how-to-guide

How to Integrate AgentMesh Governance with LangChain, AutoGen, and CrewAI

May 29, 2026 microsoft/agent-governance-toolkit ↗

TLDR: Use AgentMeshTrustCallback to intercept tool and LLM calls via LangChain's callback system, wrap tools with trust_verified_tool or subclass TrustVerifiedTool, and configure min_trust_score thresholds to enforce cryptographic identity verification and adaptive trust scoring across AutoGen and CrewAI agents.

The microsoft/agent-governance-toolkit provides a trust-aware governance layer that retrofits existing AI agent architectures with zero-trust security without modifying underlying framework code. By leveraging LangChain's callback infrastructure, AgentMesh integrates seamlessly with AutoGen conversational agents and CrewAI orchestration pipelines to enforce policy-driven access control and comprehensive audit logging.

Core Governance Components

AgentMesh implements governance through three primary components located in the LangChain integration module:

AgentMeshTrustCallback (in src/agentmesh/integrations/langchain/callback.py): Intercepts on_tool_start, on_tool_end, and on_llm_start events to verify agent trust scores before execution and record interactions for adaptive scoring updates.
trust_verified_tool / TrustVerifiedTool (in src/agentmesh/integrations/langchain/tools.py): Wraps standard LangChain tools to reject calls when the agent's trust score falls below the configured threshold.
InMemoryTrustStore: Stores trust scores keyed by Decentralized Identifier (DID) in the format did:mesh:..., with scores ranging from 0 to 1000.

Each LangChain agent receives a unique DID during identity creation. The callback queries the trust store using this identifier before permitting any tool or LLM invocation.

Securing AutoGen Agents with Trust Verification

AutoGen agents benefit from AgentMesh governance by passing the trust callback through the LangChain configuration. The callback enforces trust thresholds on both tool execution and LLM calls while generating immutable audit records.


# Install: pip install agentmesh-platform langchain langchain-openai autogen

from agentmesh import AgentIdentity
from agentmesh.integrations.langchain import AgentMeshTrustCallback, trust_verified_tool
from agentmesh import PolicyEngine, AuditLog
from langchain_community.tools import DuckDuckGoSearchRun
from autogen import AssistantAgent, UserProxyAgent
from langchain_openai import ChatOpenAI
from langchain.tools import Tool

# 1. Create cryptographic identity

identity = AgentIdentity.create(
    name="autogen-agent",
    sponsor="[email protected]",
    capabilities=["tool:search", "tool:calculator"]
)

# 2. Initialize governance

policy_engine = PolicyEngine.from_file("policies/default.yaml")
audit_log = AuditLog(agent_id=identity.did)

# 3. Wrap tools with trust verification

search_tool = DuckDuckGoSearchRun()
secure_search = trust_verified_tool(
    tool=search_tool,
    agent_did=identity.did,
    min_score=600,  # Require 600+ trust points

)

# 4. Configure trust callback

callback = AgentMeshTrustCallback(
    agent_did=identity.did,
    min_trust_score=600,
)

# 5. Assemble AutoGen agent

llm = ChatOpenAI(model="gpt-4")
tools = [Tool(name="Search", func=secure_search, description="Web search")]

assistant = AssistantAgent(
    name="assistant",
    llm=llm,
    tools=tools,
    callbacks=[callback]  # Attach governance layer

)

# 6. Execute with verification

user = UserProxyAgent(name="user")
user.initiate_chat(
    assistant,
    message="What are the latest AI research papers about Retrieval Augmented Generation?"
)

In this implementation, if the trust score drops below 600, the AgentMeshTrustCallback raises a TrustVerificationError and blocks the operation. Successful and failed interactions are recorded via record_interaction to update the adaptive trust score (e.g., +5 for success, -10 for failure).

Implementing CrewAI Governance

CrewAI integration follows the same pattern but uses the TrustVerifiedTool class for direct tool instantiation. The crew's kickoff method receives the callback through the LangChain configuration forwarding mechanism.


# Install: pip install agentmesh-platform crewai langchain-openai

from agentmesh import AgentIdentity
from agentmesh.integrations.langchain import TrustVerifiedTool, AgentMeshTrustCallback
from crewai import Agent, Crew
from langchain_openai import ChatOpenAI

# 1. Create identity

identity = AgentIdentity.create(
    name="crew-agent", 
    sponsor="[email protected]", 
    capabilities=["tool:*"]
)

# 2. Define trust-verified calculator

calc_tool = TrustVerifiedTool(
    name="calculator",
    description="Safely evaluates arithmetic expressions",
    agent_did=identity.did,
    min_trust_score=500,
    inner_fn=lambda expr: str(eval(expr, {"__builtins__": {}}, {})),
)

