AIR Trust Layer plugin for LangChain — audit, PII vault, consent gate, and injection detection via callbacks
Project description
air-langchain-trust
AIR Trust Layer plugin for LangChain. Adds audit logging, PII tokenization, consent gating, and prompt injection detection to any LangChain agent via a single callback handler.
Part of the AIR Blackbox ecosystem.
Install
pip install air-langchain-trust
Quick Start
from langchain_openai import ChatOpenAI
from langchain.agents import AgentExecutor, create_openai_tools_agent
from air_langchain_trust import AirTrustCallbackHandler
handler = AirTrustCallbackHandler()
# Attach to any chain or agent
result = agent_executor.invoke(
{"input": "What's the weather?"},
config={"callbacks": [handler]},
)
# Inspect the audit trail
for entry in handler.audit.get_entries():
print(f"{entry.action}: {entry.details}")
What It Does
AuditLedger — HMAC-SHA256 chained log of every tool call, LLM invocation, and chain execution. Tamper-evident: if any entry is modified, the chain breaks.
DataVault — Tokenizes PII (emails, SSNs, credit cards, API keys) before it reaches your logs. Reversible for authorized use.
ConsentGate — Classifies tools by risk level (low/medium/high/critical) and blocks execution when risk exceeds your threshold. Raises ConsentDeniedError.
InjectionDetector — Scans prompts for injection patterns (instruction override, jailbreak, authority impersonation). Raises InjectionBlockedError.
How Blocking Works
LangChain callbacks are observation-only — they can't return False to stop execution. This plugin raises custom exceptions (ConsentDeniedError, InjectionBlockedError) which halt the chain. Catch them in your application code:
from air_langchain_trust.errors import ConsentDeniedError, InjectionBlockedError
try:
result = agent.invoke(input, config={"callbacks": [handler]})
except ConsentDeniedError as e:
print(f"Blocked: {e.tool_name} (risk: {e.risk_level})")
except InjectionBlockedError as e:
print(f"Injection detected: {e.pattern_name}")
Configuration
from air_langchain_trust import AirTrustCallbackHandler, AirTrustConfig, ConsentMode, RiskLevel
config = AirTrustConfig(
consent_mode=ConsentMode.BLOCK_HIGH_AND_CRITICAL,
tool_risk_levels={
"shell": RiskLevel.CRITICAL,
"sql_query": RiskLevel.HIGH,
"web_search": RiskLevel.LOW,
},
injection_block=True,
vault_enabled=True,
audit_secret="your-hmac-secret",
)
handler = AirTrustCallbackHandler(config=config)
Tests
pip install -e ".[dev]"
pytest tests/ -v
License
Apache-2.0
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file air_langchain_trust-0.1.0.tar.gz.
File metadata
- Download URL: air_langchain_trust-0.1.0.tar.gz
- Upload date:
- Size: 15.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
935e312d5b929c45327a2a00d5112151964802b184f214d653d545f623cbca58
|
|
| MD5 |
abed90586180140d87d0ecb9dfae9d7d
|
|
| BLAKE2b-256 |
2981f8a39bf7d61da6179d9a6f5348ca1765817280c35abd94108c79847a40f0
|
File details
Details for the file air_langchain_trust-0.1.0-py3-none-any.whl.
File metadata
- Download URL: air_langchain_trust-0.1.0-py3-none-any.whl
- Upload date:
- Size: 14.3 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
8c255e6da977dc7d62dd8b5c995d9865a709ebbc2906f3d8e5f137f55a00bf98
|
|
| MD5 |
78d9793db0150978e1b2268d904fb5b9
|
|
| BLAKE2b-256 |
7a46ed91c2419e494017d5c80dd7a666cf4fcc1c0e732d259b3334fea5473063
|
