Framework Plugins
Watchlight AI Agent Runtime Governance integrates natively with popular AI agent frameworks through plugins — lightweight libraries that intercept agent operations and enforce governance without modifying your agent code.
How Plugins Work
Plugins sit between the agent framework and your tools, transparently enforcing governance on every operation:
Agent Framework (ADK, LangGraph, CrewAI, OpenAI)
│
▼
┌──────────────────────────────┐
│ Watchlight Plugin │
│ │
│ • Trust verification │
│ • Policy evaluation │
│ • Action verb classification│
│ • Execution lineage │
└──────────────────────────────┘
│
▼
WL-APDP (Policy Decision Point)
What Plugins Enforce
| Hook | Governance Action |
|---|---|
| Agent start | Verify trust state — untrusted agents are blocked |
| Tool call | Evaluate policy — Allow or Deny based on agent role + action + resource |
| LLM access | Policy-check model access — control which agents can invoke LLMs |
| Agent end | Emit execution completed event for lineage tracking |
Available Plugins
| Plugin | Framework | Status |
|---|---|---|
| watchlight-adk | Google Agent Development Kit | Available |
| watchlight-openai | OpenAI Agents SDK | Planned |
| watchlight-langgraph | LangGraph | Planned |
| watchlight-crewai | CrewAI | Planned |
Architecture Principles
- Single connection — plugins only talk to WL-APDP. No direct NATS, no database connections.
- Fail-closed by default — if APDP is unreachable, all actions are denied.
- Zero code changes — install the plugin, register it on your runner, done.
- Framework-agnostic policies — the same policy works regardless of which framework the agent uses.
- Best-effort lineage — event emission never blocks agent execution.