Docs/Predicate Secure/Framework Guides

Framework Guides

SecureAgent integrates with popular AI agent frameworks. It auto-detects your framework and applies the appropriate adapter.

browser-use

browser-use is an AI agent framework for browser automation. SecureAgent integrates seamlessly with browser-use agents.

Basic Usage

from browser_use import Agent
from langchain_openai import ChatOpenAI
from predicate_secure import SecureAgent

# Create your browser-use agent
llm = ChatOpenAI

Policy Example for browser-use

# policies/shopping.yaml
rules:
  # Allow browsing Amazon
  - action: "browser.*"
    resource: "https://*.amazon.com/*"
    effect: allow

  # Allow clicking checkout with verification
  - action: "browser.click"
    resource: "*checkout*"
    effect: allow
    require_verification:
      - url_contains: "/checkout"

  # Block external sites
  - action: "browser.navigate"
    resource: "https://external.com/*"
    effect: deny

  # Default deny
  - action: "*"
    resource: "*"
    effect: deny

Using the Plugin API

For more control, you can use the PredicateBrowserUsePlugin directly:

secure_agent = SecureAgent(agent=agent, policy="policy.yaml")

# Get the plugin for lifecycle hooks
plugin = secure_agent.get_browser_use_plugin()

# Run with lifecycle callbacks
result = await agent.run(
    on_step_start

Playwright

Playwright is a browser automation library. SecureAgent can wrap Playwright pages to add authorization.

Basic Usage

from playwright.async_api import async_playwright
from predicate_secure import SecureAgent

async with async_playwright() as p:
    browser = await p.chromium.launch()
    page =

Getting AgentRuntime

For advanced use cases with the predicate SDK:

secure_agent = SecureAgent(agent=page, policy="policy.yaml")

# Get the AgentRuntime
runtime = await secure_agent.get_runtime_async()

# Get the pre-action authorizer
authorizer = secure_agent.get_pre_action_authorizer()

LangChain

LangChain is a framework for building LLM applications. SecureAgent can wrap LangChain agents to authorize tool calls.

Basic Usage

from langchain.agents import AgentExecutor, create_react_agent
from langchain_openai import ChatOpenAI
from predicate_secure import SecureAgent

# Create your LangChain agent
llm = ChatOpenAI(model="gpt-4")
agent = create_react_agent(llm, tools

Policy Example for LangChain

# policies/tools.yaml
rules:
  # Allow search and calculator
  - action: "tool.search"
    resource: "*"
    effect: allow

  - action: "tool.calculator"
    resource: "*"
    effect: allow

  # Block file operations
  - action: "tool.file_write"
    resource: "*"
    effect: deny

  # Block shell commands
  - action: "tool.shell"
    resource: "*"
    effect: deny

  # Default deny
  - action: "*"
    resource: "*"
    effect: deny

Using SentienceLangChainCore

For browser-enabled LangChain agents:

secure_agent = SecureAgent(agent=agent_executor, policy="policy.yaml")

# Get the core with browser context
core = secure_agent.get_langchain_core(browser=browser)

# Use core for tool interception

PydanticAI

PydanticAI is a framework for building AI agents with Pydantic. SecureAgent supports PydanticAI agents.

Basic Usage

from pydantic_ai import Agent
from predicate_secure import SecureAgent

# Create your PydanticAI agent
agent = Agent(model="gpt-4")

# Wrap with SecureAgent
secure_agent = SecureAgent(
    agent=agent,
    policy="policy.yaml"

OpenClaw (Python Only)

OpenClaw is a local-first AI agent framework that connects to messaging platforms. SecureAgent integrates with OpenClaw CLI via HTTP proxy interception.

Architecture

The OpenClaw adapter works by:

  1. Starting an HTTP proxy server that intercepts OpenClaw skill calls
  2. Enforcing authorization policies before forwarding to actual skills
  3. Managing the OpenClaw CLI subprocess lifecycle
Python SecureAgent
      │
      ├─── HTTP Proxy (localhost:8788) ───┐
      │                                    ▼
      └─── spawns ──────► OpenClaw CLI ──► predicate-snapshot skill
                              │
                              └─► Browser actions (authorized)

Basic Usage

from predicate_secure import SecureAgent
from predicate_secure.openclaw_adapter import OpenClawConfig

# Create OpenClaw configuration
openclaw_config = OpenClawConfig(
    cli_path="/usr/local/bin/openclaw",  # Or None to use PATH
    skill_proxy_port=8788,
    skill_name="predicate-snapshot",
)

# Wrap with SecureAgent
secure_agent = SecureAgent(
    agent=openclaw_config,
    policy="policies/openclaw.yaml",
    mode="strict",
)

# Run a task
result = secure_agent.run(task="Navigate to example.com and take a snapshot")

Policy Example for OpenClaw

# policies/openclaw.yaml
rules:
  # Allow snapshot skill
  - action: "openclaw.skill.predicate-snapshot"
    resource: "*"
    effect: allow

  # Allow clicking elements
  - action: "openclaw.skill.predicate-act.click"
    resource: "element:*"
    effect: allow

  # Allow typing (but not in password fields)
  - action: "openclaw.skill.predicate-act.type"
    resource: "element:*"
    effect: allow
    conditions:
      - not_contains: ["password", "ssn"]

  # Block scroll actions
  - action: "openclaw.skill.predicate-act.scroll"
    resource: "*"
    effect: deny

  # Default deny
  - action: "*"
    resource: "*"
    effect: deny
Previous
Quick Start
Next
Execution Modes