← Back to Integrations
🤖

Using ACT with Microsoft Autogen

Add fine-grained permissions and runtime enforcement to Autogen multi-agent systems

✓ Production Ready ⏱️ 20-minute setup

Overview

Microsoft Autogen enables sophisticated multi-agent collaboration, but without proper governance, agents can make unauthorized calls to external tools and services. When multiple agents collaborate, the security risks multiply.

  • Multiple agents may bypass intended access controls through cooperation
  • No fine-grained control over agent-to-agent and agent-to-tool interactions
  • Difficult to revoke individual agent permissions without redeploying
  • Limited audit visibility into multi-agent workflows
  • Risk of privilege escalation through agent collaboration

ACT solves this by enforcing capabilities-based security across your entire multi-agent system.

Architecture

Autogen Agents
Collaborate & delegate tasks
ACT Middleware
✓ Validates capabilities
✓ Enforces policies
✓ Logs interactions
Tools & Services
Protected resources

⚠️ Authentication Required

All requests to https://api.acttokens.com require:

  • API Key (in X-Api-Key header) - Platform authentication
  • Capability Token (in request body) - Agent authorization

Learn more about dual-token authentication →

Quick Start

Step 1: Get Your API Key

Register with ACT and get your API key from the dashboard.

ACT_API_KEY="your_api_key_here"
ACT_BASE_URL="https://api.acttokens.com"

Step 2: Register Each Agent in ACT

Create ACT agent records for each Autogen agent in your system:

curl -X POST $ACT_BASE_URL/v1/agents \
  -H "X-Api-Key: $ACT_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Planner Agent",
    "description": "Plans workflow and delegates tasks",
    "metadata": {
      "framework": "autogen",
      "role": "planner",
      "system_prompt": "You are a task planner"
    }
  }'
curl -X POST $ACT_BASE_URL/v1/agents \
  -H "X-Api-Key: $ACT_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Executor Agent",
    "description": "Executes approved tasks",
    "metadata": {
      "framework": "autogen",
      "role": "executor"
    }
  }'

Step 3: Define Role-Based Policies

Create policies for each agent role to enforce capability-based access:

# Policy for Planner Agent - Can read and plan
curl -X POST $ACT_BASE_URL/v1/policies \
  -H "X-Api-Key: $ACT_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Planner Capabilities",
    "actions": ["read", "list", "plan"],
    "resources": ["api://tasks/*", "api://workflows/*"],
    "effect": "allow"
  }'

# Policy for Executor Agent - Can execute approved tasks only
curl -X POST $ACT_BASE_URL/v1/policies \
  -H "X-Api-Key: $ACT_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Executor Capabilities",
    "actions": ["execute", "update"],
    "resources": ["api://tasks/execute/*"],
    "effect": "allow",
    "constraints": {
      "requiresApproval": true,
      "maxConcurrentTasks": 5
    }
  }'

Step 4: Issue Capability Tokens

curl -X POST $ACT_BASE_URL/v1/tokens \
  -H "X-Api-Key: $ACT_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "agentId": "planner_agent_id",
    "expiresIn": 3600
  }'

curl -X POST $ACT_BASE_URL/v1/tokens \
  -H "X-Api-Key: $ACT_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "agentId": "executor_agent_id",
    "expiresIn": 3600
  }'

Step 5: Integrate ACT with Autogen Functions

Wrap Autogen function calls with ACT validation:

import requests
import autogen
from uuid import uuid4

ACT_API_KEY = "your_api_key"
ACT_BASE_URL = "https://your-act-instance"
PLANNER_TOKEN = "token_for_planner"
EXECUTOR_TOKEN = "token_for_executor"

def validate_with_act(token, action, resource):
    """Validate action with ACT"""
    response = requests.post(
        f"{ACT_BASE_URL}/v1/enforce",
        headers={
            "X-Api-Key": ACT_API_KEY,
            "Content-Type": "application/json"
        },
        json={
            "requestId": str(uuid4()),
            "capabilityToken": token,
            "action": action,
            "resourceId": resource,
            "tenantId": "default-tenant",
            "context": {}
        }
    )
    return response.json()["decision"] == "allowed"

def plan_workflow(objective):
    """Planner agent function"""
    if not validate_with_act(PLANNER_TOKEN, "plan", "api://workflows/plan"):
        return "Planning not permitted"
    
    # Planning logic here
    return f"Plan for: {objective}"

def execute_task(task_id, task_details):
    """Executor agent function"""
    if not validate_with_act(EXECUTOR_TOKEN, "execute", f"api://tasks/execute/{task_id}"):
        return "Execution not permitted"
    
    # Execution logic here
    return f"Executed task: {task_id}"

# Define agents with validated functions
planner = autogen.AssistantAgent(
    name="Planner",
    system_message="You are a task planner",
)

executor = autogen.AssistantAgent(
    name="Executor",
    system_message="You are a task executor",
)

# Register functions with validation
planner.register_function(plan_workflow)
executor.register_function(execute_task)

Step 6: Run Your Multi-Agent System

user_proxy = autogen.UserProxyAgent(
    name="user_proxy",
    human_input_mode="NEVER",
)

groupchat = autogen.GroupChat(
    agents=[user_proxy, planner, executor],
    messages=[],
    max_round=10,
)

manager = autogen.GroupChatManager(groupchat=groupchat)

user_proxy.initiate_chat(
    manager,
    message="Please plan and execute the quarterly report"
)
# All function calls are validated through ACT

Example Use Cases

✅ Workflow Automation System

Agents: Planner (reads tasks), Executor (runs approved tasks), Monitor (read-only audit)

Planner: ["read", "plan"]
Executor: ["execute", "update"]
Monitor: ["read"]

✅ Data Processing Pipeline

Agents: Validator (checks data), Processor (transforms), Writer (saves results)

Validator: ["read", "validate"]
Processor: ["read", "process"]
Writer: ["write", "append"]

✅ Customer Service System

Agents: Triage (categorizes issues), Resolver (handles tickets), Manager (escalates)

Triage: ["read", "categorize"]
Resolver: ["read", "update", "resolve"]
Manager: ["escalate", "override"]

Best Practices

  • Principle of least privilege: Give each agent only the capabilities it needs
  • Role-based policies: Define policies based on agent roles rather than individual agents when possible
  • Approval gates: Use constraints to require approval for sensitive operations
  • Token rotation: Regularly rotate agent tokens to limit blast radius of compromised tokens
  • Audit multi-agent interactions: Monitor agent-to-agent calls and delegation patterns
  • Test delegation chains: Verify security properties when agents delegate to other agents

Troubleshooting

Agents can't coordinate tasks

Solution: Check if agent-to-agent communication permissions are defined. Ensure both agents have capabilities for delegation.

Execution fails due to denied permissions

Solution: Review the executor agent's policy. Verify it has "execute" action on the target resource.

Token conflicts between agents

Solution: Ensure each agent has its own token with appropriate expiration. Monitor token refresh cycles.

Next Steps

📖 API Reference

Full REST API documentation

📊 View Audit Logs

Monitor agent interactions

🦜 LangChain Integration

Secure LangChain agents

📝 Read Blog

AI security best practices