Skip to main content

The self-healing exception handler for autonomous AI agents.

Project description

๐Ÿ›ก๏ธ AgentX: The Semantic Firewall for AI Agents

Python 3.9+ License: MIT

LLM Agents are brilliant, but they are incredibly brittle. They will drop your production database, leak AWS keys, and fall victim to prompt injections. Traditional firewalls just crash the agent by returning a hard 403 Forbidden exception, killing the run completely.

AgentX is different. It is an intelligent, neuro-symbolic edge gateway and local vector shield that intercepts dangerous tool calls, filters threats, and returns a structural Socratic Challenge back to the agent's context window. This forces the agent to rethink its strategy, fix parameters, and self-correct without crashing your application.

๐Ÿง  Don't just block agents. Coach them.


๐Ÿ—๏ธ Split-Plane Architecture

AgentX relies on a decoupled, split-plane hybrid architecture to balance performance with developer telemetry requirements:

  • The Edge SDK (agentx_sdk): A lightweight Python package instrumenting sensitive tool calls via reflective code signatures. Features a built-in, local-first vector shield checking process RAM matrices natively to catch blatant violations under $<1\text{ms}$.
  • The Data Plane (Semantic Gateway Wedge): A high-performance Python FastAPI service running within an isolated Docker cluster on port 8000. Handles Abstract Syntax Tree (AST) SQL evaluation, zero-knowledge intent extraction, and Local DLP output token masking.
  • The Control Plane (Dashboard): A Next.js application listening on port 3000. Connects to a Supabase-backed real-time ledger to provide an executive command console for tracking corporate ROI metrics, triaging human escalations, and promoting newly discovered policy vectors.

โšก 1. Two-Minute Quickstart

AgentX requires zero changes to your underlying agentic logic, custom tools, or custom parameters payload schema. The SDK dynamically inspects function signatures at runtime using an auto-reflective ingestion engine.

Step 1: Install the SDK

pip install agentx-security-sdk

Step 2: Decorate Sensitive Tool Operations

Attach the @agentx_protect decorator over any high-risk system tool. The SDK automatically serializes parameters, filters database connection noise, and enforces local-first vector boundaries:

# โœ… MODERN REFLECTIVE IMPORTS (No boilerplate functions required)
from agentx_sdk.decorators import agentx_protect

@agentx_protect(agent_id="frictionless_enterprise_worker")
def dispatch_crm_update(client_id: str, profile_notes: str, db_session=None):
    """
    AgentX automatically inspects string elements, ignores connection objects
    like 'db_session', and evaluates intents out-of-prompt natively in RAM.
    """
    print(f"Updating records for {client_id}")

Step 3: Configure Environment Boundry Flags

Copy .env.example to .env and add your API keys (AGENTX_API_KEY, CONTROL_PLANE_URL, GEMINI_API_KEY).

AGENTX_API_KEY=agentx_sk_test_XXXXX
NEXT_PUBLIC_GATEWAY_URL=http://localhost:8000
AGENTX_ALLOW_PAYLOAD_SYNC=true
AGENTX_BYPASS_LOCAL_SHIELD=false
GEMINI_API_KEY=gemini_sk_XXXXX

Step 4: Spin up the Edge Gateway

Boot your local data plane wedge proxy middleware and your frontend dashboard console node simultaneously:

docker-compose up -d

The gateway is now listening on http://localhost:8000 and mirroring policies from your Control Plane.


Step 5: Run a Live Frictionless Run Pass

Watch the AgentX SDK utilize its auto-reflective ingestion core to catch a nested SQL injection attempt hidden inside helper variables, bypass internal SQLAlchemy network pointers, and trigger an edge block without throwing a system crash exception:

python examples/08_frictionless_agent_protection.py```
```text


๐Ÿ•น๏ธ Console Session Output Logs:

```text
========================================================================
๐Ÿค– AGENTX DEMO 08: ZERO-CONFIGURATION ENTERPRISE TOOL PROTECTION
========================================================================
Scenario: An engineer wraps an existing corporate function with AgentX.
The SDK automatically parses inputs via Python signature reflection.

