Skip to main content

AI Agent Runtime Security Platform — runtime security and behavioral monitoring for agentic AI systems

Project description

AgentWall

Behavior-based runtime security for AI agents.

AgentWall is an SDK-first runtime security platform that sits between AI agents and tools, monitoring actions in real time to detect and prevent unsafe behavior.

Unlike prompt scanners and jailbreak detectors, AgentWall focuses on what agents actually do, not what users say.


Why AgentWall?

Modern AI agents can:

  • Read files
  • Execute tools
  • Access APIs
  • Send emails
  • Interact with external systems

A successful prompt injection often matters only because it changes agent behavior.

AgentWall detects:

  • Goal Hijacking
  • Tool Misuse
  • Scope Expansion
  • Sensitive Resource Access
  • Data Exfiltration
  • Unauthorized Actions
  • Behavioral Drift
  • Goal Drift

How It Works

User Goal
    ↓
AI Agent
    ↓
AgentWall Runtime
    ↓
Tool Execution

Before a tool executes, AgentWall evaluates:

  • Current goal
  • Tool being used
  • Resource being accessed
  • Recent tool history
  • Active policies
  • Risk score

AgentWall may:

  • ALLOW
  • WARN
  • BLOCK

depending on risk and alignment.


Installation

pip install agentwall-security

Quick Start — Zero Configuration

import agentwall  # auto-instruments all supported frameworks

That's it. No protect_* calls. No session management. No goal strings.

AgentWall automatically:

  • Detects LangChain, OpenAI Agents SDK, and CrewAI at import time
  • Instruments runtimes via lightweight patching
  • Creates sessions per agent run
  • Infers goals from the agent's first input
  • Tracks goal transitions throughout the session
  • Classifies tool types from function names and docstrings
  • Evaluates runtime actions before execution
  • Records audit events to ~/.agentwall/data.db

LangChain

import agentwall

executor = AgentExecutor(agent=agent, tools=tools)
result = executor.invoke({"input": "Fix the authentication bug in login.tsx"})

OpenAI Agents SDK

import agentwall

result = await Runner.run(agent, "Fix the authentication bug in login.tsx")

CrewAI

import agentwall

result = crew.kickoff(inputs={"task": "Fix authentication bug"})

Disable Auto-Instrumentation

AGENTWALL_AUTO=0 python your_script.py

Advanced Usage

Use explicit protection functions for full manual control over sessions, goals, and tool type mappings.

from agentwall.integrations.langchain import protect_langchain_agent
from agentwall.core.types import ToolType

wall = protect_langchain_agent(
    executor,
    goal="Fix the authentication bug in login.tsx",
    tool_type_map={
        "read_file": ToolType.FILESYSTEM,
        "list_directory": ToolType.FILESYSTEM,
    },
)

result = executor.invoke({"input": "Read login.tsx and find the bug."})
wall.end_session()

See INSTALLATION_GUIDE.md for full advanced usage examples.


Key Features

Zero Configuration

One import enables automatic protection for all supported frameworks with no code changes required.

Automatic Goal Inference

Goals are inferred from agent inputs automatically. Goal history, transitions, and confidence are recorded throughout the session.

Goal Drift Detection

Detects when agent actions deviate from the inferred or stated goal — a key signal for prompt injection compromise.

Automatic Tool Classification

Tools are classified by type (filesystem, terminal, API, database, email, browser) from function names and docstrings. No manual tool_type_map required.

Runtime Security

Behavior-based protection. Evaluates actions before execution. Raises AgentWallSecurityException on BLOCK.

Goal Tracking

Tracks goal segments throughout a session. Detects transitions using a two-signal heuristic (token overlap + resource token overlap). Records confidence per segment.

Policy Engine

Create custom allow/warn/block rules targeting specific tool types, actions, resource categories, and path patterns.

Post-Execution Analysis

Classifies tool outcomes after execution. Detects sensitive data exposure, bulk data access, external transfers, and email dispatch. Audit-only — never retroactively blocks.

Inspector

Native desktop security console. Launch with:

agentwall inspect

Features:

  • Session Timeline
  • Goal Timeline (goal segments with confidence and transition reasons)
  • Security Decisions
  • Risk Scores
  • Detector Results
  • Policy Management
  • Provider Configuration
  • Export (JSON/CSV)

Provider Agnostic

Supports:

  • OpenAI
  • Anthropic
  • Groq
  • DeepSeek
  • Ollama

Framework Integrations

Supports:

  • OpenAI Agents SDK
  • LangChain
  • CrewAI

CLI

agentwall version
agentwall doctor
agentwall config
agentwall inspect

Security Model

AgentWall focuses on:

  • Runtime behavior
  • Tool usage
  • Resource access
  • Goal alignment

AgentWall does not primarily operate as:

  • Prompt firewall
  • Jailbreak detector
  • Content moderation system

It evaluates the consequences of agent actions relative to the user's stated or inferred goal.


Supported Storage

Local-only architecture.

Uses:

  • SQLite (~/.agentwall/data.db)
  • OS Keyring (API keys only)
  • Local FastAPI backend
  • Local Inspector UI

No cloud dependency required.


Architecture

Auto Instrumentation Layer
    ↓
Goal Inference & Tracking
    ↓
Security Engine
    ↓
Policy Evaluation
    ↓
Risk Assessment + Goal Drift Detection
    ↓
Optional LLM Evaluation
    ↓
Decision (ALLOW / WARN / BLOCK)
    ↓
Tool Execution
    ↓
Post-Execution Analysis

Documentation


License

MIT License.


Status

v0.2.4

Production-ready.

Open-source and self-hosted.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

agentwall_security-0.2.4.tar.gz (180.0 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

agentwall_security-0.2.4-py3-none-any.whl (130.1 kB view details)

Uploaded Python 3

File details

Details for the file agentwall_security-0.2.4.tar.gz.

File metadata

  • Download URL: agentwall_security-0.2.4.tar.gz
  • Upload date:
  • Size: 180.0 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.13.9

File hashes

Hashes for agentwall_security-0.2.4.tar.gz
Algorithm Hash digest
SHA256 4b60adcee33eb1de69f6debb8671ad5894fc3b85cd862a917e247ddd767883e7
MD5 4d7431028d0b5d47396b32c8f1881567
BLAKE2b-256 9bed0bbd807290a665de6aab9d055f60560afe8ed8eea15f28335ad3ae60e63e

See more details on using hashes here.

File details

Details for the file agentwall_security-0.2.4-py3-none-any.whl.

File metadata

File hashes

Hashes for agentwall_security-0.2.4-py3-none-any.whl
Algorithm Hash digest
SHA256 944d4dc3599787e84400536af718513f48b91ab743749e501ebb1938a9618066
MD5 1efda5bfc2e3b4351be9b11a4c2284ed
BLAKE2b-256 5202321c4dd33a497fce9f4b1ec3dc673697041b147e1a918fc518c8d12b0cad

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page