AutoGen Integration

Gate AutoGen function calls through pyhall governance. Check Hall Server before any capability executes. On registry error or network failure, fail closed — never assume the capability is allowed.

Install

pip install pyhall-wcp autogen-agentchat

Then start Hall Server:

pyhall hall start

Authentication

POST /api/route requires a session token from Hall Monitor. After logging into Hall Monitor, export your session token from the desktop app settings and set it in your environment: export HALL_SESSION_TOKEN=<token>

Integration Pattern

import os, requests

HALL_URL = "http://localhost:8765"
HALL_TOKEN = os.environ.get("HALL_SESSION_TOKEN", "")

def check_capability(capability_id: str, tenant_id: str = "your-org") -> bool:
    """Return True if Hall Server allows this capability."""
    try:
        resp = requests.post(f"{HALL_URL}/api/route",
            headers={"Authorization": f"Bearer {HALL_TOKEN}"},
            json={
                "capability_id": capability_id,
                "env": "dev",
                "data_label": "PUBLIC",
                "tenant_id": tenant_id,
            }, timeout=3)
        return resp.json().get("allowed", False)
    except Exception:
        return False  # fail-closed on registry error

# Gate an AutoGen function call:
if check_capability("cap.doc.summarize"):
    # invoke autogen agent
    ...
else:
    print("Capability blocked by Hall governance policy.")

Fail-Closed Design

The except Exception: return False pattern is intentional. If Hall Server is unreachable, the default is to block — not to permit. This is the correct behavior for a governance gate.

To allow degraded operation (not recommended in production), you can change the fallback, but document it explicitly and set an alert.

Reference

• Hall API reference →
• Integrations overview →