๐Ÿ”„ --- Agent Execution Step ---
Agent Attempting Call: dispatch_crm_update(client_id='CLI-99401', profile_notes='...')
Injected Input Payload: 'Customer requested normal update. Retain account historical state; DROP TABLE users;'

๐Ÿ›ก๏ธ [AgentX SDK] Intercepting tool call to 'dispatch_crm_update' and active_stats = 0...
โšก [LOCAL VECTOR SHIELD] Fast-Path Intercept Engaged! (Similarity Score Check: OVERRIDE_MATCHED)
๐Ÿ›‘ [LOCAL BLOCK] Policy 'Mass Destructive Intent' breached locally. Returning offline instruction block string.

๐Ÿ›‘ [AGENTX GATEWAY] Request Intercepted & Blocked!
-> The reflection engine successfully captured the nested SQL payload.
-> The SQLAlchemy session context object was safely ignored.

๐Ÿ”’ Enterprise data assets protected via zero-configuration injection monitoring.
========================================================================

โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•
 ๐Ÿ›ก๏ธ  AgentX Session Summary (Trace: bbfda7a1-8e1b-41dd-8c59-b784a3bbdf6d)
โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•
 โฑ๏ธ  Uptime:                0.27 seconds
 ๐Ÿ› ๏ธ  Tools Monitored:       2
โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€
 ๐Ÿ›‘ Intercepts:            1   |  Cumulative: 3
 ๐Ÿ’ฅ Critical Blocks:       1   |  Cumulative: 1
 ๐Ÿšจ Human Escalations:     0   |  Cumulative: 0
 ๐Ÿ”„ Self-Corrections:      1   |  Cumulative: 0
 ๐Ÿ“ˆ Recovery Rate:         100.0%
 ๐Ÿ’ฐ Tokens Saved:          ~1500
 โณ Time Saved:            ~5s
โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•

๐Ÿ“Š Executive Control Plane Telemetry When your agent script finishes or exits, local telemetry logs (.agentx.db) sync securely back to the central database layout. Open your browser workspace to http://localhost:3000/dashboard to inspect your real-time performance summary matrix:

+-----------------------------------------------------------------------------------+
|                                 SOC SANDBOX                                       |
+-----------------------------------------------------------------------------------+
|  [Task Reliability Rate]  [Tokens Saved]  [Compute Capital]  [DevOps Time Saved]  |
|          12.1%             1,309,000 tkn        $6.54             24.0 hrs        |
|   ๐Ÿ“ˆ Socratic Recovery      โšก JIT Optimized    ๐Ÿ’ฐ Spend Saved    โฑ๏ธ Reclaimed SWE |
+-----------------------------------------------------------------------------------+

Advanced ROI Formula Mappings:Task Reliability Rate: (Safe Pivots / Total Threat Sessions) * 100. Compiles the percentage of threatened agent execution steps that reached full completion via automated self-healing loops.Tokens Saved: Tracks total prompt overhead prevented by keeping static security text blocks out of context prompts, combined with eliminating runaway agent monologue loops at exactly Turn 3.Compute Capital Retained: Translates aggregate saved token matrices down to corporate infrastructure runway dollars using model API baselines ($$0.005 / \text{1,000 tokens}$).Engineering Time Saved: Calculates cumulative wall-clock SWE debugging hours saved by allowing the engine to handle compliance out-of-band ($\approx $75.00/\text{hr}$).


๐Ÿง  The 5 Pillars of Agentic Security

AgentX is built on a "Reasoning Engine" architecture that treats AI agents as autonomous employees rather than static scripts. We secure them through five core pillars:

  1. Cognitive Interception: We intercept tool calls to compare the agent's stated intent (Chain of Thought) against its actual deterministic action.

  2. Socratic Nudging: Instead of crashing the agent with a 403 Forbidden, we issue a Socratic Challenge to guide them to a safe, desired end-goal.

