AgentLattice/Docs
Get Started
Navigate docs

Releases

Anthropic Managed Agents

Govern Anthropic Managed Agents with AgentLattice policies, approval workflows, and tamper-proof audit trails.

Overview

Anthropic Managed Agents run autonomous Claude agents in sandboxed cloud containers. AgentLattice's govern() method sits between your application and Anthropic's runtime, evaluating every tool call against your workspace's policies before allowing execution.

Your App → al.govern() → Anthropic (runs agent)
                ↕
           AgentLattice (policy engine + audit trail)

Every tool the agent invokes (bash, file writes, web searches, MCP tools) flows through your AgentLattice policies. Low-risk tools auto-approve instantly. High-risk tools can require human approval via the dashboard. Denied tools are gracefully handled by the agent.

Quick Start

1. Install

npm install @agentlattice/sdk @anthropic-ai/sdk

2. Create an Agent in AgentLattice

Go to your workspace dashboard, click Agents > New Agent, and select Anthropic Managed Agent. Copy the API key.

3. Configure the Agent on Anthropic

Create a Managed Agent with always_ask permission policy on tools you want governed:

// On Anthropic's side — set always_ask so tools pause for approval
const agent = await anthropic.beta.agents.create({
  name: "My Agent",
  model: "claude-sonnet-4-6",
  tools: [{
    type: "agent_toolset_20260401",
    default_config: {
      permission_policy: { type: "always_ask" }
    }
  }]
});

4. Run a Governed Session

import { AgentLattice } from "@agentlattice/sdk";

const al = new AgentLattice({
  apiKey: process.env.AL_API_KEY,
  anthropicApiKey: process.env.ANTHROPIC_API_KEY,
});

const result = await al.govern("agent_011Ca...", "Analyze this earnings report");

console.log(result.output);       // Agent's text response
console.log(result.decisions);    // Per-tool governance decisions

That's it. Every tool call is evaluated against your policies, logged in the audit trail, and signed with ECDSA.

How It Works

When you call govern():

  1. Session creation — creates an Anthropic environment and session (or reuses existing ones via sessionId / environmentId options)
  2. SSE stream — opens a real-time event stream to Anthropic's runtime
  3. Message delivery — sends your message to the agent
  4. Event loop — for each tool the agent invokes:
    • Maps the tool name to an AgentLattice action type (e.g., bash -> code.execute)
    • Calls gate() to evaluate your workspace's policies
    • If approved: sends allow back to Anthropic
    • If denied: sends deny back to Anthropic (agent adapts gracefully)
    • If approval required: polls the approval endpoint until a human responds
  5. Completion — returns GovernResult with the agent's output and all decisions

Tool Mapping

Anthropic's built-in tools map to AgentLattice action types:

Anthropic Tool AgentLattice Action Recommended Policy
bash code.execute always_ask
write file.write always_ask
edit file.write always_ask
read file.read always_allow
glob file.read always_allow
grep file.read always_allow
web_fetch web.read always_allow
web_search web.query always_allow
MCP tools mcp.{tool_name} always_ask

Create policies in your workspace for these action types to control agent behavior. For example, a policy on code.execute that requires approval will pause the agent whenever it tries to run a bash command, and notify your team for review.

Options

Callbacks

Monitor the agent's activity in real time:

const result = await al.govern("agent_id", "task", {
  onToolCall: (tool) => {
    console.log(`Agent wants to use: ${tool.name}`);
  },
  onDecision: (decision) => {
    console.log(`${decision.allowed ? "Allowed" : "Denied"}: ${decision.actionType}`);
    console.log(`Policy: ${decision.policyName}, resolved in ${decision.resolvedInMs}ms`);
  },
  onMessage: (text) => {
    console.log(`Agent: ${text}`);
  },
  onError: (error, tool) => {
    console.error(`Error evaluating ${tool.name}: ${error.message}`);
  },
});

Reuse Existing Sessions

If you already have an Anthropic session running:

const result = await al.govern("agent_id", "next task", {
  sessionId: "sesn_existing...",
  environmentId: "env_existing...",
});

Fail-Open Mode

By default, govern() denies tool calls when AgentLattice is unreachable (fail-closed). For availability-critical workloads:

const result = await al.govern("agent_id", "task", {
  failOpen: true,  // Allow tools if AL is down
});

GovernResult

interface GovernResult {
  output: string;           // Agent's concatenated text output
  decisions: GovernDecision[]; // Per-tool decisions
  sessionId: string;        // Anthropic session ID
  environmentId: string;    // Anthropic environment ID
  completed: boolean;       // true if end_turn, false if terminated
}

interface GovernDecision {
  eventId: string;          // Anthropic event ID
  toolName: string;         // e.g., "bash", "web_search"
  actionType: string;       // e.g., "code.execute", "web.query"
  allowed: boolean;
  auditEventId?: string;    // AgentLattice audit event
  policyName?: string;      // Which policy decided
  approvalId?: string;      // Present if HITL was involved
  resolvedInMs: number;     // Time to decision
}

Setting Up Policies

Common policy configurations for managed agents:

  • code.execute — Require approval. Bash commands are the highest-risk tool.
  • file.write — Allow with audit. File writes are contained to the sandbox.
  • web.read — Allow with audit. Web fetches are useful for research tasks.
  • web.query — Allow with audit. Web searches are low-risk.
  • file.read — Allow with audit. Reading files is safe.

Go to Policies in your workspace dashboard to configure these.

Human-in-the-Loop Approvals

When a policy requires approval (e.g., code.execute with approval routing), govern() automatically:

  1. Creates an approval request in your workspace
  2. Notifies your team via email
  3. Polls for the human decision
  4. Sends the verdict to Anthropic once resolved

The agent's session stays paused on Anthropic's side until the human approves or denies. Other tool calls in the same batch are processed concurrently, so auto-approved tools don't wait for HITL decisions.

Anthropic Permission Policies

For govern() to intercept tool calls, the Anthropic agent must be configured with always_ask on the tools you want governed. Tools set to always_allow execute immediately without flowing through AgentLattice.

Recommended configuration:

{
  "type": "agent_toolset_20260401",
  "default_config": {
    "permission_policy": { "type": "always_allow" }
  },
  "configs": [
    { "name": "bash", "permission_policy": { "type": "always_ask" } },
    { "name": "write", "permission_policy": { "type": "always_ask" } },
    { "name": "web_fetch", "permission_policy": { "type": "always_ask" } }
  ]
}

This lets the agent read files and search freely while gating dangerous operations through AgentLattice.