Metadata-Version: 2.4
Name: latch-agent
Version: 0.1.3
Summary: Universal gating and audit layer for AI agents — policy-based tool gating with WebAuthn approval flows
Project-URL: Homepage, https://github.com/dipakkrishnan/latch
Project-URL: Repository, https://github.com/dipakkrishnan/latch
Project-URL: Issues, https://github.com/dipakkrishnan/latch/issues
Author: Latch Contributors
License-Expression: MIT
Keywords: agent,ai,audit,mcp,security,tool-gating,webauthn
Classifier: Development Status :: 3 - Alpha
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: MIT License
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Programming Language :: Python :: 3.13
Classifier: Topic :: Security
Requires-Python: >=3.10
Requires-Dist: aiohttp>=3.9
Requires-Dist: fastmcp>=3.0
Requires-Dist: pyyaml>=6.0
Requires-Dist: webauthn>=2.0
Provides-Extra: dev
Requires-Dist: pytest; extra == 'dev'
Requires-Dist: pytest-asyncio; extra == 'dev'
Description-Content-Type: text/markdown

# latch-agent

Universal gating and audit layer for AI agents. Intercepts tool calls, evaluates them against YAML policies, logs decisions, and supports WebAuthn approval flows.

## Quick Start

```bash
pip install latch-agent
latch init
```

## OpenClaw Integration

```bash
openclaw plugins install openclaw-latch
```

The plugin automatically installs `latch-agent`, runs `latch init`, and registers `latch-serve` as an MCP server.

## Claude Code Integration

Add latch as a hook in your Claude Code settings:

```json
{
  "hooks": {
    "PreToolUse": [{ "command": "latch-hook" }]
  }
}
```

## Codex Integration

Set up latch as a pre-tool-use hook in your Codex configuration, pointing to `latch-hook`.

## Policy Format

Edit `~/.agent-2fa/policy.yaml`:

```yaml
defaultAction: allow
rules:
  - match: { tool: Bash }
    action: ask
  - match: { tool: 'Edit|Write|NotebookEdit' }
    action: ask
  - match: { tool: 'Read|Glob|Grep' }
    action: allow
```

Actions: `allow`, `deny`, `ask`, `browser` (browser-based approval), `webauthn` (passkey required).

## Configuration

| Variable | Default | Description |
|----------|---------|-------------|
| `AGENT_2FA_DIR` | `~/.agent-2fa` | Config directory path |
| `AGENT_2FA_CLIENT` | auto-detected | Override client detection |
| `LATCH_HOOK_DEBUG` | `false` | Enable debug logging for hook mode |

## CLI Commands

```
latch init       # Initialize config directory
latch hook       # Run as stdin/stdout hook
latch serve      # Run as MCP proxy server
latch dashboard  # Launch web dashboard
latch enroll     # Enroll a WebAuthn passkey
latch status     # Show config summary
```

## Development

```bash
cd py
uv sync
uv run pytest
```
