Python SDK

The relynt package provides a typed client for the Relynt authorization gateway in Python, with both sync and async support.

Install


pip install relynt

Quick start


import os
from relynt import RelyntClient
 
client = RelyntClient(
    base_url=os.environ["RELYNT_API_BASE_URL"],
    agent_secret=os.environ["RELYNT_AGENT_SECRET"],
)
 
result = client.request_action(
    action="update_deal",
    resource="crm:deal:123",
    payload={
        "amount": 52000,
        "previous_amount": 50000,
    },
)
 
print(result.decision)   # "allow" | "deny" | "pending_approval"
print(result.receipt_id)

Handling approvals

When the policy requires human approval, the decision will be "pending_approval" and an approval_id is returned. Use poll_approval to wait for the decision:


if result.decision == "pending_approval":
    approval = client.poll_approval(
        approval_id=result.approval_id,
        timeout_ms=300_000,  # 5 minutes
    )
    print(approval.status)     # "approved" | "denied" | "expired"
    print(approval.decided_by) # e.g. "slack:U12345"

Async support

All methods have async variants:


import asyncio
from relynt import RelyntClient
 
client = RelyntClient(
    base_url="https://your-relynt-instance",
    agent_secret=os.environ["RELYNT_AGENT_SECRET"],
)
 
async def main():
    result = await client.async_request_action(
        action="update_deal",
        resource="crm:deal:123",
        payload={"amount": 52000},
    )
    print(result.decision)
 
asyncio.run(main())

Idempotency

Pass an idempotency_key to prevent duplicate processing:


result = client.request_action(
    action="update_deal",
    resource="crm:deal:123",
    payload={"amount": 52000},
    idempotency_key="my-unique-key-abc123",
)

Error handling

The SDK raises typed exceptions:


from relynt import (
    RelyntClient,
    AuthenticationError,
    RequestError,
    ApprovalTimeoutError,
    NetworkError,
)
 
try:
    result = client.request_action(...)
except AuthenticationError:
    # Invalid or expired agent secret (401/403)
    ...
except RequestError as e:
    # Bad request (4xx)
    print(e.status_code, e.code)
except NetworkError:
    # Gateway unreachable or timeout
    ...

API reference

`RelyntClient(base_url, agent_secret, *, timeout_s=30.0)`

Parameter	Type	Required	Description
`base_url`	`str`	Yes	Relynt gateway URL
`agent_secret`	`str`	Yes	Agent credential from rotation
`timeout_s`	`float`	No	Request timeout in seconds (default: 30)

`client.request_action(...)`

Returns ActionResult:

Field	Type	Description
`decision`	`str`	`"allow"`, `"deny"`, or `"pending_approval"`
`receipt_id`	`str`	UUID of the signed receipt
`approval_id`	`str \| None`	Present for `pending_approval`
`tool_response`	`dict \| None`	Connector response if executed
`reason`	`str \| None`	Policy reason
`risk_level`	`str \| None`	`"low"`, `"medium"`, or `"high"`
`policy_version`	`str \| None`	Policy version used

`client.poll_approval(...)`

Returns ApprovalResult:

Field	Type	Description
`status`	`str`	`"approved"`, `"denied"`, or `"expired"`
`decided_by`	`str \| None`	Who decided
`decided_at`	`str \| None`	ISO 8601 timestamp

Async variants

client.async_request_action(...) — async version of request_action
client.async_poll_approval(...) — async version of poll_approval

Environment variables

Variable	Description
`RELYNT_API_BASE_URL`	Gateway URL
`RELYNT_AGENT_SECRET`	Agent credential (from dashboard rotation)
`RELYNT_AGENT_ID`	Agent UUID (informational)
`RELYNT_ORG_ID`	Organization UUID (informational)