Skip to content

docs: add Vaultak runtime security guide for AgentChat#7766

Open
samueloladji-beep wants to merge 1 commit into
microsoft:mainfrom
samueloladji-beep:add-vaultak-security
Open

docs: add Vaultak runtime security guide for AgentChat#7766
samueloladji-beep wants to merge 1 commit into
microsoft:mainfrom
samueloladji-beep:add-vaultak-security

Conversation

@samueloladji-beep
Copy link
Copy Markdown

@samueloladji-beep samueloladji-beep commented May 29, 2026

Summary

Adds a new guide for integrating Vaultak — a runtime security platform — with AutoGen AgentChat, using AutoGen's native DefaultInterventionHandler interface.

Install: pip install autogen-ext-vaultak

Changes

python/docs/src/user-guide/agentchat-user-guide/vaultak-security.md (new)

  • Explains the integration architecture: VaultakInterventionHandler subclasses DefaultInterventionHandler and is passed to SingleThreadedAgentRuntime(intervention_handlers=[...])
  • The handler intercepts ToolCallRequestEvent messages on on_publish, risk-scores the requested tool call (0–10), and returns DropMessage to block execution above a configurable threshold
  • PII masking on ToolCallExecutionEvent outputs before they reach the next agent
  • Configurable parameters table
  • Monitored-event coverage table
  • "Combining with OpenTelemetry Tracing" section showing both can be used together on the same runtime
  • Links to docs, PyPI, GitHub, and the InterventionHandler API reference

python/docs/src/user-guide/agentchat-user-guide/index.md

  • Adds a "Runtime Security (Vaultak)" grid card under the Advanced section
  • Registers vaultak-security in the Advanced toctree (after tracing)

Integration Architecture

runtime = SingleThreadedAgentRuntime(
    intervention_handlers=[VaultakInterventionHandler(api_key="vtk_...")]
)

The InterventionHandler protocol is AutoGen Core's native primitive for
intercepting messages — no monkey-patching, no middleware wrapping. On every
on_publish call, the handler checks whether the message is a
ToolCallRequestEvent, scores the tool call via the Vaultak SDK, and returns
DropMessage if the risk score exceeds the configured threshold.

Test plan

  • Page renders correctly at /user-guide/agentchat-user-guide/vaultak-security.html
  • Grid card on index page links correctly to the new guide
  • vaultak-security appears in the Advanced sidebar
  • Code example is syntactically correct Python

🤖 Generated with Claude Code

@samueloladji-beep @claude
docs: add Vaultak runtime security guide for AgentChat
1d7886a 
Adds python/docs/src/user-guide/agentchat-user-guide/vaultak-security.md
— a guide for integrating Vaultak (pip install autogen-ext-vaultak) with
AutoGen via the native DefaultInterventionHandler interface.

The handler intercepts ToolCallRequestEvent messages before they reach
agents, risk-scores the requested tool call (0–10), and returns DropMessage
to block execution above a configurable threshold. PII is masked in
ToolCallExecutionEvent outputs, and errors trigger dashboard alerts.

Also adds a "Runtime Security (Vaultak)" grid card to index.md and
registers vaultak-security in the Advanced toctree (after tracing).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@samueloladji-beep
Copy link
Copy Markdown
Author

samueloladji-beep commented May 29, 2026

@microsoft-github-policy-service agree

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@samueloladji-beep