolio(state: AgentState) -> AgentState:
        data = await fetch_holdings(state["ticker"])
        return {**state, "messages": state["messages"] + [data]}

    graph = StateGraph(AgentState)
    graph.add_node("read_portfolio", read_portfolio)
"""

from __future__ import annotations

import functools
import inspect
from typing import Any, Callable, Dict, Optional

from .client import A1Client, A1Error

__all__ = [
    "a1_node",
    "A1StateSchema",
]


class A1StateSchema(Dict[str, Any]):
    """
    TypedDict mixin that adds the two fields required by a1 guarded nodes.

    Extend your LangGraph state from this class so every node that uses
    ``@a1_node`` can find ``signed_chain`` and ``executor_pk_hex`` in the
    state dict without any glue code.

    ::

        class AgentState(A1StateSchema):
            messages: list
            ticker: str
    """
    signed_chain: Any
    executor_pk_hex: str


def a1_node(
    *,
    intent_name: str,
    client: A1Client,
    chain_key: str = "signed_chain",
    executor_key: str = "executor_pk_hex",
    propagate_receipt: bool = False,
    receipt_key: str = "a1_receipt",
) -> Callable:
    """
    Decorator that guards a LangGraph node function with an a1
    authorization check.

    The decorated function receives the LangGraph ``state`` dict as its
    sole positional argument. The decorator reads ``chain_key`` and
    ``executor_key`` from the state, calls the gateway, and then invokes
    the original function. If authorization fails, ``A1Error`` is raised,
    which LangGraph surfaces as a node error.

    Parameters
    ----------
    intent_name:
        The capability to enforce, e.g. ``"portfolio.read"``.
    client:
        A ``A1Client`` pointed at the a1 gateway.
    chain_key:
        Key in the state dict that carries the signed delegation chain
        (default: ``"signed_chain"``).
    executor_key:
        Key in the state dict carrying the executor public key hex
        (default: ``"executor_pk_hex"``).
    propagate_receipt:
        When ``True``, the authorization receipt is merged into the
        returned state dict under ``receipt_key``. Useful for building
        an audit trail inside the graph state.
    receipt_key:
        Key under which the receipt is stored when ``propagate_receipt``
        is ``True`` (default: ``"a1_receipt"``).

    Example
    -------
    ::

        @a1_node(intent_name="trade.equity", client=client, propagate_receipt=True)
        async def execute_trade(state: AgentState) -> AgentState:
            await broker.place_order(state["symbol"], state["qty"])
            return state
    """

    def decorator(fn: Callable) -> Callable:
        if inspect.iscoroutinefunction(fn):
            @functools.wraps(fn)
            async def async_wrapper(state: Dict[str, Any]) -> Dict[str, Any]:
                chain = state.get(chain_key)
                executor_pk = state.get(executor_key, "")

                if chain is None:
                    raise A1Error(
                        f"LangGraph state missing '{chain_key}' for intent '{intent_name}'",
                        error_code="MISSING_CHAIN",
                    )

                receipt = await client.authorize_async(
                    chain=chain,
                    intent_name=intent_name,
                    executor_pk_hex=executor_pk,
                )

                result = await fn(state)

                if propagate_receipt and isinstance(result, dict):
                    result = {**result, receipt_key: receipt}

                return result

            return async_wrapper

        @functools.wraps(fn)
        def sync_wrapper(state: Dict[str, Any]) -> Dict[str, Any]:
            chain = state.get(chain_key)
            executor_pk = state.get(executor_key, "")

            if chain is None:
                raise A1Error(
                    f"LangGraph state missing '{chain_key}' for intent '{intent_name}'",
                    error_code="MISSING_CHAIN",
                )

            receipt = client.authorize(
                chain=chain,
                intent_name=intent_name,
                executor_pk_hex=executor_pk,
            )

            result = fn(state)

            if propagate_receipt and isinstance(result, dict):
                result = {**result, receipt_key: receipt}

            return result

        return sync_wrapper

    return decorator


def a1_edge_guard(
    *,
    intent_name: str,
    client: A1Client,
    chain_key: str = "signed_chain",
    executor_key: str = "executor_pk_hex",
    allow_target: str = "authorized",
    deny_target: str = "denied",
) -> Callable[[Dict[str, Any]], str]:
    """
    Build a LangGraph conditional edge function that routes based on
    a1 authorization.

    Use as the condition function in ``graph.add_conditional_edges`` to gate
    transitions on cryptographic chain-of-custody verification.

    Parameters
    ----------
    intent_name:
        The capability to check.
    client:
        A ``A1Client`` pointed at the a1 gateway.
    chain_key:
        Key in the state dict for the signed delegation chain.
    executor_key:
        Key in the state dict for the executor public key hex.
    allow_target:
        Node name to route to when authorization succeeds.
    deny_target:
        Node name to route to when authorization fails.

    Returns
    -------
    Callable
        A function ``(state) -> str`` suitable as a LangGraph edge condition.

    Example
    -------
    ::

        guard = a1_edge_guard(
            intent_name="trade.equity",
            client=client,
        )
        graph.add_conditional_edges("check_auth", guard, {
            "authorized": "execute_trade",
            "denied": "reject",
        })
    """
    def edge_condition(state: Dict[str, Any]) -> str:
        chain = state.get(chain_key)
        executor_pk = state.get(executor_key, "")

        if chain is None:
            return deny_target

        try:
            client.authorize(
                chain=chain,
                intent_name=intent_name,
                executor_pk_hex=executor_pk,
            )
            return allow_target
        except A1Error:
            return deny_target

    return edge_condition