Skip to main content

AI Agent Runtime Security Platform — runtime security and behavioral monitoring for agentic AI systems

Project description

AgentWall

Behavior-based runtime security for AI agents.

AgentWall is an SDK-first runtime security platform that sits between AI agents and tools, monitoring actions in real time to detect and prevent unsafe behavior.

Unlike prompt scanners and jailbreak detectors, AgentWall focuses on what agents actually do, not what users say.


Why AgentWall?

Modern AI agents can:

  • Read files
  • Execute tools
  • Access APIs
  • Send emails
  • Interact with external systems

A successful prompt injection often matters only because it changes agent behavior.

AgentWall detects:

  • Goal Hijacking
  • Tool Misuse
  • Scope Expansion
  • Sensitive Resource Access
  • Data Exfiltration
  • Unauthorized Actions
  • Behavioral Drift
  • Goal Drift

How It Works

User Goal
    ↓
AI Agent
    ↓
AgentWall Runtime
    ↓
Tool Execution

Before a tool executes, AgentWall evaluates:

  • Current goal
  • Tool being used
  • Resource being accessed
  • Recent tool history
  • Active policies
  • Risk score

AgentWall may:

  • ALLOW
  • WARN
  • BLOCK

depending on risk and alignment.


Installation

pip install agentwall-security

Quick Start — Zero Configuration

import agentwall  # auto-instruments all supported frameworks

That's it. No protect_* calls. No session management. No goal strings.

AgentWall automatically:

  • Detects LangChain, OpenAI Agents SDK, and CrewAI at import time
  • Instruments runtimes via lightweight patching
  • Creates sessions per agent run
  • Infers goals from the agent's first input
  • Tracks goal transitions throughout the session
  • Classifies tool types from function names and docstrings
  • Evaluates runtime actions before execution
  • Records audit events to ~/.agentwall/data.db

LangChain

import agentwall

executor = AgentExecutor(agent=agent, tools=tools)
result = executor.invoke({"input": "Fix the authentication bug in login.tsx"})

OpenAI Agents SDK

import agentwall

result = await Runner.run(agent, "Fix the authentication bug in login.tsx")

CrewAI

import agentwall

result = crew.kickoff(inputs={"task": "Fix authentication bug"})

Disable Auto-Instrumentation

AGENTWALL_AUTO=0 python your_script.py

Advanced Usage

Use explicit protection functions for full manual control over sessions, goals, and tool type mappings.

from agentwall.integrations.langchain import protect_langchain_agent
from agentwall.core.types import ToolType

wall = protect_langchain_agent(
    executor,
    goal="Fix the authentication bug in login.tsx",
    tool_type_map={
        "read_file": ToolType.FILESYSTEM,
        "list_directory": ToolType.FILESYSTEM,
    },
)

result = executor.invoke({"input": "Read login.tsx and find the bug."})
wall.end_session()

See INSTALLATION_GUIDE.md for full advanced usage examples.


Key Features

Zero Configuration

One import enables automatic protection for all supported frameworks with no code changes required.

Automatic Goal Inference

Goals are inferred from agent inputs automatically. Goal history, transitions, and confidence are recorded throughout the session.

Goal Drift Detection

Detects when agent actions deviate from the inferred or stated goal — a key signal for prompt injection compromise.

Automatic Tool Classification

Tools are classified by type (filesystem, terminal, API, database, email, browser) from function names and docstrings. No manual tool_type_map required.

Runtime Security

Behavior-based protection. Evaluates actions before execution. Raises AgentWallSecurityException on BLOCK.

Goal Tracking

Tracks goal segments throughout a session. Detects transitions using a two-signal heuristic (token overlap + resource token overlap). Records confidence per segment.

Policy Engine

Create custom allow/warn/block rules targeting specific tool types, actions, resource categories, and path patterns.

Post-Execution Analysis

Classifies tool outcomes after execution. Detects sensitive data exposure, bulk data access, external transfers, and email dispatch. Audit-only — never retroactively blocks.

Inspector

Native desktop security console. Launch with:

agentwall inspect

Pages:

  • Overview — live stats: active executions, tool calls, risk distribution, top detectors
  • Executions — per-execution history with tool calls, security evaluations, and goal timeline drill-down
  • Providers — LLM evaluator configuration
  • Policies — policy management

The Inspector backend polls the same local SQLite database used by protected agents. Overview and Executions resolve to the project owning the newest execution across the entire database, so agents running in a separate terminal or working directory appear on the next poll without restarting the Inspector. If no executions exist, the Inspector scopes to its own working directory's project.

Provider Agnostic

Supports:

  • OpenAI
  • Anthropic
  • Groq
  • DeepSeek
  • Ollama

Framework Integrations

Supports:

  • OpenAI Agents SDK
  • LangChain
  • CrewAI

CLI

agentwall version
agentwall doctor
agentwall config
agentwall inspect

Security Model

AgentWall focuses on:

  • Runtime behavior
  • Tool usage
  • Resource access
  • Goal alignment

AgentWall does not primarily operate as:

  • Prompt firewall
  • Jailbreak detector
  • Content moderation system

It evaluates the consequences of agent actions relative to the user's stated or inferred goal.


Supported Storage

Local-only architecture.

Uses:

  • SQLite (~/.agentwall/data.db)
  • OS Keyring (API keys only)
  • Local FastAPI backend
  • Local Inspector UI

No cloud dependency required.


Architecture

Auto Instrumentation Layer
    ↓
Goal Inference & Tracking
    ↓
Security Engine
    ↓
Policy Evaluation
    ↓
Risk Assessment + Goal Drift Detection
    ↓
Optional LLM Evaluation
    ↓
Decision (ALLOW / WARN / BLOCK)
    ↓
Tool Execution
    ↓
Post-Execution Analysis

Documentation


License

MIT License.


Status

v0.2.7

Production-ready.

Open-source and self-hosted.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

agentwall_security-0.2.7.tar.gz (184.0 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

agentwall_security-0.2.7-py3-none-any.whl (130.9 kB view details)

Uploaded Python 3

File details

Details for the file agentwall_security-0.2.7.tar.gz.

File metadata

  • Download URL: agentwall_security-0.2.7.tar.gz
  • Upload date:
  • Size: 184.0 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.13.9

File hashes

Hashes for agentwall_security-0.2.7.tar.gz
Algorithm Hash digest
SHA256 93bbc7bae9f6637c0971affa65e4ec901b041ec7803d650f70b9abfb0c5db5ee
MD5 e01d65dd6305e3e6aed9cb6234e7b16f
BLAKE2b-256 9434d3bc4f02aa7dab8955f417802afa9f9cbd301de208d59e09081d5a5b0b17

See more details on using hashes here.

File details

Details for the file agentwall_security-0.2.7-py3-none-any.whl.

File metadata

File hashes

Hashes for agentwall_security-0.2.7-py3-none-any.whl
Algorithm Hash digest
SHA256 95828b04fa2ba36bb53115af270bb83327d83b11ee88201a31a341513e327a6d
MD5 d067d91ca2d2e44ba620e022354ac7ef
BLAKE2b-256 901243be89b0d537439f748128f7f33a5faac3ea993dac68626aa50c4a58d794

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page