A runtime and definition-time security guardrail framework for AI agents and developers.
Project description
Agent-Safeguard
A lightweight, enterprise-grade runtime sandboxing and definition-time guardrail framework for Python applications, built to safely run code generated or modified by AI agents.
📖 Full Documentation: shield-docs-mu.vercel.app
Why Agent-Safeguard?
AI coding agents are excellent at generating code but often lack a global understanding of architectural boundaries, leading to path traversal bypasses, illegal imports, API resource leaks, or infinite lockups.
Agent-Safeguard captures these boundary violations, blocks them in real-time, and generates structured JSON diagnostic reports (shield_reports/violation_report.json) that AI agents can ingest to automatically self-correct and rewrite their code!
Core Protection Areas
- Architectural Integrity (AST):
@shield,@freeze, and@lock_signatureto scan imports, prevent code mutations, and secure API parameters. - Security & Resource Sandboxing:
@restrict_network,@restrict_fs,@virtual_fs(redirecting all writes to RAM), database locks, and memory/timeout limits. - AI & Prompt Guidelines:
@prompt_inject(docstring constraints) and@prompt_assert(Gemini-powered semantic assertions). - Central Policy Injection: Define rules globally in a central
shield.yamlto prevent agents from simply deleting Python decorators from source files.
Installation
pip install agent-safeguard
Import it in your Python code using the underscore name agent_shield:
from agent_shield import shield, virtual_fs, restrict_db
Quick Start Example
- Create a
shield.yamlrule file in your project root:
rules:
- pattern: "sandbox_code.*"
timeout: 0.5
virtual_fs: true
restrict_network: ["api.stripe.com"]
- Run your functions normally; Agent-Safeguard will automatically enforce limits and write JSON reports on violation:
# sandbox_code.py
import urllib.request
def process_data():
# Attempting to fetch unauthorized API will block and generate a violation report
response = urllib.request.urlopen("https://unauthorized-api.com")
return response.read()
License
This project is licensed under the Apache License 2.0. See LICENSE for details.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file agent_safeguard-1.0.6.tar.gz.
File metadata
- Download URL: agent_safeguard-1.0.6.tar.gz
- Upload date:
- Size: 42.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
d5d15a69c55df3f920cc792f46907aedd5e765cba91baac8908ac475ad3032ab
|
|
| MD5 |
7b94e39a462a6b3992f2ec324cb6c318
|
|
| BLAKE2b-256 |
eb4226f7b8161b721ef28333539081eb87f17f932cfec7e3e47c84904f75fce6
|
File details
Details for the file agent_safeguard-1.0.6-py3-none-any.whl.
File metadata
- Download URL: agent_safeguard-1.0.6-py3-none-any.whl
- Upload date:
- Size: 44.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
e992cde7bb36b7843691b1aefbaad31d39a6f55e26880f416507bd87020e88cd
|
|
| MD5 |
53141a281f84820a7e6291c2b1b68fdc
|
|
| BLAKE2b-256 |
821a4f35186b590dc2d8e00fddd194f05f160d1368ee4b0a9a5a9dabe2ca98a4
|
