LangChain makes tool-calling effortless. Kynara decides which tools your agent may actually use — on whose behalf, under what conditions — before any side effect runs.
A LangChain agent calls whichever tool the model chooses, with whatever arguments it produces. There's no built-in concept of permissions: no rule for which agent may call which tool, on whose behalf, or under what conditions. For demos that's fine; for agents that send email, modify records, or move money, it's a liability.
from langchain.agents import AgentExecutor
from kynara_sdk.langchain import KynaraCallbackHandler
# One callback governs every tool the agent invokes
executor = AgentExecutor(
agent=agent, tools=tools,
callbacks=[KynaraCallbackHandler(kynara)],
)
# Or guard a single tool:
from langchain.tools import tool
from kynara_sdk import permission_required
@tool
@permission_required("crm.contacts.read", resource_arg="contact_id")
def get_contact(contact_id: str) -> str:
return crm.fetch(contact_id)On a deny, the call is blocked before the tool runs; on require_approval, the agent pauses for a human. Works the same for LangGraph nodes.
Every consequential call is evaluated against RBAC + ABAC policies and runtime context before it executes.
An agent can never exceed the permissions of the user it acts on behalf of.
Route destructive or external-facing actions to a human for approval, with full context.
Every decision is appended to a SHA-256 hash-chained log for forensics and compliance.
Go deeper: read the guide · docs · compare Kynara.
New guides on AI agent governance, MCP security, and compliance — no spam.