Compliance, governance & observability layer for AI agents
Project description
๐ก๏ธ AgentGuard
The governance layer that lets companies trust their AI agents enough to actually deploy them.
62% of production AI teams plan to improve observability in the next year. Over 40% of agentic AI projects will be canceled by 2027 due to inadequate risk controls. Humans still verify 69% of AI decisions because there are no guardrails they trust.
AgentGuard fixes this. One SDK. Full audit trail. Every LLM call and tool use โ intercepted, policy-checked, cost-tracked, and logged. 3 lines of code.
Quick Start
from openai import OpenAI
from agentguard import AgentGuard
client = OpenAI()
guard = AgentGuard(
policies=["pii", "content_filter", "cost_limit"],
audit_path="audit.jsonl",
cost_limit=5.00,
)
safe_client = guard.wrap_openai(client)
# Use exactly like the original โ now with full protection
response = safe_client.chat.completions.create(
model="gpt-4o",
messages=[{"role": "user", "content": "Hello!"}],
)
Every call is now:
- โ PII-scanned โ blocks emails, SSNs, credit cards, phone numbers
- โ Policy-checked โ blocks prompt injections, enforces budget limits
- โ Cost-tracked โ per-model, per-run, and daily spend tracking
- โ Audit-logged โ immutable JSON-lines trail for compliance
Installation
pip install -e .
Features
๐ก๏ธ Built-in Policies
| Policy | What It Does |
|---|---|
pii |
Blocks PII (emails, SSN, credit cards, phones, IPs) in inputs & outputs |
content_filter |
Blocks prompt injection attempts & system prompt extraction |
cost_limit |
Enforces per-run, daily, and total budget limits |
rate_limit |
Throttles calls per time window (sliding window) |
tool_restriction |
Blocklist/allowlist for agent tool usage |
๐ง Tool Guarding
Wrap any function โ sync or async. Policies are enforced before the tool runs.
def delete_database(db_name: str) -> str:
...
safe_delete = guard.wrap_tool(delete_database)
safe_delete(db_name="production") # ๐ก๏ธ Blocked by tool_restriction policy
# PII is caught in tool arguments too
def send_email(to: str, body: str) -> str:
...
safe_send = guard.wrap_tool(send_email)
safe_send(to="john@example.com", body="Hi") # ๐ก๏ธ Blocked: PII detected
โก Full Async Support
Works with AsyncOpenAI and async tool functions โ zero changes to your logic.
from openai import AsyncOpenAI
async with AgentGuard(policies=["pii", "content_filter"]) as guard:
client = AsyncOpenAI()
safe = guard.wrap_openai_async(client)
response = await safe.chat.completions.create(
model="gpt-4o",
messages=[{"role": "user", "content": "Hello!"}],
)
# Async tools โ auto-detected
async def fetch_data(url: str) -> str:
...
safe_fetch = guard.wrap_tool(fetch_data) # auto-detects async
result = await safe_fetch(url="https://api.example.com")
๐ฐ Cost Tracking
Real-time spend tracking with per-model pricing for GPT-4o, GPT-4o-mini, Claude, Gemini, o1, o3-mini, and more.
report = guard.get_report()
# {
# 'total_cost_usd': 0.0234,
# 'total_tokens_in': 1500,
# 'total_tokens_out': 800,
# 'daily_cost_usd': 0.0234,
# 'run_cost_usd': 0.0120,
# 'policies_active': ['pii', 'content_filter', 'cost_limit']
# }
๐ฌ Audit Reader & Replay
The killer feature. Prove exactly what your agent did, step by step.
Python API
from agentguard import AuditReader
reader = AuditReader("audit.jsonl")
run = reader.get_run("run_abc123")
run.print_trace()
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ AGENTGUARD RUN TRACE โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฃ
โ Run ID: run_abc123 โ
โ Events: 3 โ
โ Tokens: 1,500 in / 800 out โ
โ Cost: $0.0234 โ
โ Violations: None โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฃ
โ Step 1 LLM OK
โ Model: gpt-4o
โ user: "Process the customer refund"
โ assistant: "I'll process that refund now."
โ
โ Step 2 TOOL OK
โ Tool: process_refund
โ Args: {"order_id": "ORD-12345", "amount": 49.99}
โ Duration: 230ms
โ
โ Step 3 LLM OK
โ Model: gpt-4o
โ assistant: "The refund of $49.99 has been processed."
