Using ACT with LangChain

Overview

LangChain agents are powerful, but when they access external tools and APIs, there's no built-in way to enforce permissions or constraints. Your agent might hallucinate incorrect tool calls, bypass rate limits, or access resources it shouldn't.

Agents may call tools with incorrect or malicious parameters
No fine-grained control over which tools agents can access
Limited visibility into tool usage and actions taken
Difficult to revoke permissions without redeploying the agent

ACT solves this by wrapping your tool calls with policy enforcement and audit logging.

Architecture

LangChain Agent

Decides which tools to call

→

ACT Middleware

                        ✓ Validates token

                        ✓ Checks policy

                        ✓ Logs action

→

Your Tools/APIs

Protected resources

⚠️ Authentication Required

All requests to https://api.acttokens.com require:

API Key (in X-Api-Key header) - Platform authentication
Capability Token (in request body) - Agent authorization

Learn more about dual-token authentication →

Quick Start

Step 1: Get Your API Key

ACT_API_KEY="your_api_key_here"
ACT_BASE_URL="https://api.acttokens.com"

Step 2: Register Your Agent in ACT

curl -X POST $ACT_BASE_URL/v1/agents \
  -H "X-Api-Key: $ACT_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "LangChain Research Agent",
    "description": "Performs web searches and data analysis",
    "metadata": {
      "framework": "langchain",
      "agent_type": "research"
    }
  }'

Step 3: Define a Policy

Specify what tools and actions your agent is allowed to perform:

curl -X POST $ACT_BASE_URL/v1/policies \
  -H "X-Api-Key: $ACT_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Research Agent Policy",
    "actions": ["search", "read"],
    "resources": ["api://search/*", "api://data/read/*"],
    "effect": "allow",
    "constraints": {
      "maxRequests": 100,
      "allowedDomains": ["example.com"]
    }
  }'

Step 4: Issue an ACT Token

curl -X POST $ACT_BASE_URL/v1/tokens \
  -H "X-Api-Key: $ACT_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "agentId": "agent_123",
    "expiresIn": 3600
  }'

# Response: {"token": "eyJhbGc..."}

Step 5: Wrap Your Tools with ACT Validation

Create a wrapper function that validates tool calls before execution:

import requests
from langchain.tools import tool
from langchain.agents import initialize_agent, AgentType

ACT_API_KEY = "your_api_key"
ACT_BASE_URL = "https://your-act-instance"
ACT_TOKEN = "token_from_step_4"

def validate_with_act(action, resource):
    """Validate action with ACT before execution"""
    response = requests.post(
        f"{ACT_BASE_URL}/v1/enforce",
        headers={
            "X-Api-Key": ACT_API_KEY,
            "Content-Type": "application/json"
        },
        json={
            "requestId": str(uuid.uuid4()),
            "capabilityToken": ACT_TOKEN,
            "action": action,
            "resourceId": resource,
            "tenantId": "default-tenant",
            "context": {}
        }
    )
    result = response.json()
    return result["decision"] == "allowed"

# Tool decorators
def search_web(query: str) -> str:
    """Search the web for information"""
    if not validate_with_act("search", "api://search/web"):
        return "Search not permitted by policy"

    # Perform actual search
    return f"Search results for: {query}"

def read_database(table: str) -> str:
    """Read from database"""
    if not validate_with_act("read", f"api://data/read/{table}"):
        return "Database read not permitted by policy"
    
    # Perform actual read
    return f"Data from {table}"

# Create agent with validated tools
tools = [search_web, read_database]
agent = initialize_agent(
    tools,
    llm,
    agent=AgentType.ZERO_SHOT_REACT_DESCRIPTION,
    verbose=True
)

Step 6: Run Your Agent

result = agent.run("Find recent news about AI security")
# Only tools that pass ACT validation will execute

Example Use Cases

✅ Research Assistant

Policy: Web search and document reading only

actions: ["search", "read"]
resources: ["api://search/*", "api://docs/read/*"]
constraints: { maxRequests: 100 }

✅ Data Analysis Agent

Policy: Read from analytics, no data modification

actions: ["read", "query"]
resources: ["api://analytics/*"]
constraints: { readOnly: true, maxRows: 10000 }

✅ Customer Support Bot

Policy: Read customer info, create tickets

actions: ["read", "create"]
resources: ["api://crm/customers/*", "api://tickets/*"]
constraints: { maxTickets: 50 }

Best Practices

Validate at tool definition: Wrap tool functions with ACT validation before the agent calls them
Short-lived tokens: Issue ACT tokens with 1-hour expiration and refresh as needed
Specific actions: Define granular actions (search, read, write, delete) rather than broad permissions
Resource patterns: Use resource paths to control access to specific APIs or data sources
Monitor audit logs: Regularly review logs to detect unusual agent behavior
Test policies: Thoroughly test policies before deploying agents to production

Troubleshooting

Tool calls are being blocked

Solution: Check your policy definitions. Verify the action and resource match your tool configuration. Review ACT audit logs.

Token expired during long-running tasks

Solution: Implement token refresh logic. Issue new tokens before existing ones expire, especially for long-running agents.

Agent behavior changed after adding ACT

Solution: Start with a permissive policy that mirrors your previous behavior. Gradually add constraints.