APort vs Google ADK safety
Google’s Agent Development Kit adds before-model and before-tool hooks plus optional lightweight screening. OAP is built for deterministic, passport-bound allow/deny with signed decisions.
Google ADK documents plugin-style callbacks (`before_model_callback`, `before_tool_callback`) and integrates with Agent Sandbox on Google Cloud for isolation. Screening layers may use smaller models (e.g. Gemini Flash Lite), which remains probabilistic at the classifier level.
OAP targets the same interception point but evaluates declarative policy against a passport and required context, with no sampling in the decision path. Sandboxes and ADK hooks are complementary: use both when you need containment and semantic authorization.
| Comparison point | OAP / APort | Google ADK / Vertex AI agent safety |
|---|---|---|
| Decision determinism | Same inputs → same allow/deny; no temperature in policy evaluation. | Tool hooks are deterministic; optional model-based filters inherit classifier non-determinism. |
| Policy representation | Versioned policy packs (JSON) with schemas, limits, and conformance tests. | Developer-defined callbacks and plugins; policy shape is implementation-specific. |
| Portable agent credential | OAP passport + signed decisions portable across frameworks (OpenClaw, LangChain, Cursor, …). | Tied to ADK / Google Cloud agent runtime and documented callback model. |
| Audit artifact | Signed decision records aligned to OAP decision schema. | Depends on what your callbacks persist; not a single cross-vendor decision format. |
| Isolation story | Authorization at tool boundary; pairs with any sandbox vendor. | Strong Kubernetes / Agent Sandbox story for Google Cloud deployments. |
| MCP / IDE reach | Shipped guardrail installers for multiple IDEs and MCP tool paths. | Focused on ADK-based agents and Google’s agent ecosystem. |
Use Google ADK / Vertex AI agent safety when
- You standardize on Google ADK and Vertex AI for agent orchestration
- You want first-party sandboxing on Google Cloud
- You already implement custom logic inside ADK callbacks
Use OAP / APort when
- You need a portable passport + policy model across vendors
- Compliance asks for consistent signed deny reasons across frameworks
- You want policy-as-data separate from application callback code
Why teams choose OAP / APort
Framework-portable passports
One OAP policy story across OpenClaw, Cursor, CrewAI, LangChain, and custom runtimes—not only ADK.
Deterministic core path
Policy evaluation without relying on a secondary model for the final allow/deny.
Open spec + OSS guardrails
Implementers can conform to OAP; APort ships reference hooks and verification APIs.