Runtime Governance Reference
Everything the SDK exposes for runtime governance.
Agent / AsyncAgent
Section titled “Agent / AsyncAgent”from tappass import Agent, AsyncAgentAgent(url, api_key, *, model="gpt-4o-mini", respect_breakglass=False, raise_on_redaction=False) — sync governed agent.
AsyncAgent(url, *, api_key="", ...) — async variant.
.chat(prompt, *, model=None, metadata=None) -> ChatResponse.
.stream(prompt, ...) -> Iterator[ChatChunk] / AsyncIterator[ChatChunk].
Both return responses with correlation IDs: .session_id, .task_id, .agent_uuid, .pipeline_uuid, .audit_url.
Ambient session
Section titled “Ambient session”from tappass import tappass_session, tappass_session_async, current_sessionwith tappass_session(url=..., api_key="tp_...") as session: opens a server session, pushes correlation IDs into a ContextVar. Nested Agent.chat() and govern()-wrapped tool calls inherit automatically. current_session() returns the active Session or None.
GovernanceDecision tree
Section titled “GovernanceDecision tree”TapPassError├── TapPassConnectionError├── TapPassConfigError└── GovernanceDecision ├── PolicyBlockError .blocked_by, .classification ├── RedactionApplied .redactions, .redacted_content ├── ApprovalRequired .approval_url, .resume_token, .expires_at ├── TrustTierDenied .required_tier, .actual_tier ├── BreakGlassActive .level, .expires_at └── ToolIntegrityViolation .tool_name, .violationEvery GovernanceDecision carries .session_id, .task_id, .agent_uuid, .pipeline_uuid, .audit_url — deep-link to the dashboard or correlate in audit API queries.
Framework guards
Section titled “Framework guards”| Framework | Sync | Async | Unit of work |
|---|---|---|---|
| CrewAI | guard_crew | guard_crew_async | crew.kickoff() |
| LangChain | guard_agent | guard_agent_async | executor.invoke() |
| OpenAI Assistants | guard_openai_run | guard_openai_run_async | one run |
| Google ADK | guard_adk_agent | guard_adk_agent_async | agent.run() |
| Temporal | @governed_workflow | same | one workflow execution |
| MCP client | — | guard_mcp_client | connection lifetime |
| MCP server | TapPassMCPMiddleware | same | per-request |
| A2A | with_correlation / join_correlation | same | no session owner |
| FastAPI | TapPassMiddleware | same | per-request |
Governing individual tools
Section titled “Governing individual tools”from tappass import govern
tools = govern([my_tool_fn], url=..., api_key="tp_...")# Each tool invocation emits an AuditEvent with correlation from the# active tappass_session (if any).TapPass (runtime admin)
Section titled “TapPass (runtime admin)”from tappass import TapPass
with TapPass("https://tappass.example.com", admin_key="tp_...") as tp: h = tp.health() # server health / version agent = tp.agent(agent_uuid) # lookup cred = tp.register_agent("my-service", framework="langchain")Dashboard-level admin (policy CRUD, compliance reports, retention, break-glass invocation, Verified credential issuance, trust management) is NOT in the SDK. Use the web UI.