agentguard-runtime 0.1.0

Runtime security firewall for LangChain agents — intercepts tool calls, enforces YAML policy, logs to SQLite.

agentguard-runtime

Runtime security firewall for LangChain agents. Intercepts every tool call, checks it against a YAML policy, blocks disallowed calls, and logs everything to SQLite.

Install

pip install agentguard-runtime

Quick start

1. Write a policy file (policy.yml):

agent: pr-summarizer
rules:
  - tool: GitHubTool
    allow: [read]
    block: [admin, write]
  - tool: SlackTool
    allow: [write]
  - tool: "*"
    block: [exec, delete]

2. Add one line to your agent:

from agentguard_runtime import AgentFirewall

agent = initialize_agent(
    tools=[GitHubTool, SlackTool, ShellTool()],
    llm=llm,
    callbacks=[AgentFirewall(policy="policy.yml")]
)

If ShellTool tries to call exec, the agent gets a PolicyViolation and the event is logged.

CLI

# Show last 20 audit events
agentguard-runtime logs

# Start dashboard API on port 7070
agentguard-runtime dashboard

Dashboard endpoints

Endpoint	Description
GET /events	Recent audit events (filterable by ?decision=block&agent=x)
GET /summary	Allowed vs blocked counts per tool today

Policy rules

• allow list: only these actions are permitted on this tool
• block list: these actions are always rejected
• "*" tool: catch-all wildcard for unmatched tools
• Default: if no rule matches, the call is blocked

Audit log

Events are stored at ~/.agentguard/audit.db (SQLite).

id | timestamp | agent | tool | action | input_preview | decision | reason

Dev setup

git clone <repo>
cd agentguard2
pip install -e ".[dev]"
pytest

License

MIT