Install pactflow, write your rules as a policy, then compile and deploy agents that ship with governance already attached.
pactflow is the policy-compiled operating system for enterprise AI agents. You define your guardrails once as code approved models, allowed tools, PII handling, and which changes need human review and pactflow compiles those rules into every agent you ship. The result: developers move fast, and no agent reaches production outside the control plane. This guide takes you from pip install to a governed agent running in your environment.
Install the CLI and SDK from PyPI, then authenticate against your workspace. The login command opens your browser and stores a scoped token in ~/.pactflow/config.
# install the pactflow CLI + Python SDK $ pip install pactflow # authenticate against your workspace $ pactflow login ✓ logged in to acme-corp · scope: developer
A policy is a .pact file checked into your repo alongside your agent code. It declares the models an agent may call, the tools it can reach, how personally identifiable information is handled, and which changes require review before they go live. Everything an agent touches flows through this one file.
# policy.pact compiled into every agent surface policy "support-agents": models: ["gpt-4o", "claude-opus-4"] tools: allow("zendesk", "kb.read") pii: redact("email", "card") change: require_review("risk")
The models allow-list pins exactly which models are permitted anything else is blocked at the call. allow() is least-privilege by default: a tool not named here cannot be reached. redact() strips matched fields before they ever leave your perimeter, and require_review("risk") routes any change to this agent through change-control before it can ship.
Compiling type-checks your policy, resolves model and tool references, and produces a signed artifact bound to the agent. Deploying pushes that artifact to the control plane guardrails travel with the agent, not as an afterthought.
# compile the policy, then ship the agent $ pactflow compile && pactflow deploy ✓ policy "support-agents" compiled · 0 violations ✓ support-agent deployed · guardrails bound
compile with no bound policy fails closed, and the control plane refuses any agent whose artifact isn't signed.Native SDKs are available for Python, TypeScript, and Go. Each one enforces the compiled policy on every call the same guardrails locally that production uses, so you fail fast before you ship. Reference an agent by name and policy, and the SDK handles model routing, tool allow-listing, and PII redaction transparently.
from pactflow import Agent agent = Agent("support", policy="support-agents") # guardrails enforced on every call models, tools, PII agent.run("refund order 8821")
From here, head to Deploying agents for environment targets and rollout strategy, Self-hosting to run the control plane inside your own VPC, or the CLI and API references for the full surface.