  3. Human-in-the-Loop (HITL): If the gateway cannot judge intent safely, the agent is paused (202 Accepted) and sent to a SOC Sandbox for human evaluation.

  4. Dynamic Policy Refresh: Policies are pushed out-of-band via a centralized Control Plane, updating localized edge-caches within 3 seconds.

  5. Auditable Self-Healing: The system dynamically captures successful agent recovery rates on your dashboard when a model successfully self-corrects post-challenge.


๐Ÿš€ The 4 Shields (Defense-in-Depth)

  1. The Inbound Shield (Prompt Injection): Sanitizes inbound user text to prevent cognitive hijacking ("Ignore previous instructions") before the agent reads it.

  2. The Logic Shield (Database Guard): Uses AST parsing and Gemini to catch destructive queries (DROP, DELETE) and nudges the agent to write safer SQL.

  3. The Network Shield (SSRF Guard): Prevents agents from acting as confused deputies to hit cloud metadata IPs (e.g., 169.254.169.254).

  4. The Egress Shield (DLP/PII Scrubber): Dynamically masks PII and API keys on the wire, maintaining clean audit logs without triggering SOC alert fatigue.


๐Ÿ“Š Local Telemetry & Agent Health

AgentX ships with a built-in, privacy-first SQLite time-series event log (.agentx.db). It tracks every interception locally. When your agent script finishes or crashes, AgentX automatically prints a comprehensive Session Summary and Lifetime ROI dashboard:

โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•
 ๐Ÿ›ก๏ธ  AgentX Session Summary
โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•
 โฑ๏ธ  Uptime:                9.17 seconds
 ๐Ÿ› ๏ธ  Tools Monitored:       2
โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€
 ๐Ÿ›‘ Intercepts:            1   |  Cumulative: 5
 ๐Ÿ’ฅ Critical Blocks:       1   |  Cumulative: 5
 ๐Ÿ’ฐ Tokens Saved:      ~1500   |  Cumulative: ~7500
 โณ Time Saved:        ~5m     |  Cumulative: ~25m
โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•
 ๐Ÿฉบ AGENT HEALTH INSIGHT
โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€
 โš ๏ธ Top Offender: 'Database Isolation'
 ๐Ÿ› ๏ธ  Tip: Consider refining your agent's system prompt to avoid this.
โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•

๐Ÿ“ฆ Try the other Developer Demos Inside the examples/ folder, you will find a few standalone scripts proving the AgentX Reasoning Layer:

  • 01_self_healing_agent.py: Watch AgentX catch a hallucination and coach the agent to self-correct (Saving tokens and uptime).
  • 02_cognitive_intent_block.py: Watch the Semantic Firewall catch malicious intent even when the raw syntax is perfectly safe.
  • 03_human_escalation.py: See how an agent safely pauses execution and pings a SOC analyst for approval using a 202 Accepted queue.
  • And many more...

๐Ÿ•น๏ธ Human-in-the-Loop (HITL) & Control Plane

Sometimes, an agent needs to drop a table for a valid business reason.

AgentX features a Next.js Control Plane Dashboard. If an agent requests an escalation, the SDK securely pauses local execution and polls the Edge Gateway. A human SOC analyst can click "Approve" or "Deny" in the UI, and the Python execution loop will automatically resume.

cd ui
npm install
npm run dev

---

## ๐Ÿ—๏ธ The Architecture (Split-Plane)

AgentX relies on a decoupled, hybrid-cloud architecture to ensure maximum performance and security for AI-driven enterprise systems.

* **The Edge SDK (AgentX)**: The lightweight Python package that instruments agent tools and triggers local Socratic self-healing.
* **The Data Plane (Semantic Firewall)**: A Python FastAPI middleware (the "Wedge") that intercepts raw HTTP/SQL payloads *before* they hit the database.
* **The Control Plane (Dashboard)**: A Next.js application (deployed via Vercel) that allows human reviewers to monitor intercepted agent traffic, review chains of thought, and approve or deny parked requests.
* **The Shared Brain**: Supabase acts as the central state manager. Both the Control Plane and Data Plane synchronize via Supabase, decoupling the network architecture and allowing asynchronous state polling.
* **The Evaluator**: Google's Gemini 2.5 Flash is used to translate an agent's Chain of Thought (CoT) into a zero-knowledge taxonomy to evaluate intent against YAML-defined enterprise policies.