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
CLI Tool
# List all runs with summary stats
agentguard --file audit.jsonl runs
# Step-by-step replay of any run
agentguard --file audit.jsonl replay <run_id>
agentguard --file audit.jsonl replay <run_id> --delay 0.5 # slow replay
# Show all policy violations (audit-ready)
agentguard --file audit.jsonl violations
# Dashboard โ costs, models, tools, violations
agentguard --file audit.jsonl stats
# Search events by any content
agentguard --file audit.jsonl search "delete_database"
# Export for compliance reports
agentguard --file audit.jsonl export --format json -o report.json
agentguard --file audit.jsonl export --format csv -o audit.csv
# Live tail โ watch events in real-time
agentguard --file audit.jsonl tail
๐ Custom Policies
Build your own โ just subclass Policy and implement evaluate().
from agentguard import Policy, PolicyResult, PolicyAction
from agentguard.core.events import LLMCallEvent
class NoProfanityPolicy(Policy):
name = "no_profanity"
supported_events = [LLMCallEvent]
def evaluate(self, event):
bad_words = ["damn", "hell"]
content = str(event.messages).lower()
if any(w in content for w in bad_words):
return PolicyResult(
action=PolicyAction.BLOCK,
policy_name=self.name,
reason="Profanity detected",
)
return PolicyResult(action=PolicyAction.ALLOW, policy_name=self.name)
guard = AgentGuard(policies=[NoProfanityPolicy(), "pii"])
๐ Human-in-the-Loop Escalation
def on_escalation(event):
print(f"ALERT: {event.reason}")
# Send to Slack, PagerDuty, email, etc.
guard = AgentGuard(
policies=["pii", "content_filter"],
on_escalation=on_escalation, # supports async callbacks too
)
Run the Demo
python examples/basic_usage.py
Run Tests
pip install -e ".[dev]"
pytest tests/ -v
# 104 tests passing in <1 second
Architecture
Your App โ AI Agent โ ๐ก๏ธ AgentGuard SDK โ Tool / LLM API
โ
โโโโโโโโดโโโโโโโโโโโ
โ Interceptor โ โ before/after hooks
โโโโโโโโโโโโโโโโโโโค
โ Policy Engine โ โ PII, Cost, Content, Rate, Tool
โโโโโโโโโโโโโโโโโโโค
โ PII Detector โ โ Regex (pluggable to ML/Presidio)
โโโโโโโโโโโโโโโโโโโค
โ Cost Tracker โ โ Per-model pricing, run/daily/total
โโโโโโโโโโโโโโโโโโโค
โ Audit Logger โ โ Thread-safe, JSON-lines, rotation
โโโโโโโโโโโโโโโโโโโค
โ Audit Reader โ โ Query, filter, replay, CLI
โโโโโโโโโโโโโโโโโโโ
src/agentguard/
โโโ core/
โ โโโ events.py # Pydantic event models (run_id grouping)
โ โโโ interceptor.py # Central before/after hooks
โ โโโ guard.py # Main orchestrator (3-line API)
โโโ policies/
โ โโโ base.py # Policy engine + event-type filtering
โ โโโ pii_policy.py # PII blocking
โ โโโ cost_policy.py # Budget enforcement
โ โโโ tool_policy.py # Tool blocklist/allowlist
โ โโโ rate_limit_policy.py # Sliding window rate limiter
โ โโโ content_policy.py # Prompt injection detection
โโโ detectors/
โ โโโ pii.py # Regex PII detector (pluggable Protocol)
โโโ tracking/
โ โโโ cost.py # Token & cost tracking
โโโ logging/
โ โโโ audit.py # Thread-safe JSON-lines logger
โ โโโ reader.py # Audit reader + replay engine
โโโ integrations/
โ โโโ openai.py # Sync + Async OpenAI proxy
โโโ cli.py # CLI audit reader (7 commands)
Why AgentGuard?
| Problem | How AgentGuard Solves It |
|---|---|
| "Nobody knows what our agent is doing" | Every LLM call and tool use is logged with full context |
| "We can't trace agent failures" | Run-level audit trails with step-by-step replay |
| "Auditors want proof" | JSON-lines logs + CSV export mapped to compliance frameworks |
| "Humans verify 69% of AI decisions" | Policy guardrails let you reduce human review confidently |
| "Agents keep leaking PII" | Automatic PII detection and blocking on all inputs & outputs |
| "AI costs are unpredictable" | Per-run, daily, and total budget limits with real-time tracking |
| "Demo works, production doesn't" | The missing operating system โ cost controls, guardrails, audit trails |
License
MIT
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distributions
No source distribution files available for this release.See tutorial on generating distribution archives.
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file agentaudit_sdk-0.1.0-py3-none-any.whl.
File metadata
- Download URL: agentaudit_sdk-0.1.0-py3-none-any.whl
- Upload date:
- Size: 36.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
cc70dd4b3be65e147870998829ba0a02bfb2cf92fb20c069bf5d0c7be0373436
|
|
| MD5 |
c29987fa86148443a39d4ce41df58dbb
|
|
| BLAKE2b-256 |
334279f69c1dc219fd129f08d154a21a15d8d9f13f1484809649400d6f28b96b
|
