Compliance, governance & observability layer for AI agents
Project description
๐ก๏ธ AgentGuard
The governance layer that lets companies trust their AI agents enough to actually deploy them.
62% of production AI teams plan to improve observability in the next year. Over 40% of agentic AI projects will be canceled by 2027 due to inadequate risk controls. Humans still verify 69% of AI decisions because there are no guardrails they trust.
AgentGuard fixes this. One SDK. Full audit trail. Every LLM call and tool use โ intercepted, policy-checked, cost-tracked, and logged. 3 lines of code.
Quick Start
from openai import OpenAI
from agentguard import AgentGuard
client = OpenAI()
guard = AgentGuard(
policies=["pii", "content_filter", "cost_limit"],
audit_path="audit.jsonl",
cost_limit=5.00,
)
safe_client = guard.wrap_openai(client)
# Use exactly like the original โ now with full protection
response = safe_client.chat.completions.create(
model="gpt-4o",
messages=[{"role": "user", "content": "Hello!"}],
)
Every call is now:
- โ PII-scanned โ blocks emails, SSNs, credit cards, phone numbers
- โ Policy-checked โ blocks prompt injections, enforces budget limits
- โ Cost-tracked โ per-model, per-run, and daily spend tracking
- โ Audit-logged โ immutable JSON-lines trail for compliance
Installation
# Core (OpenAI support included)
pip install agentaudit-sdk
# With Anthropic support
pip install "agentaudit-sdk[anthropics]"
๐ค Anthropic Claude Integration
Wrap Claude exactly like OpenAI โ 3 lines, full protection.
import anthropic
from agentguard import AgentGuard
client = anthropic.Anthropic()
guard = AgentGuard(
policies=["pii", "content_filter", "cost_limit"],
audit_path="audit.jsonl",
cost_limit=5.00,
)
safe = guard.wrap_anthropic(client)
# Use exactly like the original โ now fully protected
response = safe.messages.create(
model="claude-3-5-sonnet-20241022",
max_tokens=1024,
messages=[{"role": "user", "content": "Hello, Claude!"}],
)
print(response.content[0].text)
Every call is now:
- โ
PII-scanned โ both
messageslist AND the top-levelsystemprompt - โ Policy-checked โ prompt injections blocked, budget enforced
- โ Cost-tracked โ accurate per-model pricing for all Claude 3 variants
- โ Audit-logged โ immutable JSON-lines trail
Async Claude
import anthropic
from agentguard import AgentGuard
async with AgentGuard(policies=["pii", "content_filter"]) as guard:
client = anthropic.AsyncAnthropic()
safe = guard.wrap_anthropic_async(client)
response = await safe.messages.create(
model="claude-3-5-haiku-20241022",
max_tokens=512,
system="You are a helpful assistant.", # ๐ก๏ธ system prompt is PII-scanned too
messages=[{"role": "user", "content": "Summarise this report."}],
)
print(response.content[0].text)
Supported Claude Models (with built-in pricing)
| Model | Input / 1M tokens | Output / 1M tokens |
|---|---|---|
claude-3-5-sonnet-20241022 |
$3.00 | $15.00 |
claude-3-5-haiku-20241022 |
$0.80 | $4.00 |
claude-3-opus-20240229 |
$15.00 | $75.00 |
claude-3-sonnet-20240229 |
$3.00 | $15.00 |
claude-3-haiku-20240307 |
$0.25 | $1.25 |
Features
๐ก๏ธ Built-in Policies
| Policy | What It Does |
|---|---|
pii |
Blocks PII (emails, SSN, credit cards, phones, IPs) in inputs & outputs |
content_filter |
Blocks prompt injection attempts & system prompt extraction |
cost_limit |
Enforces per-run, daily, and total budget limits |
rate_limit |
Throttles calls per time window (sliding window) |
tool_restriction |
Blocklist/allowlist for agent tool usage |
๐ง Tool Guarding
Wrap any function โ sync or async. Policies are enforced before the tool runs.
def delete_database(db_name: str) -> str:
...
