Quickstart

ℹ

Prerequisites

Python 3.10+, Go 1.21+, or Node 18+. An Aten Security account and API key. Sign up free to get your API key — first enforcement event in under 5 minutes, no call required.

Install the SDK

pip install aten-thoth

Set your API key

export THOTH_API_KEY="thoth_live_your_key_here"
export THOTH_API_URL="https://enforce.<tenant>.<apex-domain>"

Use a key provisioned by your security team or create one via the control-plane API. For headless flows, see Installation for the API example.

Instrument your agent

import os
from thoth import instrument, ThothPolicyViolation
 
def search_docs(query: str) -> str:
    return f"Found 3 docs matching: {query}"
 
def submit_payment(invoice_id: str, amount: float) -> str:
    return f"Payment submitted: {invoice_id} for ${amount}"
 
class InvoiceAgent:
    class Tool:
        def __init__(self, name, fn):
            self.name = name
            self._fn = fn
        def run(self, *args, **kwargs):
            return self._fn(*args, **kwargs)
 
    tools = [
        Tool("search_docs", search_docs),
        Tool("submit_payment", submit_payment),
    ]
 
agent = InvoiceAgent()
 
# Instrument once — Thoth wraps every tool call
instrument(
    agent,
    agent_id="invoice-processor-v2",
    approved_scope=["search_docs"],  # submit_payment NOT in scope
    tenant_id="acme-corp",
    api_url=os.environ["THOTH_API_URL"],
    enforcement="progressive",
)
 
# search_docs is in scope — executes normally
result = agent.tools[0].run("quarterly report")
print(result)  # "Found 3 docs matching: quarterly report"
 
# submit_payment is out of scope — raises ThothPolicyViolation
try:
    agent.tools[1].run("INV-001", 1500.00)
except ThothPolicyViolation as e:
    print(f"Blocked: {e.reason}")
    print(f"Violation ID: {e.violation_id}")

What happens at runtime

📡

Pre-check event

Thoth emits a TOOL_CALL_PRE behavioral event to your event pipeline (non-blocking).

🛡

Policy enforcement

POST /v1/enforce evaluates the tool call. ALLOW, BLOCK, or STEP_UP based on your enforcement mode.

⚙️

Tool execution

Approved tool runs your business logic. Thoth is transparent to your agent code.

📊

Post-check event

TOOL_CALL_POST event is emitted with result. Full audit trail is available via API and SIEM exports.

✓

Fail-open by default

If the Thoth enforcer is unreachable, tool calls execute normally and a warning is logged. Your agent never goes down because of governance infrastructure.

Anthropic Claude integration

import anthropic
from thoth import instrument_anthropic
 
client = anthropic.Anthropic()
 
tool_fns = {
    "search_docs": lambda input: f"Results for: {input['query']}",
}
governed_fns = instrument_anthropic(
    tool_fns,
    agent_id="invoice-processor-v2",
    approved_scope=["search_docs"],
    tenant_id="acme-corp",
)
 
messages = [{"role": "user", "content": "Find docs about payment approval"}]
while True:
    response = client.messages.create(
        model="claude-opus-4-5",
        max_tokens=1024,
        tools=[{"name": "search_docs", "description": "Search docs",
                "input_schema": {"type": "object", "properties": {"query": {"type": "string"}}}}],
        messages=messages,
    )
    if response.stop_reason == "end_turn":
        break
    tool_results = []
    for block in response.content:
        if block.type == "tool_use":
            fn = governed_fns.get(block.name)
            if fn:
                result = fn(block.input)  # governance runs here
                tool_results.append({"type": "tool_result", "tool_use_id": block.id, "content": str(result)})
    messages.append({"role": "assistant", "content": response.content})
    messages.append({"role": "user", "content": tool_results})

Next steps

Core Concepts →

Understand enforcement modes, behavioral baselines, and the evidence chain.

→

Python SDK Reference →

Full API reference for instrument(), instrument_anthropic(), and ThothConfig.

→