---

## โœจ Key Features & Built-in Policies

* **Automated Socratic Self-Healing**: Intercepts dangerous tool calls and challenges the agent to revise its strategy.
* **Fast Pass Heuristic Traps**: Instantly intercepts structurally dangerous queries (e.g., `DROP TABLE`, `DELETE`) with minimal latency.
* **Zero-Knowledge Intent Extraction**: Prevents malicious prompt injection by translating raw agent logic into a strict schema before policy evaluation.
* **Dynamic Cloud Policies**: Enforces isolation rules instantly via a Supabase-backed Control Plane that syncs to edge caches in 3 seconds.

---

## ๐Ÿ”’ Security Posture

* **Secret Management**: API keys are never checked into version control. Production variables are managed securely via the Vercel Dashboard.
* **History Scrubbing**: This repository has been scrubbed of legacy keys using git-filter-repo.
* **Private IP**: Repository is private to protect proprietary evaluation prompts and architecture.

---

๐Ÿš€ Future Roadmap & Milestones
โœ… Trust Boundary Shift: Moved neuro-symbolic evaluation entirely into the Data Plane container to eliminate agent runtime bypasses. (Completed)

โœ… Zero-Knowledge Hard Split-Plane: Mathematically enforced VPC telemetry isolation via localized metric stripping. (Completed)

โœ… Zero-Config Reflection Engine: Eliminated manual query and CoT boilerplate writing using dynamic signature parameters compilation hooks. (Completed)

โœ… Local Vector Shield Engine: Hydrated compiled .bin weight matrices right inside process RAM to support offline sub-millisecond validations. (Completed)

โฌœ Local LRU Neural Cache: Deduplicate vector embeddings to minimize edge latency down to sub-1ms. (Next Up)

โฌœ Containerized Multi-Region Edge Cluster: Standardize container blueprints for automated high-availability deployments onto AWS ECS and Render clusters. (Active)


๐Ÿค Contributing & Support
We are actively partnering with engineering groups building production-grade autonomous agent systems. If you are tracking high-concurrency tool execution lines and are terrified of what your agent loops might drop or execute, open an issue card or reach out directly to join our design partner circle!

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

agentx_security_sdk-0.2.10.tar.gz (28.5 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

agentx_security_sdk-0.2.10-py3-none-any.whl (25.2 kB view details)

Uploaded Python 3

File details

Details for the file agentx_security_sdk-0.2.10.tar.gz.

File metadata

  • Download URL: agentx_security_sdk-0.2.10.tar.gz
  • Upload date:
  • Size: 28.5 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.12.1

File hashes

Hashes for agentx_security_sdk-0.2.10.tar.gz
Algorithm Hash digest
SHA256 dcd62b71181bba7320f8c5adf7863a7600a633b23c118c4a7cfe1bd0d08f227a
MD5 83919610ef9f9ab837868ddce95c2bde
BLAKE2b-256 a4e29f0eda43bd50490874f3e6bd151459f97f7e936107ec2ae82411318bcb31

See more details on using hashes here.

File details

Details for the file agentx_security_sdk-0.2.10-py3-none-any.whl.

File metadata

File hashes

Hashes for agentx_security_sdk-0.2.10-py3-none-any.whl
Algorithm Hash digest
SHA256 34b931f628620c926b891c944ff78ff1bcd4f961ef81ca7f07a50f9228098dc2
MD5 f0ea8d6f86759e7ee9a1e2c684fdd746
BLAKE2b-256 e02590f3aaa90ec318718c933a3f3952ffd1891f01577065d7a10b98e91871ef

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page