safe_delete = guard.wrap_tool(delete_database)
safe_delete(db_name="production") # ๐ก๏ธ Blocked by tool_restriction policy
# PII is caught in tool arguments too
def send_email(to: str, body: str) -> str:
...
safe_send = guard.wrap_tool(send_email)
safe_send(to="john@example.com", body="Hi") # ๐ก๏ธ Blocked: PII detected
โก Full Async Support
Works with AsyncOpenAI and async tool functions โ zero changes to your logic.
from openai import AsyncOpenAI
async with AgentGuard(policies=["pii", "content_filter"]) as guard:
client = AsyncOpenAI()
safe = guard.wrap_openai_async(client)
response = await safe.chat.completions.create(
model="gpt-4o",
messages=[{"role": "user", "content": "Hello!"}],
)
# Async tools โ auto-detected
async def fetch_data(url: str) -> str:
...
safe_fetch = guard.wrap_tool(fetch_data) # auto-detects async
result = await safe_fetch(url="https://api.example.com")
๐ฐ Cost Tracking
Real-time spend tracking with per-model pricing for GPT-4o, GPT-4o-mini, Claude, Gemini, o1, o3-mini, and more.
report = guard.get_report()
# {
# 'total_cost_usd': 0.0234,
# 'total_tokens_in': 1500,
# 'total_tokens_out': 800,
# 'daily_cost_usd': 0.0234,
# 'run_cost_usd': 0.0120,
# 'policies_active': ['pii', 'content_filter', 'cost_limit']
# }
๐ฌ Audit Reader & Replay
The killer feature. Prove exactly what your agent did, step by step.
Python API
from agentguard import AuditReader
reader = AuditReader("audit.jsonl")
run = reader.get_run("run_abc123")
run.print_trace()
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ AGENTGUARD RUN TRACE โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฃ
โ Run ID: run_abc123 โ
โ Events: 3 โ
โ Tokens: 1,500 in / 800 out โ
โ Cost: $0.0234 โ
โ Violations: None โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฃ
โ Step 1 LLM OK
โ Model: gpt-4o
โ user: "Process the customer refund"
โ assistant: "I'll process that refund now."
โ
โ Step 2 TOOL OK
โ Tool: process_refund
โ Args: {"order_id": "ORD-12345", "amount": 49.99}
โ Duration: 230ms
โ
โ Step 3 LLM OK
โ Model: gpt-4o
โ assistant: "The refund of $49.99 has been processed."
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
CLI Tool
# List all runs with summary stats
agentguard --file audit.jsonl runs
# Step-by-step replay of any run
agentguard --file audit.jsonl replay <run_id>
agentguard --file audit.jsonl replay <run_id> --delay 0.5 # slow replay
# Show all policy violations (audit-ready)
agentguard --file audit.jsonl violations
# Dashboard โ costs, models, tools, violations
agentguard --file audit.jsonl stats
# Search events by any content
agentguard --file audit.jsonl search "delete_database"
# Export for compliance reports
agentguard --file audit.jsonl export --format json -o report.json
agentguard --file audit.jsonl export --format csv -o audit.csv
# Live tail โ watch events in real-time
agentguard --file audit.jsonl tail
๐ Custom Policies
Build your own โ just subclass Policy and implement evaluate().
from agentguard import Policy, PolicyResult, PolicyAction
from agentguard.core.events import LLMCallEvent
class NoProfanityPolicy(Policy):
name = "no_profanity"
supported_events = [LLMCallEvent]
def evaluate(self, event):
bad_words = ["damn", "hell"]
content = str(event.messages).lower()
if any(w in content for w in bad_words):
return PolicyResult(
action=PolicyAction.BLOCK,
policy_name=self.name,
reason="Profanity detected",
)
return PolicyResult(action=PolicyAction.ALLOW, policy_name=self.name)
guard = AgentGuard(policies=[NoProfanityPolicy(), "pii"])
๐ Human-in-the-Loop Escalation
def on_escalation(event):
print(f"ALERT: {event.reason}")
