Asqav: Open-source SDK for AI agent governance
AI agents are executing consequential tasks autonomously, often across multiple systems and with little record of what they did or why. Asqav, a Python SDK released under the MIT license, addresses that gap by attaching a cryptographic signature to each agent action and linking entries into a hash chain.
The signing algorithm is ML-DSA-65, standardized under FIPS 204 and designed to remain secure against quantum computing attacks. Each signature also carries an RFC 3161 timestamp. “Every agent action gets signed with a quantum-safe signature and hash-chained to the previous one,” João André Gomes Marques, author of the project, told Help Net Security. “If someone tampers with an entry or tries to omit one, the chain breaks and verification fails.”
Integration and policy enforcement
The SDK is available via pip and supports five agent frameworks: LangChain, CrewAI, LiteLLM, Haystack, and the OpenAI Agents SDK. Each integration extends a shared AsqavAdapter class. A decorator (@asqav.sign) and a context manager (asqav.session()) are available for signing arbitrary functions or sequences of steps.
Policy enforcement runs at the action level. Developers define patterns, such as blocking any action matching data:delete:*, and the SDK evaluates those policies before execution. Multi-party signing is also supported, using an m-of-n threshold scheme that requires a minimum number of approvals before a critical action proceeds.
Marques said the SDK was designed with developer adoption in mind. “Most compliance tooling is painful to integrate,” he said. “I wanted governance to be something developers reach for because it’s easy, not something they’re forced into by legal.”
Offline mode and CLI
The SDK includes a local signing mode for environments where the API is unreachable. Actions signed offline are queued and synced when connectivity returns using asqav sync. A command-line interface, installed via pip install asqav[cli], supports signature verification with asqav verify, agent management with asqav agents, and manual sync operations.
Getting started
The free tier covers agent creation, signed actions, audit export, and framework integrations. Installation is a single pip install asqav. From there, initializing an agent and signing an action requires calling asqav.init(), asqav.Agent.create(), and agent.sign().
Roadmap
Multi-agent audit trails are in active development. This would extend the hash chain across calls between agents, so that a chain of Agent A calling Agent B produces a single verifiable record spanning both.
An early MCP package (asqav-mcp) is listed in the project’s ecosystem, and Marques described additional tool-level governance work as ongoing. He also said future versions will improve the compliance report generator to map output directly to specific EU AI Act articles.
Asqav is available on GitHub.
Must read:
- 40 open-source tools redefining how security teams secure the stack
- Firmware scanning time, cost, and where teams run EMBA
Subscribe to the Help Net Security ad-free monthly newsletter to stay informed on the essential open-source cybersecurity tools. Subscribe here!