Guard LLM tool calls with rules, scoring, and audit trails.
Project description
cascade
Guard LLM tool calls with rules, scoring, and audit trails.
cascade is a lightweight governance layer for AI agent tool calls. It sits
between your LLM and tool execution — evaluate every tool call against rules,
rank survivors by strategy, and audit every decision.
Quick Start
from cascade import DecisionPipeline
pipe = DecisionPipeline()
result = pipe.guard(
tool_calls=[
{"id": "1", "name": "search", "confidence": 0.92},
{"id": "2", "name": "delete", "confidence": 0.15},
],
rules=[
{"field": "confidence", "op": "gte", "value": 0.5},
{"field": "name", "op": "nin", "value": ["delete"]},
],
strategy="softmax",
top_k=1,
)
if result["selected"]:
safe = result["selected"][0]
print(f"Safe: {safe['name']} ({safe['confidence']})")
Installation
pip install cascade
Zero external dependencies.
Why cascade?
- Zero dependencies — pure Python, no pip wars
- Plugs into any LLM framework — OpenAI, LangChain, or custom
- Audit built in — every
guard()auto-writes JSONL audit trails - 4 selection strategies — softmax / linear / uniform / threshold
- Self-emergence — C₃↔C₄ closed loop learns from outcomes
- Composite rules —
all_of/any_of/not_for complex policies - Actions —
block/redirect/transformfor automated remediation
C1–C4 Architecture
C1 (Gate) : Rule engine — 11 operators + AND/OR/NOT composition
C2 (Trigger) : Event triggers — condition callbacks + state machine
C3 (Selector) : Selection pressure — uniform/linear/softmax/threshold ranking
C4 (Feedback) : Feedback loop — binary/proportional/threshold reward
Linkage : C₃↔C₄ closed loop — rewards adjust future selection
Docs
| File | What it covers |
|---|---|
| docs/usage.md | guard() API, DecisionPipeline, AuditTrail |
| docs/rules.md | Leaf rules, rule presets, composite rules (all_of/any_of/not_) |
| docs/strategies.md | Selection strategies and when to use each |
| docs/cli.md | cascade check CLI reference |
| CHANGELOG.md | Version history |
Integrations
# OpenAI SDK — intercept before tool_choice
response = client.chat.completions.create(..., tools=my_tools)
safe_tools = pipe.guard(
tool_calls=[t.dict() for t in response.choices[0].message.tool_calls],
rules=[{"field": "name", "op": "nin", "value": BLOCKED_TOOLS}],
)
# LangChain — agent output goes through cascade
agent_result = agent.invoke({"input": query})
safe = pipe.guard(tool_calls=agent_tool_calls, rules=[...])
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
agent_armour-0.3.0.tar.gz
(26.1 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file agent_armour-0.3.0.tar.gz.
File metadata
- Download URL: agent_armour-0.3.0.tar.gz
- Upload date:
- Size: 26.1 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.11.6 {"installer":{"name":"uv","version":"0.11.6","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"macOS","version":null,"id":null,"libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
6a79da38d89fadfa6fd0ab9030f576384d9d84fefe8a40bc0d564cc3f0d3ffac
|
|
| MD5 |
aae4e5c3df1eede67e590200ba415a9b
|
|
| BLAKE2b-256 |
97826e152f8475814319507cb2af009fe1c2fcc74472dd0ff3321439ef0743b4
|
File details
Details for the file agent_armour-0.3.0-py3-none-any.whl.
File metadata
- Download URL: agent_armour-0.3.0-py3-none-any.whl
- Upload date:
- Size: 21.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.11.6 {"installer":{"name":"uv","version":"0.11.6","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"macOS","version":null,"id":null,"libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
63df56f6e0febcaaa57abfef09214a8675ee4564a754ccc3216422b5f8f37db8
|
|
| MD5 |
2da5de6517e2858b330598e4693597ac
|
|
| BLAKE2b-256 |
8081cf05d360b3cfd5e72a3dfa19a6ef3c99b81b10a1eafa1a98478b207fe46d
|
