Core safety layer
Runtime decisions and deterministic controls
- *ToolGate decisioning at call time
- *Signed confirmation tokens and resume flow
- *Idempotency and stable hashing by default
SDF Plan
Trusted control for every agent tool call
A lightweight, deterministic, local-first runtime safety layer that sits right before tool execution.
Real ToolGate decisions: ALLOW, REQUIRE_CONFIRM, WARN, BLOCK.
Live Demo
Real ToolGate flow: REQUIRE_CONFIRM -> CONFIRM -> ALLOW
Product details
SDF Plan gives engineering teams deterministic, local-first safety controls for agent runtime behavior.
Developer experience
Fast setup and practical integration paths
- *Install from PyPI and run in minutes
- *OpenAI style and generic input normalization
- *Adapter patterns and CLI for quick adoption
SDF Plan Product Details Matrix
- *ToolGate first runtime safety for agent tool calls.
- *Deterministic confirmation flow with signed resume tokens.
- *Local first usage with transparent defaults and explicit policy tuning.
- *Developer friendly adapters and CLI for fast integration.
SDF Plan feature matrix
| Capability | Included | Details |
|---|---|---|
| ToolGate runtime decisions | Yes | ALLOW, REQUIRE_CONFIRM, WARN, and BLOCK decisions for tool calls. |
| Signed confirmation tokens | Yes | Scope, tool, and args bound tokens with expiry and jti support. |
| Idempotency key derivation | Yes | Stable keys derived from scope + tool + canonical args hash. |
| Tool-mode lint rules | Yes | Unknown tool, write confirm checks, idempotency checks, and verify before write rules. |
| PlanSpec lint and preflight | Yes | Optional plan mode support for existing plan first workflows. |
| Input normalization | Yes | OpenAI style tool calls, generic tool JSON, and PlanSpec normalization paths. |
| Framework adapter support | Yes | Official LangGraph adapter and thin wrapper patterns for other runtimes. |
| CLI utilities | Yes | Command helpers for linting plan files and classifying tools. |
| Deterministic local behavior | Yes | Canonical hashing and explicit defaults for reproducible results. |
| Open source license | Yes | MIT licensed and installable from PyPI. |
ToolGate runtime decisions
Yes
ALLOW, REQUIRE_CONFIRM, WARN, and BLOCK decisions for tool calls.
Signed confirmation tokens
Yes
Scope, tool, and args bound tokens with expiry and jti support.
Idempotency key derivation
Yes
Stable keys derived from scope + tool + canonical args hash.
Tool-mode lint rules
Yes
Unknown tool, write confirm checks, idempotency checks, and verify before write rules.
PlanSpec lint and preflight
Yes
Optional plan mode support for existing plan first workflows.
Input normalization
Yes
OpenAI style tool calls, generic tool JSON, and PlanSpec normalization paths.
Framework adapter support
Yes
Official LangGraph adapter and thin wrapper patterns for other runtimes.
CLI utilities
Yes
Command helpers for linting plan files and classifying tools.
Deterministic local behavior
Yes
Canonical hashing and explicit defaults for reproducible results.
Open source license
Yes
MIT licensed and installable from PyPI.
OSS Commitments
- Core safety semantics: lint/policy/tool gate behavior.
- Public schema/contracts and local SDK usability.
- Adapters/wrapper patterns needed for adoption.
- Local determinism and transparent defaults.
Release Update Steps
- Set "Last reviewed for release" to the release tag.
- Review every matrix row and confirm placement/details are still accurate.
- If any row changed, add a short feature delta note in release notes.
- Confirm OSS commitments remain aligned with current packaging.
- Link this page from release checklist and release notes.