Python SDK
Route AI agent tool calls through AxioRank from Python (sync or async).
The axiorank package mirrors the
TypeScript SDK: a sync AxioRank client and an async AsyncAxioRank client,
both over httpx.
Install
pip install axiorankGuard a tool call
import os
from axiorank import AxioRank, AxioRankDeniedError
axio = AxioRank(api_key=os.environ["AXIORANK_API_KEY"]) # axr_live_...
# enforce() raises on a deny:
try:
axio.enforce("aws.delete_bucket", {"name": "prod-data"})
delete_bucket("prod-data")
except AxioRankDeniedError as e:
print(e.result.reason, e.result.risk)
# ...or inspect the decision yourself:
result = axio.tool_call("github.push", {"repo": "myrepo"})
if result.decision == "deny":
...Async
import os
from axiorank import AsyncAxioRank
async def main():
async with AsyncAxioRank(api_key=os.environ["AXIORANK_API_KEY"]) as axio:
result = await axio.tool_call("stripe.refund", {"amount": 5000})
print(result.decision, result.risk)Approvals are transparent
A require_approval policy holds the call for a human. tool_call / enforce
wait out the hold (the gateway long-polls) and resolve to the final allow /
deny — you never handle a hold state. After approval_timeout (default
300.0 seconds) the call resolves to deny.
Preflight an external server
Verify an MCP server or A2A agent before your agent trusts it:
card = axio.verify_card(url="https://mcp.acme.com")
print(card.decision, card.identity.signature_valid, card.protocol)
# Guard in one line — raises AxioRankCardDeniedError on `deny`:
axio.enforce_card(url="https://mcp.acme.com")Configuration
| Argument | Default | Notes |
|---|---|---|
api_key | — (required) | Your agent's key (axr_live_...). |
base_url | https://app.axiorank.com | Point at your own deployment. |
timeout | 10.0 | Per-request timeout, seconds. |
approval_timeout | 300.0 | Max wait for a held call, seconds. |
Next steps
- LangChain integration — guard every tool an agent runs.
- Gateway API — the underlying HTTP contract.