AI Agent Runtime Security Platform — runtime security and behavioral monitoring for agentic AI systems
Project description
AgentWall
Behavior-based runtime security for AI agents.
AgentWall is an SDK-first runtime security platform that sits between AI agents and tools, monitoring actions in real time to detect and prevent unsafe behavior.
Unlike prompt scanners and jailbreak detectors, AgentWall focuses on what agents actually do, not what users say.
Why AgentWall?
Modern AI agents can:
- Read files
- Execute tools
- Access APIs
- Send emails
- Interact with external systems
A successful prompt injection often matters only because it changes agent behavior.
AgentWall detects:
- Goal Hijacking
- Tool Misuse
- Scope Expansion
- Sensitive Resource Access
- Data Exfiltration
- Unauthorized Actions
- Behavioral Drift
- Goal Drift
How It Works
User Goal
↓
AI Agent
↓
AgentWall Runtime
↓
Tool Execution
Before a tool executes, AgentWall evaluates:
- Current goal
- Tool being used
- Resource being accessed
- Recent tool history
- Active policies
- Risk score
AgentWall may:
- ALLOW
- WARN
- BLOCK
depending on risk and alignment.
Installation
pip install agentwall-security
Quick Start — Zero Configuration
import agentwall # auto-instruments all supported frameworks
That's it. No protect_* calls. No session management. No goal strings.
AgentWall automatically:
- Detects LangChain, OpenAI Agents SDK, and CrewAI at import time
- Instruments runtimes via lightweight patching
- Creates sessions per agent run
- Infers goals from the agent's first input
- Tracks goal transitions throughout the session
- Classifies tool types from function names and docstrings
- Evaluates runtime actions before execution
- Records audit events to
~/.agentwall/data.db
LangChain
import agentwall
executor = AgentExecutor(agent=agent, tools=tools)
result = executor.invoke({"input": "Fix the authentication bug in login.tsx"})
OpenAI Agents SDK
import agentwall
result = await Runner.run(agent, "Fix the authentication bug in login.tsx")
CrewAI
import agentwall
result = crew.kickoff(inputs={"task": "Fix authentication bug"})
Disable Auto-Instrumentation
AGENTWALL_AUTO=0 python your_script.py
Advanced Usage
Use explicit protection functions for full manual control over sessions, goals, and tool type mappings.
from agentwall.integrations.langchain import protect_langchain_agent
from agentwall.core.types import ToolType
wall = protect_langchain_agent(
executor,
goal="Fix the authentication bug in login.tsx",
tool_type_map={
"read_file": ToolType.FILESYSTEM,
"list_directory": ToolType.FILESYSTEM,
},
)
result = executor.invoke({"input": "Read login.tsx and find the bug."})
wall.end_session()
See INSTALLATION_GUIDE.md for full advanced usage examples.
Key Features
Zero Configuration
One import enables automatic protection for all supported frameworks with no code changes required.
Automatic Goal Inference
Goals are inferred from agent inputs automatically. Goal history, transitions, and confidence are recorded throughout the session.
Goal Drift Detection
Detects when agent actions deviate from the inferred or stated goal — a key signal for prompt injection compromise.
Automatic Tool Classification
Tools are classified by type (filesystem, terminal, API, database, email, browser) from function names and docstrings. No manual tool_type_map required.
Runtime Security
Behavior-based protection. Evaluates actions before execution. Raises AgentWallSecurityException on BLOCK.
Goal Tracking
Tracks goal segments throughout a session. Detects transitions using a two-signal heuristic (token overlap + resource token overlap). Records confidence per segment.
Policy Engine
Create custom allow/warn/block rules targeting specific tool types, actions, resource categories, and path patterns.
Post-Execution Analysis
Classifies tool outcomes after execution. Detects sensitive data exposure, bulk data access, external transfers, and email dispatch. Audit-only — never retroactively blocks.
Inspector
Native desktop security console. Launch with:
agentwall inspect
Features:
- Session Timeline
- Goal Timeline (goal segments with confidence and transition reasons)
- Security Decisions
- Risk Scores
- Detector Results
- Policy Management
- Provider Configuration
- Export (JSON/CSV)
Provider Agnostic
Supports:
- OpenAI
- Anthropic
- Groq
- DeepSeek
- Ollama
Framework Integrations
Supports:
- OpenAI Agents SDK
- LangChain
- CrewAI
CLI
agentwall version
agentwall doctor
agentwall config
agentwall inspect
Security Model
AgentWall focuses on:
- Runtime behavior
- Tool usage
- Resource access
- Goal alignment
AgentWall does not primarily operate as:
- Prompt firewall
- Jailbreak detector
- Content moderation system
It evaluates the consequences of agent actions relative to the user's stated or inferred goal.
Supported Storage
Local-only architecture.
Uses:
- SQLite (
~/.agentwall/data.db) - OS Keyring (API keys only)
- Local FastAPI backend
- Local Inspector UI
No cloud dependency required.
Architecture
Auto Instrumentation Layer
↓
Goal Inference & Tracking
↓
Security Engine
↓
Policy Evaluation
↓
Risk Assessment + Goal Drift Detection
↓
Optional LLM Evaluation
↓
Decision (ALLOW / WARN / BLOCK)
↓
Tool Execution
↓
Post-Execution Analysis
Documentation
- Installation Guide — installation, configuration, framework integration
- Architecture — internal design and component details
- API Reference — all public APIs
- Security Policy — threat model and privacy
- Testing Guide — running and writing tests
- Changelog — version history
License
MIT License.
Status
v0.2.0
Production-ready.
Open-source and self-hosted.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file agentwall_security-0.2.1.tar.gz.
File metadata
- Download URL: agentwall_security-0.2.1.tar.gz
- Upload date:
- Size: 172.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
08af048834379353e8edf44c4ff9664b056be9e92ac804c37ad34eb6c404c017
|
|
| MD5 |
cf96e163433ed8b5b95b6efb2baf77aa
|
|
| BLAKE2b-256 |
1c2512056e8fed8db202591b290988c1354db51d276c99fa44630b666aac3fea
|
File details
Details for the file agentwall_security-0.2.1-py3-none-any.whl.
File metadata
- Download URL: agentwall_security-0.2.1-py3-none-any.whl
- Upload date:
- Size: 129.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
d776ebabbc1e7a1b9fe11e05709e7775f0997dc505588a492b864efdcfa8c354
|
|
| MD5 |
22b5f668d827ca200a0db856fcd7845d
|
|
| BLAKE2b-256 |
d659d9e376a2db0ab9576508a2cf48dcaa28c182eb1843556b44bd4f29a71496
|