Skip to main content

AI Agent Runtime Security Platform — runtime security and behavioral monitoring for agentic AI systems

Project description

AgentWall

Behavior-based runtime security for AI agents.

AgentWall is an SDK-first runtime security platform that sits between AI agents and tools, monitoring actions in real time to detect and prevent unsafe behavior.

Unlike prompt scanners and jailbreak detectors, AgentWall focuses on what agents actually do, not what users say.


Why AgentWall?

Modern AI agents can:

  • Read files
  • Execute tools
  • Access APIs
  • Send emails
  • Interact with external systems

A successful prompt injection often matters only because it changes agent behavior.

AgentWall detects:

  • Goal Hijacking
  • Tool Misuse
  • Scope Expansion
  • Sensitive Resource Access
  • Data Exfiltration
  • Unauthorized Actions
  • Behavioral Drift
  • Goal Drift

How It Works

User Goal
    ↓
AI Agent
    ↓
AgentWall Runtime
    ↓
Tool Execution

Before a tool executes, AgentWall evaluates:

  • Current goal
  • Tool being used
  • Resource being accessed
  • Recent tool history
  • Active policies
  • Risk score

AgentWall may:

  • ALLOW
  • WARN
  • BLOCK

depending on risk and alignment.


Installation

pip install agentwall-security

Quick Start — Zero Configuration

import agentwall  # auto-instruments all supported frameworks

That's it. No protect_* calls. No session management. No goal strings.

AgentWall automatically:

  • Detects LangChain, OpenAI Agents SDK, and CrewAI at import time
  • Instruments runtimes via lightweight patching
  • Creates sessions per agent run
  • Infers goals from the agent's first input
  • Tracks goal transitions throughout the session
  • Classifies tool types from function names and docstrings
  • Evaluates runtime actions before execution
  • Records audit events to ~/.agentwall/data.db

LangChain

import agentwall

executor = AgentExecutor(agent=agent, tools=tools)
result = executor.invoke({"input": "Fix the authentication bug in login.tsx"})

OpenAI Agents SDK

import agentwall

result = await Runner.run(agent, "Fix the authentication bug in login.tsx")

CrewAI

import agentwall

result = crew.kickoff(inputs={"task": "Fix authentication bug"})

Disable Auto-Instrumentation

AGENTWALL_AUTO=0 python your_script.py

Advanced Usage

Use explicit protection functions for full manual control over sessions, goals, and tool type mappings.

from agentwall.integrations.langchain import protect_langchain_agent
from agentwall.core.types import ToolType

wall = protect_langchain_agent(
    executor,
    goal="Fix the authentication bug in login.tsx",
    tool_type_map={
        "read_file": ToolType.FILESYSTEM,
        "list_directory": ToolType.FILESYSTEM,
    },
)

result = executor.invoke({"input": "Read login.tsx and find the bug."})
wall.end_session()

See INSTALLATION_GUIDE.md for full advanced usage examples.


Key Features

Zero Configuration

One import enables automatic protection for all supported frameworks with no code changes required.

Automatic Goal Inference

Goals are inferred from agent inputs automatically. Goal history, transitions, and confidence are recorded throughout the session.

Goal Drift Detection

Detects when agent actions deviate from the inferred or stated goal — a key signal for prompt injection compromise.

Automatic Tool Classification

Tools are classified by type (filesystem, terminal, API, database, email, browser) from function names and docstrings. No manual tool_type_map required.

Runtime Security

Behavior-based protection. Evaluates actions before execution. Raises AgentWallSecurityException on BLOCK.

Goal Tracking

Tracks goal segments throughout a session. Detects transitions using a two-signal heuristic (token overlap + resource token overlap). Records confidence per segment.

Policy Engine

Create custom allow/warn/block rules targeting specific tool types, actions, resource categories, and path patterns.

Post-Execution Analysis

Classifies tool outcomes after execution. Detects sensitive data exposure, bulk data access, external transfers, and email dispatch. Audit-only — never retroactively blocks.

Inspector

Native desktop security console. Launch with:

agentwall inspect

Features:

  • Session Timeline
  • Goal Timeline (goal segments with confidence and transition reasons)
  • Security Decisions
  • Risk Scores
  • Detector Results
  • Policy Management
  • Provider Configuration
  • Export (JSON/CSV)

Provider Agnostic

Supports:

  • OpenAI
  • Anthropic
  • Groq
  • DeepSeek
  • Ollama

Framework Integrations

Supports:

  • OpenAI Agents SDK
  • LangChain
  • CrewAI

CLI

agentwall version
agentwall doctor
agentwall config
agentwall inspect

Security Model

AgentWall focuses on:

  • Runtime behavior
  • Tool usage
  • Resource access
  • Goal alignment

AgentWall does not primarily operate as:

  • Prompt firewall
  • Jailbreak detector
  • Content moderation system

It evaluates the consequences of agent actions relative to the user's stated or inferred goal.


Supported Storage

Local-only architecture.

Uses:

  • SQLite (~/.agentwall/data.db)
  • OS Keyring (API keys only)
  • Local FastAPI backend
  • Local Inspector UI

No cloud dependency required.


Architecture

Auto Instrumentation Layer
    ↓
Goal Inference & Tracking
    ↓
Security Engine
    ↓
Policy Evaluation
    ↓
Risk Assessment + Goal Drift Detection
    ↓
Optional LLM Evaluation
    ↓
Decision (ALLOW / WARN / BLOCK)
    ↓
Tool Execution
    ↓
Post-Execution Analysis

Documentation


License

MIT License.


Status

v0.2.0

Production-ready.

Open-source and self-hosted.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

agentwall_security-0.2.0.tar.gz (157.2 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

agentwall_security-0.2.0-py3-none-any.whl (119.4 kB view details)

Uploaded Python 3

File details

Details for the file agentwall_security-0.2.0.tar.gz.

File metadata

  • Download URL: agentwall_security-0.2.0.tar.gz
  • Upload date:
  • Size: 157.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.13.9

File hashes

Hashes for agentwall_security-0.2.0.tar.gz
Algorithm Hash digest
SHA256 9a95a7a48468fe8f21c35742fef1e16beb052600107053e5f7ee9c6d9aa9bc0a
MD5 855711824e10c7c35602202f018b50f6
BLAKE2b-256 e43a68c5bbf0623f51405ed607aabce33e14b58e92245d4be40de35747cbe983

See more details on using hashes here.

File details

Details for the file agentwall_security-0.2.0-py3-none-any.whl.

File metadata

File hashes

Hashes for agentwall_security-0.2.0-py3-none-any.whl
Algorithm Hash digest
SHA256 1bd7bfa7c36adaa4b5da5ef6c736c37c7598692e1d09a569abee00aa2f36679d
MD5 57b1d9d607e7aa4ef385497b8f4b26bf
BLAKE2b-256 7d1444704ed244666229a7cc33f3071b58a1da48281439eea1a733de60d90093

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page