# 3. Build Crew agent

llm = ChatOpenAI(model="gpt-4")
crew_agent = Agent(
    role="Math Analyst",
    goal="Provide accurate calculations",
    backstory="Expert in numeric reasoning",
    llm=llm,
    tools=[calc_tool],
)

crew = Crew(agents=[crew_agent], tasks=[], verbose=True)

# 4. Attach callback and execute

callback = AgentMeshTrustCallback(agent_did=identity.did, min_trust_score=500)

crew.kickoff(
    {"input": "What is 12 * 7 plus 3?"},
    callbacks=[callback]  # Forwarded to underlying LangChain

)

The TrustVerifiedTool class embeds verification directly into the tool's execution flow, checking the trust store against the agent_did before invoking the inner_fn.

Trust Score Mechanics and Policy Enforcement

The governance system operates on a numeric trust score between 0 and 1000. When _verify_trust is called in callback.py, it queries the trust store using the agent's DID. If the score is below min_trust_score, execution halts immediately.

Key implementation details from src/agentmesh/integrations/langchain/callback.py:

Interaction Recording: Every tool start, tool end, and LLM invocation generates an InteractionRecord containing timestamps, success flags, and metadata.
Adaptive Scoring: The PolicyEngine (loaded from YAML configuration) defines rules for score adjustments based on interaction outcomes.
Graceful Degradation: If LangChain is not present, the integration provides fallback stubs to prevent import errors.

Applications can query current trust levels programmatically:

from agentmesh.integrations.langchain.callback import InMemoryTrustStore

trust_store = InMemoryTrustStore()
current_score = trust_store.get_trust_score(identity.did)

Summary

AgentMeshTrustCallback intercepts LangChain events in callback.py to enforce trust thresholds on LLM and tool calls through the min_trust_score parameter.
trust_verified_tool and TrustVerifiedTool (in tools.py) provide drop-in wrappers for existing LangChain tools, rejecting execution when trust scores fall below configured limits.
Both AutoGen and CrewAI integrate via LangChain's callback configuration, passing the callbacks parameter to agent constructors or the kickoff method.
Trust scores range from 0 to 1000 and adapt based on interaction success/failure recorded via record_interaction.
The integration degrades gracefully when LangChain is absent, providing fallback stubs for safe imports in any environment.

Frequently Asked Questions

How does AgentMesh handle trust score violations during agent execution?

When verification fails—meaning the agent's current score is below min_trust_score—the system raises a TrustVerificationError that blocks the tool or LLM call before execution begins. This exception propagates through the LangChain callback chain, halting the specific operation while preserving agent state for auditing. The interaction is still recorded via record_interaction with a failure flag, potentially triggering additional score deductions according to the active PolicyEngine rules.

Can I use persistent storage instead of the default InMemoryTrustStore?

Yes, the InMemoryTrustStore is the default implementation, but the architecture supports swapping in Redis, SQL databases, or custom persistence layers. The AgentMeshTrustCallback and tool wrappers interact with the trust store through an abstract interface, allowing you to inject a persistent backend by configuring the trust store parameter in the policy engine or by subclassing the base store interface and passing it to the callback constructor.

What is the performance overhead of adding AgentMesh governance to existing agents?

The overhead consists of a single trust store lookup (typically O(1) for in-memory or cached stores) and interaction logging per tool/LLM call. According to the implementation in callback.py, verification occurs in the _verify_trust method using the agent's DID as a direct key lookup. For high-throughput scenarios, the in-memory store provides microsecond-level latency, while persistent stores add network round-trip time. The callback system itself adds minimal overhead as it leverages LangChain's native hook mechanisms.

Do I need to modify my existing AutoGen or CrewAI agents to use this governance?

No modification to agent logic is required. For AutoGen, you pass the AgentMeshTrustCallback instance to the callbacks parameter of the AssistantAgent constructor. For CrewAI, you pass it to the kickoff method's callbacks parameter or wrap individual tools with TrustVerifiedTool. The governance layer intercepts calls through LangChain's standard callback system, making it a non-invasive retrofit for existing production deployments.

Have a question about this repo?

These articles cover the highlights, but your codebase questions are specific. Give your agent direct access to the source. Share this with your agent to get started:

Share the following with your agent to get started:

curl -s "https://instagit.com/install.md"

Add to your MCP client configuration:

{
  "mcpServers": {
    "instagit": {
      "command": "npx",
      "args": ["-y", "instagit@latest"]
    }
  }
}

Ask your agent:

"Use Instagit MCP to understand how microsoft/agent-governance-toolkit works."

Works with

Claude Codex Cursor VS Code OpenClaw Any MCP Client

Maintain an open-source project? Get it listed too →