The foundation layer
for agentic intelligence.
One framework to go from prototype to production. Agents that discover tools, remember context, and guard themselves. MCP servers with auth, governance, and audit trails. A Reasoning Engine to build how your agent thinks — like bricks. Deploy autonomous agents that work around the clock — with lifecycle management, crash recovery, and mission-driven execution.
Every team building AI agents
discovers the same thing.
Promptise replaces that entire stack.
Five subsystems. One install. Everything you need to go from prototype to production.
Every subsystem designed to work with every other.
Use one or all five. The interfaces are consistent and the behavior is predictable.
Turn any LLM into a
production-ready agent.
One function call.
Point at MCP servers — tools are discovered automatically. Memory is searched and injected before every turn. Guardrails block injection attacks in real time. Powered by the Reasoning Engine — a custom execution runtime that replaces generic tool loops with composable reasoning patterns, parallel tool execution, and 0.02ms overhead.
Design how your agent thinks.
Not just what tools it calls.
Snap together 20 composable reasoning nodes — Plan, Think, Act, Reflect, Critique, Synthesize — into custom reasoning patterns. The agent builds its own execution path at runtime. 7 prebuilt patterns or build your own. 0.02ms engine overhead.
agent decides path at runtime · 16 typed flags · per-node models
Build APIs that AI understands.
On your terms.
Decorate a function, get a production API. JWT auth, role guards, rate limiting, circuit breakers, HMAC audit logs. TestClient runs the full pipeline without HTTP.
async def search(query: str) -> list[dict]:
# Auth, rate limiting, audit — zero extra code.
The operating system for autonomous agents.
Cron schedules, webhook triggers, crash-recovery journals, LLM cost budgets, behavioral health monitoring, mission-oriented execution. Deploy from YAML.
Prompts built like software, not strings.
8 typed blocks with priority-based token budgeting — lowest-priority blocks drop first when context is tight. Conversation flows evolve per phase. Guards validate output with auto-retry. Inspector traces every assembly decision. Version registry + YAML loader + pytest integration.
One function.
Every capability.
Production on day one.
build_agent() returns a fully armed production agent — powered by the Reasoning Engine, secured by 6-head guardrails, optimized by semantic tool selection, and observable from every angle. What takes other frameworks 3 months ships in an afternoon.
MCP Tool Discovery
Point at server URLs — tools appear. JSON Schema auto-converted. Multi-server routing via MCPMultiClient. Zero manual wiring.
Security Guardrails
DeBERTa ML injection detection. 69 PII patterns. 96 credential patterns. GLiNER NER. Content safety. All models run locally.
Vector Memory
ChromaDB, Mem0, InMemory. Auto-search before every turn.
Semantic Cache
Cosine similarity. Per-user isolation. AES-256. GDPR purge.
Human Approval
Webhook + callback handlers. HMAC-signed. Replay protection.
Model Fallback
Circuit breakers per provider. Auto-failover chain.
Streaming
Real-time tool + token events. Build chat UIs that show progress.
Observability
8 destinations: Prometheus, OTel, HTML, JSON, webhook, console.
Design how your
agent thinks.
Every other framework gives you a tool-calling loop. Promptise gives you composable reasoning — 20 building bricks that define exactly how your agent plans, acts, reflects, and decides.
The agent builds its own execution path at runtime. No static wiring. No hardcoded workflows. The LLM sees the available nodes and picks the most productive next step — adapting its reasoning depth to the complexity of the task.
Not enough? Create your own nodes. Configure every detail — instructions, tools, strategy, model, data flow, guards. Fine-tune the reasoning to your exact use case and you don't just make the agent faster and cheaper — you make it measurably more accurate. Generic ReAct can't do that.
Explore the Reasoning EngineResearch Agent
Plan → Search → Verify → Synthesize. Validates findings against sources before answering. Generic ReAct just searches randomly.
Code Review Agent
Analyze → Critique → Justify → Validate. The adversarial step forces real findings. Every claim must cite specific code.
Data Analysis Agent
Plan queries → Execute → Cross-check → Report. Scored 8/13 accuracy vs generic ReAct's 5/13 in benchmarks.
Ship a production MCP server in one decorator.
Federate every MCP server you call into one tool suite.
Decorate a function and ship a tool API with end-to-end identity, fine-grained authorization, rate limiting, circuit breakers, and tamper-proof audit logs. Every request carries a typed context — who called, with what claims, in which session — so handlers stay focused and middleware does the heavy lifting.
Explore MCPserver = MCPServer("tools")
@server.tool(roles=["analyst"])
async def query(sql: str) -> list:
"""Run a SQL query."""
return await db.execute(sql)
Auth & Authorization
HS256 / RS256 / ES256 with timing-safe comparison. Role, scope, and capability guards per tool. Token caching built in.
Request Context
Every handler receives a RequestContext with the authenticated client, claims, session state, and headers. No globals, no plumbing.
Middleware
Rate limit, circuit breaker, concurrency caps, cache, Prometheus, OpenTelemetry. Pre-compiled — zero overhead per call.
Job Queue
Built-in async queue with 4 priority levels, exponential-backoff retries, live progress, and cancellation. Five tools auto-registered for agents to poll.
