Skip to main content

Retrieval access control and vector store policy enforcement for RAG pipelines

Project description

agent-rag-governance

Retrieval access control and vector store policy enforcement for RAG pipelines.

Part of the Agent Governance Toolkit.

The Gap This Fills

AGT covers write-time memory protection (MemoryGuard) and output quality (ContentGovernance) — but nothing at retrieval time. Without retrieval-level governance:

  • An agent can query any collection it wants — no access control
  • No audit trail of which documents influenced an answer
  • No rate limiting if an agent gets stuck in a retrieval loop
  • No content scanning before retrieved chunks reach the LLM

agent-rag-governance closes that gap.

Quick Start

pip install agent-rag-governance
from agent_rag_governance import RAGGovernor, RAGPolicy

policy = RAGPolicy(
    allowed_collections=["public_docs", "product_manuals"],
    denied_collections=["hr_records", "financial_data"],
    max_retrievals_per_minute=100,
    content_policies=["block_pii", "block_injections"],
    audit_enabled=True,
)

governor = RAGGovernor(policy=policy, agent_id="sales-agent-001")
governed_retriever = governor.wrap(your_langchain_retriever, collection="public_docs")

# Drop-in replacement — same API as the original retriever
docs = governed_retriever.invoke("what is our refund policy?")

What It Enforces

Layer What It Does
Collection access control Allow/deny lists per agent — blocks cross-tenant data leaks
Rate limiting Sliding-window cap on retrievals/min — stops runaway loops
Content scanning PII and prompt-injection detection on chunks before LLM sees them
Audit logging Structured JSON-lines record per call — enables EU AI Act traceability

Governance Pipeline

Every governed_retriever.invoke(query) call runs this sequence:

1. check_collection()   →  CollectionDeniedError if blocked
2. check_rate()         →  RateLimitExceededError if exceeded
3. retrieve()           →  calls underlying retriever
4. scan_chunks()        →  filters blocked chunks, logs warnings
5. audit()              →  emits JSON-lines audit entry

Policy Reference

RAGPolicy(
    # None = allow all (unless denied). List = explicit allow list.
    allowed_collections=["public_docs"],

    # Always blocked, even if in allowed_collections.
    denied_collections=["hr_records", "financial_data"],

    # 0 = unlimited. Per agent per 60-second sliding window.
    max_retrievals_per_minute=100,

    # "block_pii": block chunks with emails, phones, SSNs, credit cards
    # "block_injections": block chunks with prompt-injection payloads
    content_policies=["block_pii", "block_injections"],

    # Write structured JSON-lines audit entries.
    audit_enabled=True,

    # None = stdout. Provide a path for file-based logging.
    audit_log_path="/var/log/rag-audit.jsonl",
)

Audit Log Format

Each retrieval call emits one JSON line:

{
  "timestamp": "2026-05-05T12:34:56.789012+00:00",
  "agent_id": "sales-agent-001",
  "collection": "public_docs",
  "query_hash": "a3f1...",
  "num_chunks_retrieved": 5,
  "num_chunks_blocked": 1,
  "decision": "allowed",
  "policy_triggered": null
}

Raw query text is never logged — only a SHA-256 hash — to avoid leaking sensitive search terms.

Compatibility

Works with any retriever that implements .invoke() or .get_relevant_documents(). LangChain is an optional dependency — agent-rag-governance has no required framework dependencies.

# With LangChain integration
pip install "agent-rag-governance[langchain]"

Related Packages

Package Protects
agent-os-kernel (MemoryGuard) Write-time memory poisoning
agent-rag-governance Retrieval-time access control
agent-os-kernel (ContentGovernance) Output-time quality enforcement

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

agent_rag_governance-4.1.0.tar.gz (32.6 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

agent_rag_governance-4.1.0-py3-none-any.whl (24.0 kB view details)

Uploaded Python 3

File details

Details for the file agent_rag_governance-4.1.0.tar.gz.

File metadata

  • Download URL: agent_rag_governance-4.1.0.tar.gz
  • Upload date:
  • Size: 32.6 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: RestSharp/106.13.0.0

File hashes

Hashes for agent_rag_governance-4.1.0.tar.gz
Algorithm Hash digest
SHA256 c81af889579664fcfc1ebd7ae149eded2e42a8061a975f7d71e766edee5b9c52
MD5 1de97db653392d7123eaaafa33142e99
BLAKE2b-256 7b9a49de612c29232733dc63c208d44c0dff5f8770ec343bd53b5b26448da074

See more details on using hashes here.

File details

Details for the file agent_rag_governance-4.1.0-py3-none-any.whl.

File metadata

File hashes

Hashes for agent_rag_governance-4.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 1960999beb96ae4b2767a3c689f3eb0542e87d33e70ae2d7349928cb74ef6743
MD5 5793297ab61d1482806f788892f39867
BLAKE2b-256 af58161efa6bbf525ec6281a7c39dbc416be04aa2514867e80f1b3f7b6c5e0b8

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page