# How to Integrate AgentMesh Governance with LangChain, AutoGen, and CrewAI

> Integrate AgentMesh governance with LangChain AutoGen and CrewAI using AgentMeshTrustCallback. Enforce cryptographic identity verification and adaptive trust scoring for enhanced agent security and reliability.

- Repository: [Microsoft/agent-governance-toolkit](https://github.com/microsoft/agent-governance-toolkit)
- Tags: how-to-guide
- Published: 2026-05-29

---

**TLDR**: Use `AgentMeshTrustCallback` to intercept tool and LLM calls via LangChain's callback system, wrap tools with `trust_verified_tool` or subclass `TrustVerifiedTool`, and configure `min_trust_score` thresholds to enforce cryptographic identity verification and adaptive trust scoring across AutoGen and CrewAI agents.

The microsoft/agent-governance-toolkit provides a **trust-aware governance layer** that retrofits existing AI agent architectures with zero-trust security without modifying underlying framework code. By leveraging LangChain's callback infrastructure, AgentMesh integrates seamlessly with AutoGen conversational agents and CrewAI orchestration pipelines to enforce policy-driven access control and comprehensive audit logging.

## Core Governance Components

AgentMesh implements governance through three primary components located in the LangChain integration module:

- **`AgentMeshTrustCallback`** (in [`src/agentmesh/integrations/langchain/callback.py`](https://github.com/microsoft/agent-governance-toolkit/blob/main/src/agentmesh/integrations/langchain/callback.py)): Intercepts `on_tool_start`, `on_tool_end`, and `on_llm_start` events to verify agent trust scores before execution and record interactions for adaptive scoring updates.
- **`trust_verified_tool` / `TrustVerifiedTool`** (in [`src/agentmesh/integrations/langchain/tools.py`](https://github.com/microsoft/agent-governance-toolkit/blob/main/src/agentmesh/integrations/langchain/tools.py)): Wraps standard LangChain tools to reject calls when the agent's trust score falls below the configured threshold.
- **`InMemoryTrustStore`**: Stores trust scores keyed by Decentralized Identifier (DID) in the format `did:mesh:...`, with scores ranging from **0 to 1000**.

Each LangChain agent receives a unique DID during identity creation. The callback queries the trust store using this identifier before permitting any tool or LLM invocation.

## Securing AutoGen Agents with Trust Verification

AutoGen agents benefit from AgentMesh governance by passing the trust callback through the LangChain configuration. The callback enforces trust thresholds on both tool execution and LLM calls while generating immutable audit records.

```python

# Install: pip install agentmesh-platform langchain langchain-openai autogen

from agentmesh import AgentIdentity
from agentmesh.integrations.langchain import AgentMeshTrustCallback, trust_verified_tool
from agentmesh import PolicyEngine, AuditLog
from langchain_community.tools import DuckDuckGoSearchRun
from autogen import AssistantAgent, UserProxyAgent
from langchain_openai import ChatOpenAI
from langchain.tools import Tool

# 1. Create cryptographic identity

identity = AgentIdentity.create(
    name="autogen-agent",
    sponsor="dev@example.com",
    capabilities=["tool:search", "tool:calculator"]
)

# 2. Initialize governance

policy_engine = PolicyEngine.from_file("policies/default.yaml")
audit_log = AuditLog(agent_id=identity.did)

# 3. Wrap tools with trust verification

search_tool = DuckDuckGoSearchRun()
secure_search = trust_verified_tool(
    tool=search_tool,
    agent_did=identity.did,
    min_score=600,  # Require 600+ trust points

)

# 4. Configure trust callback

callback = AgentMeshTrustCallback(
    agent_did=identity.did,
    min_trust_score=600,
)

# 5. Assemble AutoGen agent

llm = ChatOpenAI(model="gpt-4")
tools = [Tool(name="Search", func=secure_search, description="Web search")]

assistant = AssistantAgent(
    name="assistant",
    llm=llm,
    tools=tools,
    callbacks=[callback]  # Attach governance layer

)

# 6. Execute with verification

user = UserProxyAgent(name="user")
user.initiate_chat(
    assistant,
    message="What are the latest AI research papers about Retrieval Augmented Generation?"
)

```

In this implementation, if the trust score drops below **600**, the `AgentMeshTrustCallback` raises a `TrustVerificationError` and blocks the operation. Successful and failed interactions are recorded via `record_interaction` to update the adaptive trust score (e.g., **+5** for success, **-10** for failure).

