AGR · Developer SDK

Govern every agent action before it executes

AGR wraps your AI agents with a Cedar policy engine that evaluates every action in under 2ms. Sensitive operations suspend via Temporal-backed approval workflows — zero compute consumed while waiting.

Get AGR free → See how it works
AGENT EXECUTION TRACE
🔍
Evaluating action
agr.evaluate("send_email", resource="user/42")
evaluating
Cedar policy check
1.3ms · rule match: permit external comm
running
⏸️
Approval requested
action="deploy.production" → suspended
pending
Approved by reviewer
Workflow resumed · audit entry written
approved
pip install agr-sdk
npm install @agr/sdk
Free: 10,000 evals/month
p95: <2ms
< 2ms
Cedar evaluation p95
0
Compute while approval waits
100%
Actions in audit trail
3
SDK methods
How it works

The governance flow

🤖
Agent action
Any tool call or side effect
🛡️
AGR SDK
agr.evaluate()
Cedar engine
<2ms · deterministic
⚖️
Decision
ALLOW / DENY / APPROVAL
📋
Audit trail
Hash-chained log entry
ALLOW Action proceeds immediately. Logged to audit trail.
DENY Action blocked. Exception raised. Logged with reason.
APPROVAL_REQUIRED Workflow suspends via Temporal. Zero compute consumed. Resumes on approval or denial.
forbid-rules.cedar — Deny sensitive ops
// Block production deploys by default forbid ( principal, action == Action::"deploy.production", resource ) unless { principal.role == "admin" }; // Block PII access for untrusted agents forbid ( principal, action == Action::"read.pii", resource ) unless { principal.trust_level >= 3 };
permit-rules.cedar — Allow safe ops
// Allow read-only ops for all agents permit ( principal, action == Action::"read.data", resource ) when { resource.sensitivity == "low" }; // Require approval for external comms permit ( principal, action == Action::"send.external", resource ) approval_required;
Live Demo

See AGR govern a real AI agent

No signup. No setup. Hit real Cedar policies, trigger approval workflows, and watch the audit chain build — live.

▶ Try Live Demo — no signup needed View Live Dashboard →

Pick a scenario · click Run · see the governance decision in <2ms

Capabilities

Four primitives. Full governance lifecycle.

Cedar policy engine

Formally verified, deterministic policy evaluation. Every action is either ALLOW, DENY, or APPROVAL_REQUIRED — never ambiguous, never reliant on a language model guess.

  • Sub-2ms p95 evaluation latency
  • Human-readable Cedar policy syntax
  • Version-controlled policy files
  • Full attribute-based access control
⏸️

Durable approval workflows

When an action requires human sign-off, the agent suspends via Temporal. Notifications go out over email and Slack. Zero compute is consumed while waiting — for minutes or for days.

  • Temporal-backed durable execution
  • Email and Slack notification channels
  • One-click approve or deny (no login)
  • Automatic timeout and escalation
🔒

Hash-chained audit trail

Every evaluation is written to an append-only, hash-chained log. Each entry references the previous one — making retroactive tampering detectable. Built for SOC 2 and internal audit requirements.

  • Append-only, tamper-evident log
  • SHA-256 hash chaining per entry
  • SOC 2 Type II ready structure
  • Exportable JSON audit records
🔌

Framework plugins

Integrate with existing agent frameworks without rewriting your stack. Use the @agr_governed decorator for Python functions, AGRToolWrapper for LangChain tools, or the REST API for any runtime.

  • @agr_governed Python decorator
  • LangChain AGRToolWrapper
  • LangGraph + CrewAI compatible
  • REST API for any language or runtime
Integration

Three methods. Full governance.

agent.py
from agr_sdk import AGRClient, agr_governed # 1. Register your agent agr = AGRClient(api_key="agr_...") agr.register_agent( agent_id="pm-agent", policies=["policies/pm.cedar"], trust_level=2 ) # 2. Evaluate before acting decision = agr.evaluate( agent="pm-agent", action="write.spec", resource="project/acme-crm", context={"env": "staging"} ) if decision.result == "APPROVAL_REQUIRED": # 3. Suspend and wait — zero compute used agr.wait_for_approval(decision.workflow_id) # Decorator approach — wraps any function @agr_governed(action="deploy.production") def deploy(env, version): # Governance check runs automatically production_deploy(env, version)

register_agent()

Bind an agent identity to a set of Cedar policy files and a trust level. Called once at startup — or on every cold start in serverless environments.

evaluate()

Synchronously evaluates an (agent, action, resource) triple against loaded policies. Returns ALLOW, DENY, or APPROVAL_REQUIRED in under 2ms p95.

wait_for_approval()

Suspends the current workflow via Temporal. Sends approval notification. Resumes execution when a human approves or denies — consuming zero compute while waiting.

TypeScript / Node.js

import { AGRClient } from "@agr/sdk"; const agr = new AGRClient({ apiKey: "agr_..." }); const d = await agr.evaluate({ agent: "coder-agent", action: "fs.write", resource: "src/auth.ts" });
Pricing

Start free. Scale as you grow.

Free
$0 / month
For developers and side projects
  • 10,000 evaluations/month
  • Cedar policy engine
  • Audit trail (30-day retention)
  • Python + Node.js SDK
  • Community support
Get started free
Startup
$49 / month
For teams shipping agent-powered features
  • 1,000,000 evaluations/month
  • Durable approval workflows
  • Email + Slack notifications
  • Framework plugins (LangChain, CrewAI)
  • Audit trail (1-year retention)
  • Email support
Get Startup
Business
$199 / month
For production deployments requiring compliance
  • Unlimited evaluations
  • SOC 2 Type II audit export
  • Custom policy review
  • SAML SSO
  • SLA + dedicated support
  • On-prem deployment option
Contact us
FAQ

Common questions

Does AGR work with LangGraph, CrewAI, or other frameworks?
Yes. AGR ships first-class plugins for LangChain (AGRToolWrapper), LangGraph, and CrewAI. For any other framework, the evaluate() method works as a plain function call — wrap any tool or action with a single line. A REST API is available for non-Python runtimes.
Is Cedar deterministic compared to LLM-based guards?
Cedar is a formally verified policy language — it is fully deterministic. Given the same policy file and the same input triple (agent, action, resource), it will always return the same decision. This is a fundamental design difference from LLM-based guardrails, which are probabilistic and can return different results for identical inputs. For compliance and audit purposes, determinism is a hard requirement.
What happens if an approval waits for days or weeks?
Nothing bad. Temporal durably suspends the workflow — no compute is consumed, no memory is held, no timeout fires. The workflow resumes exactly where it left off the moment a reviewer approves or denies. You can configure escalation rules (e.g., re-notify after 24 hours, auto-deny after 7 days) in your policy file.
Does AGR replace human reviewers?
No — and it is not designed to. AGR routes the right actions to human reviewers and ensures those reviewers are notified quickly. The Cedar engine handles the low-risk decisions automatically, freeing your team to focus on the high-stakes approvals that actually need human judgment. The goal is to make human oversight scalable, not to eliminate it.
Can I use AGR in pre-production and testing environments?
Yes. AGR supports environment-aware policies — you can write Cedar rules that behave differently in dev, staging, and production. In testing, you can run AGR in "audit-only" mode, where all decisions are logged but actions are never blocked. This lets you validate your policy files before enabling enforcement in production.

Add governance to your first agent in 5 minutes

Start with the free tier — 10,000 evaluations per month, no credit card required.

Get AGR free → Learn about Shreeja AI
pip install agr-sdk · npm install @agr/sdk