Docs Start here
A governed audit trail in 5 minutes
KIFF connects to the agent stack you already run. You attach one guard to your agent, run it as usual, and get a real audit trail of every tool call it made — what ran, with what arguments, and what KIFF would decide. No rewrite, no new framework, no account.
This page is the whole path: install → attach → run → read the trail.
It works with zero configuration because the first mode, observe,
never calls KIFF and never blocks a tool. It just watches and records.
1. Install the guard
The guard is an open-source (MIT) Python package,
kiffhq/kiff-guard. Install the
core plus the adapter for whatever framework you use — here, Agno:
pip install "git+https://github.com/kiffhq/kiff-guard.git#subdirectory=packages/python/kiff-guard"
The core has zero required dependencies. Each framework adapter pulls its own framework in as an optional extra; install only what you use.
The guard is not yet on PyPI, so the install is from git for now. A
pip install kiff-guardline lands when the package is published — this page updates the moment it does, never before.
2. Attach it in observe mode
One guard, one hook. observe runs every tool, records a receipt, and
learns your action catalog. It needs no client, no tenant, no API key.
from kiff_guard import Guard
from kiff_guard.adapters.agno import agno_hook
guard = Guard(mode="observe") # no client, no tenant needed
agent = Agent(
model=...,
tools=[refund_order, send_email],
tool_hooks=[agno_hook(guard)],
)
On a different stack? The hook is the only line that changes. Every framework page shows the same four-step spine with that framework’s one-line attach.
3. Run your agent as usual
Nothing about your agent changes. Run it the way you already do — a script, a test, a request handler. The guard rides along on each tool call.
# ... run your agent however you normally do ...
agent.run("Refund order ord_4821 and email the customer")
4. Read the audit trail
Every tool call your agent made is now a receipt. This is the artifact KIFF is about: a record of what your agent actually did.
for r in guard.receipts:
print(r.state, r.tool, r.outcome)
# observed refund_order observed
# observed send_email observed
And because the guard learned the catalog while it watched, it can hand
you a starter KIFF domain derived from real traffic — so you never face
a blank kiff.yaml:
from kiff_guard import export_yaml
print(export_yaml("my-domain", guard.catalog))
# KIFF domain draft for 'my-domain'
# Auto-derived from observed agent traffic (instrument-first).
domain: my-domain
actions:
- name: refund_order
parameters: [amount_cents, order_id]
risk: low # TODO(human): low | medium | high
requires_approval: false # TODO(human)
- name: send_email
parameters: [body, to]
risk: low # TODO(human): low | medium | high
requires_approval: false # TODO(human)
That’s the five minutes. You instrumented an agent you already had and got a real audit trail plus a domain draft, without an account and without changing what your agent does.
What you just saw, and what’s next
observe is the front door. The same one-line integration becomes the
runtime gate when you’re ready: switch the guard to enforce, point it
at a tenant, and KIFF decides before each tool runs — allowed
proceeds, approval_required holds for a human, blocked refuses. The
audit trail is the same; now it’s governed.
- Understand the model → How the guard works: observe vs enforce, the one-receipt rule, the two adapter shapes.
- Your framework → pick it from the sidebar. Four are shipped and verified (Agno, LangGraph, Hermes, OpenAI Agents SDK); the rest are in preview with the researched seam documented.
- Turn on enforcement → mint a key and activate a domain in the dashboard. Each framework page has the enforce snippet.
The code for every adapter lives in the public repo,
kiffhq/kiff-guard. docs.kiff.dev
owns the narrative; the repo owns the code.