# Send to Slack, PagerDuty, email, etc.
guard = AgentGuard(
policies=["pii", "content_filter"],
on_escalation=on_escalation, # supports async callbacks too
)
Run the Demo
python examples/basic_usage.py
Run Tests
pip install agentaudit-sdk[dev]
pytest tests/ -v
# 104 tests passing in <1 second
Architecture
Your App โ AI Agent โ ๐ก๏ธ AgentGuard SDK โ Tool / LLM API
โ
โโโโโโโโดโโโโโโโโโโโ
โ Interceptor โ โ before/after hooks
โโโโโโโโโโโโโโโโโโโค
โ Policy Engine โ โ PII, Cost, Content, Rate, Tool
โโโโโโโโโโโโโโโโโโโค
โ PII Detector โ โ Regex (pluggable to ML/Presidio)
โโโโโโโโโโโโโโโโโโโค
โ Cost Tracker โ โ Per-model pricing, run/daily/total
โโโโโโโโโโโโโโโโโโโค
โ Audit Logger โ โ Thread-safe, JSON-lines, rotation
โโโโโโโโโโโโโโโโโโโค
โ Audit Reader โ โ Query, filter, replay, CLI
โโโโโโโโโโโโโโโโโโโ
src/agentguard/
โโโ core/
โ โโโ events.py # Pydantic event models (run_id grouping)
โ โโโ interceptor.py # Central before/after hooks
โ โโโ guard.py # Main orchestrator (3-line API)
โโโ policies/
โ โโโ base.py # Policy engine + event-type filtering
โ โโโ pii_policy.py # PII blocking
โ โโโ cost_policy.py # Budget enforcement
โ โโโ tool_policy.py # Tool blocklist/allowlist
โ โโโ rate_limit_policy.py # Sliding window rate limiter
โ โโโ content_policy.py # Prompt injection detection
โโโ detectors/
โ โโโ pii.py # Regex PII detector (pluggable Protocol)
โโโ tracking/
โ โโโ cost.py # Token & cost tracking
โโโ logging/
โ โโโ audit.py # Thread-safe JSON-lines logger
โ โโโ reader.py # Audit reader + replay engine
โโโ integrations/
โ โโโ openai.py # Sync + Async OpenAI proxy
โโโ cli.py # CLI audit reader (7 commands)
Why AgentGuard?
| Problem | How AgentGuard Solves It |
|---|---|
| "Nobody knows what our agent is doing" | Every LLM call and tool use is logged with full context |
| "We can't trace agent failures" | Run-level audit trails with step-by-step replay |
| "Auditors want proof" | JSON-lines logs + CSV export mapped to compliance frameworks |
| "Humans verify 69% of AI decisions" | Policy guardrails let you reduce human review confidently |
| "Agents keep leaking PII" | Automatic PII detection and blocking on all inputs & outputs |
| "AI costs are unpredictable" | Per-run, daily, and total budget limits with real-time tracking |
| "Demo works, production doesn't" | The missing operating system โ cost controls, guardrails, audit trails |
License
MIT
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
agentaudit_sdk-0.1.1.tar.gz
(41.4 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file agentaudit_sdk-0.1.1.tar.gz.
File metadata
- Download URL: agentaudit_sdk-0.1.1.tar.gz
- Upload date:
- Size: 41.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
e5f094cf7af03caa260c6c7ca8893ee51c35dfdd82289cfac1198f20f165fbc5
|
|
| MD5 |
35c2fcdbfbdb46e52ca5e148f3af5cf1
|
|
| BLAKE2b-256 |
3815370b3a55b8b3b65dc631edb86b544db882a908767e98629e1a99366eb4a0
|
File details
Details for the file agentaudit_sdk-0.1.1-py3-none-any.whl.
File metadata
- Download URL: agentaudit_sdk-0.1.1-py3-none-any.whl
- Upload date:
- Size: 40.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
67c997bd8c065baa8443cf0f61e1ff31df8c8b873af0deaad88ba3b708d1c99b
|
|
| MD5 |
2a0037d431fdd73baea8b198e470771c
|
|
| BLAKE2b-256 |
8488d2d309e6fd7b823b0d500e9d327e5ab00e7fc78c94eed1d36aed4a35b6c9
|
