Agent Assembly: An Open-Source Framework for Adding Policy Governance and Audit Capabilities to AI Agents

Core Points: Agent Assembly is a multi-layered AI Agent governance platform supporting Python, Node.js, and Go. It provides three deployment methods—SDK wrapper, Sidecar proxy, and eBPF probe—enabling tool call interception, policy enforcement, approval control, and audit tracking without modifying existing Agent code.

Problem Solved: When adding governance capabilities to AI Agents, there’s no need for deep code modifications, avoiding bugs and extra workload.

As AI Agents become prevalent in various applications, a key issue stands out: how to add policy governance, approval control, and audit tracking capabilities to them without rewriting existing Agent code? Traditional methods usually require deep modifications to Agent implementations, which are not only labor-intensive but also prone to introducing new bugs.

Agent Assembly is an open-source project designed to solve this problem. It is a multi-layered AI Agent governance platform that implements policy enforcement and runtime control by intercepting and inspecting Agent tool calls—without modifying the Agent’s own code.

Agent Assembly’s design philosophy emphasizes flexibility and pluggability, offering three independent deployment layers:

1. SDK Wrapper Layer: The most lightweight integration method, providing SDK wrappers for Python, Node.js, and Go. Simply wrap existing tool call code to gain policy checking and audit capabilities—ideal for quick trials.
2. Sidecar MitM Proxy Layer: No code modification required; acts as a man-in-the-middle to intercept communication between Agents and external tools. Suitable for platform engineers to deploy governance infrastructure uniformly.
3. Kernel-Level eBPF Probe Layer: Uses Linux kernel eBPF technology to intercept and inspect at the system call level, with minimal performance overhead. Suitable for latency-sensitive production environments (requires kernel privileges).

Central Gateway: All requests converge here, responsible for maintaining the Agent registry, evaluating policies, tracking budgets, and exposing observability and control capabilities via gRPC and HTTP APIs—enabling centralized policy definition and execution.

Agent Assembly provides four core governance capabilities:

1. Policy Enforcement: Administrators can define rules for allowing/denying tool calls (e.g., prohibiting access to production databases during specific time periods). The gateway evaluates these rules in real time with extremely low latency.
2. Approval Control: High-risk operations require manual approval; calls are suspended until approval is obtained, providing an extra security layer for critical operations.
3. Audit Tracking: Records all governed tool calls (time, parameters, policy results, approval status, etc.) for post-event analysis, compliance reporting, and troubleshooting.
4. Budget Control: Sets cost limits for each session or Agent. When cumulative costs exceed the threshold, new tool calls are automatically blocked—effectively controlling API costs.

The project provides rich examples to help users quickly understand its functions:

Framework Integration Examples: Python+LangChain, Node.js/TypeScript+LangChain, Go native integration solutions.

Scenario-Based Examples:

• Audit Tracking Example: Generates audit records for allowed, denied, and pending approval states;
• Budget Limit Example: Configures budget guardrails, blocks new calls when session costs reach the limit (includes simulated cost logic for offline operation);
• Sidecar Runtime Example: Uses Docker Compose to launch a complete gateway environment, demonstrating production-level deployment;
• Policy Enforcement and Approval Gating Example: Shows allow/deny policies and manual approval processes.

Environment Requirements:

• Python Examples: Python 3.12+, uv recommended for dependency management;
• Node.js Examples: Node.js 20 LTS+, uses pnpm;
• Go Examples: Go 1.22+;
• Sidecar and eBPF Layers: Require corresponding container or kernel environments.

Security Configuration:

• Only provides .env.example templates (no real keys);
• .env files are added to .gitignore to prevent sensitive information from being committed;
• Clearly marks SDK and gateway version requirements.

Observability Design: The central gateway exposes gRPC and HTTP APIs for easy integration with existing observability stacks; audit logs use structured formats, supporting import into ELK, Grafana, and other platforms.

Agent Assembly is particularly suitable for the following scenarios:

1. Enterprise AI Application Deployment: When accessing sensitive data or performing critical business operations, the non-intrusive solution meets compliance requirements;
2. Multi-Tenant AI Platform: Isolates resources for different tenants, controls costs, and enforces differentiated policies;
3. Progressive Governance from Development to Production: Starts with SDK layer trials, then gradually migrates to Sidecar or eBPF layers to strengthen governance;
4. Cost-Sensitive Scenarios: Uses budget control to prevent uncontrolled Agent usage from causing API cost surges (especially applicable to paid LLM APIs).

Agent Assembly represents a new approach to AI Agent governance: treating governance as an infrastructure layer, with flexible access via multiple deployment methods—instead of requiring developers to rewrite Agents to adapt to governance requirements. This design is similar to the role of Service Mesh in microservices governance and is expected to become a standard component in the AI Agent ecosystem.

For teams building or operating AI Agent applications, Agent Assembly is a solution worth evaluating. It not only addresses current governance needs but also reserves space for future expansion through its layered architecture.