## Implementing CrewAI Governance

CrewAI integration follows the same pattern but uses the `TrustVerifiedTool` class for direct tool instantiation. The crew's `kickoff` method receives the callback through the LangChain configuration forwarding mechanism.

```python

# Install: pip install agentmesh-platform crewai langchain-openai

from agentmesh import AgentIdentity
from agentmesh.integrations.langchain import TrustVerifiedTool, AgentMeshTrustCallback
from crewai import Agent, Crew
from langchain_openai import ChatOpenAI

# 1. Create identity

identity = AgentIdentity.create(
    name="crew-agent", 
    sponsor="team@example.com", 
    capabilities=["tool:*"]
)

# 2. Define trust-verified calculator

calc_tool = TrustVerifiedTool(
    name="calculator",
    description="Safely evaluates arithmetic expressions",
    agent_did=identity.did,
    min_trust_score=500,
    inner_fn=lambda expr: str(eval(expr, {"__builtins__": {}}, {})),
)

# 3. Build Crew agent

llm = ChatOpenAI(model="gpt-4")
crew_agent = Agent(
    role="Math Analyst",
    goal="Provide accurate calculations",
    backstory="Expert in numeric reasoning",
    llm=llm,
    tools=[calc_tool],
)

crew = Crew(agents=[crew_agent], tasks=[], verbose=True)

# 4. Attach callback and execute

callback = AgentMeshTrustCallback(agent_did=identity.did, min_trust_score=500)

crew.kickoff(
    {"input": "What is 12 * 7 plus 3?"},
    callbacks=[callback]  # Forwarded to underlying LangChain

)

```

The `TrustVerifiedTool` class embeds verification directly into the tool's execution flow, checking the trust store against the `agent_did` before invoking the `inner_fn`.

## Trust Score Mechanics and Policy Enforcement

The governance system operates on a numeric **trust score between 0 and 1000**. When `_verify_trust` is called in [`callback.py`](https://github.com/microsoft/agent-governance-toolkit/blob/main/callback.py), it queries the trust store using the agent's DID. If the score is below `min_trust_score`, execution halts immediately.

Key implementation details from [`src/agentmesh/integrations/langchain/callback.py`](https://github.com/microsoft/agent-governance-toolkit/blob/main/src/agentmesh/integrations/langchain/callback.py):

- **Interaction Recording**: Every tool start, tool end, and LLM invocation generates an `InteractionRecord` containing timestamps, success flags, and metadata.
- **Adaptive Scoring**: The `PolicyEngine` (loaded from YAML configuration) defines rules for score adjustments based on interaction outcomes.
- **Graceful Degradation**: If LangChain is not present, the integration provides fallback stubs to prevent import errors.

Applications can query current trust levels programmatically:

```python
from agentmesh.integrations.langchain.callback import InMemoryTrustStore

trust_store = InMemoryTrustStore()
current_score = trust_store.get_trust_score(identity.did)

```

## Summary

- **AgentMeshTrustCallback** intercepts LangChain events in [`callback.py`](https://github.com/microsoft/agent-governance-toolkit/blob/main/callback.py) to enforce trust thresholds on LLM and tool calls through the `min_trust_score` parameter.
- **trust_verified_tool** and **TrustVerifiedTool** (in [`tools.py`](https://github.com/microsoft/agent-governance-toolkit/blob/main/tools.py)) provide drop-in wrappers for existing LangChain tools, rejecting execution when trust scores fall below configured limits.
- Both **AutoGen** and **CrewAI** integrate via LangChain's callback configuration, passing the `callbacks` parameter to agent constructors or the `kickoff` method.
- Trust scores range from **0 to 1000** and adapt based on interaction success/failure recorded via `record_interaction`.
- The integration degrades gracefully when LangChain is absent, providing fallback stubs for safe imports in any environment.

## Frequently Asked Questions

### How does AgentMesh handle trust score violations during agent execution?

When verification fails—meaning the agent's current score is below `min_trust_score`—the system raises a `TrustVerificationError` that blocks the tool or LLM call before execution begins. This exception propagates through the LangChain callback chain, halting the specific operation while preserving agent state for auditing. The interaction is still recorded via `record_interaction` with a failure flag, potentially triggering additional score deductions according to the active `PolicyEngine` rules.

### Can I use persistent storage instead of the default InMemoryTrustStore?

Yes, the `InMemoryTrustStore` is the default implementation, but the architecture supports swapping in Redis, SQL databases, or custom persistence layers. The `AgentMeshTrustCallback` and tool wrappers interact with the trust store through an abstract interface, allowing you to inject a persistent backend by configuring the trust store parameter in the policy engine or by subclassing the base store interface and passing it to the callback constructor.

### What is the performance overhead of adding AgentMesh governance to existing agents?

The overhead consists of a single trust store lookup (typically O(1) for in-memory or cached stores) and interaction logging per tool/LLM call. According to the implementation in [`callback.py`](https://github.com/microsoft/agent-governance-toolkit/blob/main/callback.py), verification occurs in the `_verify_trust` method using the agent's DID as a direct key lookup. For high-throughput scenarios, the in-memory store provides microsecond-level latency, while persistent stores add network round-trip time. The callback system itself adds minimal overhead as it leverages LangChain's native hook mechanisms.

### Do I need to modify my existing AutoGen or CrewAI agents to use this governance?

No modification to agent logic is required. For **AutoGen**, you pass the `AgentMeshTrustCallback` instance to the `callbacks` parameter of the `AssistantAgent` constructor. For **CrewAI**, you pass it to the `kickoff` method's `callbacks` parameter or wrap individual tools with `TrustVerifiedTool`. The governance layer intercepts calls through LangChain's standard callback system, making it a non-invasive retrofit for existing production deployments.