Audit Logs
Every invocation chained and signed: client ID, arguments, result, duration. Forensic-grade compliance trail.
The operating system for autonomous agents.
Triggers fire. Processes wake. Agents execute. Governance checks run in parallel. Tools get called. Journals record everything. Missions get evaluated. Failures get escalated. All of it managed via REST API — without redeploying.
Prompts built like software.
Not strings.
Composable blocks with priority-based token budgeting. Conversation flows that evolve per phase. Strategies you compose with chain_of_thought + self_critique. An inspector that traces every assembly decision. Version control. Testing. The full stack.
When budget is tight, lowest-priority blocks drop first. No crash — graceful degradation.
ConversationFlow
Greeting → Diagnosis → Solution → Follow-up. Each phase activates different blocks. Identity changes. Rules adapt.
5 Strategies + 4 Perspectives
ChainOfThought + SelfCritique in one line. Analyst, Critic, Advisor, Creative perspectives. Orthogonal — mix and match.
Inspector + Testing + SemVer
Trace every block inclusion. mock_llm() for pytest. @version("1.0.0") for rollback. Prompts are versioned artifacts.
MCP-native, not bolted on
Every other framework added MCP support after the fact. Promptise was built around it. Tool discovery, schema conversion, and multi-server routing are core architecture, not plugins.
Security that ships with the framework
JWT auth, RBAC guards, cryptographic audit logs, sandboxed execution, prompt injection detection — built in, not left as an exercise for the reader.
The only framework with a real runtime
Cron triggers, crash recovery journals, autonomy budgets, behavioral health monitoring, mission-oriented execution. No other Python agent framework offers this.
Works with your existing stack
Any LLM provider. PostgreSQL, Redis, SQLite for persistence. Prometheus, OpenTelemetry for observability. Docker for sandboxing. Nothing exotic. Nothing proprietary.
Every layer. One framework.
Pick a configuration. Watch the pipeline adapt. From a minimal 4-node agent to a fully governed autonomous runtime with 17 active nodes — every feature is opt-in with zero overhead when disabled.
Trigger wakes the process. Budget checked. Agent runs the full request flow. Journal + health + mission after.
17 nodes active · 4 pillars
Hover any node to inspect. Click a scenario to switch. Each feature is opt-in — disabled features are skipped entirely.
Watch the defenses work.
In real time.
Pick a scenario. Watch a request travel through 8 security layers. See exactly where attacks are stopped and clean requests flow through.
8
Security layers
per request
165
Detection patterns
PII + credentials
0
Secrets in logs
ever
∞
Tamper-evident entries
HMAC-chained
Developer Experience
Ready to use. Ready to ship.
Every example is a complete, working application. Agents with memory, MCP servers with authentication, reasoning graphs, autonomous runtime — all tested, all documented. Pick one, run it, and build from there.
from promptise import build_agent
from promptise.config import HTTPServerSpec
from promptise.memory import InMemoryProvider
agent = await build_agent(
model="openai:gpt-4o-mini",
servers={
"platform": HTTPServerSpec(
url="http://localhost:8080/mcp",
transport="sse",
bearer_token=os.environ["MCP_TOKEN"],
),
},
instructions="You are a financial analyst with access to market data tools.",
memory=InMemoryProvider(max_entries=200),
memory_auto_store=True,
guardrails=True,
cache=True,
optimize_tools=True,
observe=True,
)
result = await agent.ainvoke({
"messages": [{"role": "user", "content": "What drove Q4 revenue growth?"}]
})
# Or use chat() for persistent conversations
response = await agent.chat(
message="Compare that to Q3",
session_id="session-001",
)The agent connects to your MCP server with bearer token auth, auto-discovers all available tools, recalls relevant memories before each turn, blocks prompt injection with 6 local detection heads, caches semantically similar queries, and only sends the tools that matter per request. One function.
Migration
Coming from somewhere else?
Promptise is not a rewrite. It is the infrastructure layer you were going to build anyway.
Coming from LangChain
Keep your LLM wrappers
Promptise uses LangChain under the hood. Pass any BaseChatModel directly. Your existing chains and tools work — Promptise adds MCP discovery, guardrails, and governance on top.
Coming from CrewAI
Real governance, not just roles
CrewAI gives agents roles and goals. Promptise gives them budgets, health monitoring, mission evaluation, crash recovery journals, and 14 self-modification meta-tools.
Coming from AutoGen
Production infrastructure included
AutoGen focuses on multi-agent conversation. Promptise adds what you need to ship: JWT auth, rate limiting, audit logs, semantic caching, and a runtime that survives restarts.
Coming from Building from scratch
Skip 6 months of infrastructure
build_agent() gives you tool discovery, memory, guardrails, caching, observability, and streaming in one function call. The MCP layer ships the production tool API — typed context, authentication, authorization, and audit logging — in a single decorator.
Also in Promptise
Prompt Engineering Resources
Open Source
Apache 2.0. Free forever. No strings.
Use Promptise in commercial products, modify it, distribute it. No CLA required. The entire framework — agents, MCP servers, runtime, prompts — is open source and always will be.
Start building.
Not configuring.
Foundry is open source and free forever. Install it, build something remarkable, ship it to production.