Hey all — I’ve been building production LangGraph agents and kept running into the same pattern: needing policy enforcement between the “decide” and “act” steps. Thought I’d share the pattern and see if others find it useful.
### The problem
LangGraph agents can execute tools, transition between states, and make autonomous decisions — but there’s no built-in mechanism for policy enforcement between those steps. Teams deploying agents in production need:
- Authorization checks before tool execution (e.g., “can this agent call this API?”)
- Cost/budget enforcement (e.g., “has this session exceeded $5?”)
- Audit trails with correlation IDs for compliance
- Guardrails that don’t require another LLM call (latency + cost)
Currently, users implement this ad-hoc inside individual nodes or via custom conditional edges, which is fragile and hard to standardize across graphs.
### The pattern: governance as a graph node
LangGraph’s graph-based architecture is uniquely suited for this — governance becomes a first-class node in the execution graph rather than a monkey-patched callback.
```python
from langgraph.graph import StateGraph, END
from tealtiger import TealEngine, Policy
# Define governance node
async def governance_checkpoint(state):
engine = TealEngine(policies=\[
Policy.cost_limit(max_per_session=5.00),
Policy.tool_allowlist(\["search", "calculator"\]),
Policy.rate_limit(max_calls=100, window="1h"),
\])
decision = await engine.evaluate(
agent_id=state\["agent_id"\],
action=state\["pending_tool_call"\],
context=state\["messages"\],
)
return {
\*\*state,
"governance_decision": decision.action, *# ALLOW | DENY | MODIFY*
"audit_trail": decision.evidence,
}
# Insert between “decide” and “act” in any graph
graph = StateGraph(AgentState)
graph.add_node(“agent”, agent_node)
graph.add_node(“governance”, governance_checkpoint) # ← policy gate
graph.add_node(“tools”, tool_node)
graph.add_edge(“agent”, “governance”)
graph.add_conditional_edges(“governance”, route_on_decision)
graph.add_edge(“tools”, “agent”)
```
### Why this works well with LangGraph
- Graph-native: Governance is a node, not a side-effect. Visible in the graph topology and debuggable in LangSmith traces.
- Composable: Drop it into any graph between any two nodes. Works with subgraphs too.
- Deterministic: No LLM call in the governance path — just policy evaluation. Adds <5ms latency.
- Durable: Works with LangGraph’s checkpointing — governance decisions are persisted and replayable.
- Human-in-the-loop compatible: Can escalate DENY decisions to human review via LangGraph’s interrupt mechanism.
### What this enables
- - Cost budgets per session/agent/user
- - Tool allowlisting and rate limiting
- - PII detection before data leaves the graph
- - Cryptographic audit evidence (SARIF export)
- - OWASP Agentic Security Top 10 coverage
### Implementation
I built this as part of [TealTiger]( GitHub - agentguard-ai/tealtiger: Powerful protection for AI agents - Open-source security and cost tracking for AI applications · GitHub ) (open-source, Apache 2.0) — a governance SDK for AI agents. The governance engine is deterministic (no LLM in the path) and works with any LangGraph workflow.
Would love to hear:
1. Is anyone else solving governance in their LangGraph agents? What patterns are you using?
2. Would a community example notebook showing this pattern be useful?
3. Is there interest in a lightweight `langgraph-tealtiger` integration package?
Happy to contribute an example or integration if there’s interest.