Skip to main content

Zero Trust Security for AI Agents

Project description

Cerone

Check AI agent actions before they run.

Cerone gives your agent an identity, lets you declare what it is supposed to do, and returns a runtime decision before a tool call executes:

  • approved
  • flagged
  • rejected

Use it when your agent is about to do something real:

  • read or write files
  • hit internal APIs
  • query a database
  • perform billing, support, or ops actions
  • call tools on behalf of users

Cerone is built for teams that want a simple question answered at runtime:

Should this agent be allowed to do this action right now?


Why Developers Install Cerone

  • validate agent tool calls before execution
  • keep your existing model stack and keys
  • detect actions that do not fit the agent's declared purpose
  • catch risky or suspicious action payloads early
  • add identity, trust, and audit signals without rebuilding your app
  • start from a hosted trial directly from the SDK

Cerone is not a model proxy. It sits around agent actions, not between you and your LLM provider.


Install

pip install cerone

Fastest way to verify everything works:

cerone demo

If your shell has not picked up the installed script yet:

python3 -m cerone demo

cerone demo bootstraps a hosted trial, creates a demo agent, runs one real validation, and prints the result.

Once The Trial Starts, Do This Next

Do not stop at "trial started."

Go straight to the first value path:

  1. Create your first agent with a real purpose and capability set.
  2. Validate one real action your app actually wants to run.
  3. Look at the returned decision: approved, flagged, or rejected.

If you only bootstrap the trial but never create an agent or validate an action, you have not actually tested Cerone yet.

If you only want a lightweight connectivity and hosted-trial bootstrap check:

cerone

macOS note: if pip install cerone succeeds but cerone says command not found, your Python scripts directory may not be on PATH yet. On many macOS installs, this fixes it:

echo 'export PATH="/Library/Frameworks/Python.framework/Versions/3.10/bin:$PATH"' >> ~/.zprofile
source ~/.zprofile
hash -r

Then try:

cerone demo

If you are working from source:

git clone https://github.com/AnantDhavale/cerone_sdk.git
cd cerone_sdk
pip install -e .

Quick Start

import asyncio

from cerone import CeroneClient, infer_agent_profile_from_action


async def main():
    client = CeroneClient(
        base_url="https://api.homersemantics.com",
    )

    try:
        profile = infer_agent_profile_from_action(
            "file_read",
            {"path": "README.md"},
            workspace_target="repository files such as README.md",
        )

        agent = client.create_agent(
            purpose=profile.purpose,
            capabilities=profile.capabilities,
            environment="development",
        )

        result = await client.validate_async(
            agent_id=agent.agent_id,
            action="file_read",
            parameters={"path": "README.md"},
        )

        print("Agent:", agent.agent_id)
        print("Decision:", result.result)
        print("Trust:", result.trust_score)
        print("Alignment:", result.semantic_alignment)
    finally:
        await client.aclose()


asyncio.run(main())

What happens here:

  1. Cerone creates an agent identity with declared purpose and capabilities.
  2. Your app asks Cerone to validate a real action.
  3. Cerone returns a runtime decision before that action is executed.

A More Typical Sync Example

from cerone import CeroneClient

client = CeroneClient()

agent = client.create_agent(
    purpose="Answer customer billing questions and look up billing records.",
    capabilities=["db_read", "billing_api"],
    environment="development",
)

result = client.validate(
    agent.agent_id,
    "database_query",
    {"table": "billing", "customer_id": "123"},
)

print(result.result, result.trust_score)
client.close()

The intended flow is simple:

  • approved -> continue
  • flagged -> review or warn according to your app policy
  • rejected -> block execution

Purpose Fidelity Matters

Cerone works best when the declared purpose actually matches what the agent is doing.

If you are wrapping common tools like file_read, avoid vague purpose text. This is better:

from cerone import CeroneClient, infer_agent_profile_from_action

client = CeroneClient(integration_id="openclaw-plugin")

profile = infer_agent_profile_from_action(
    "file_read",
    {"path": "README.md"},
    workspace_target="repository files such as README.md",
)

agent = client.create_agent(
    purpose=profile.purpose,
    capabilities=profile.capabilities,
    environment="development",
)

Use infer_agent_profile_from_action(...) when you want stronger default purpose and capability hints for common tool patterns.


Single Validation vs Batch Validation

Start with validate(...) for one action. Use validate_batch([...]) only when you already have multiple validation items to send together.

from cerone import CeroneClient

client = CeroneClient()

results = client.validate_batch([
    {
        "agent_id": "agt_123",
        "action": {
            "tool": "database_query",
            "parameters": {"table": "billing", "customer_id": "123"},
        },
    },
    {
        "agent_id": "agt_456",
        "action": {
            "tool": "refund_lookup",
            "parameters": {"refund_id": "rf_789"},
        },
    },
])

for item in results:
    print(item.agent_id, item.result, item.trust_score)

client.close()

If you call validate_batch([]), the SDK raises a local error before sending a request.


What Cerone Checks

Cerone is useful when permissions alone are not enough.

It helps answer questions like:

  • is this action consistent with the agent's declared purpose?
  • is this tool use inside the granted capability scope?
  • does this payload look suspicious, evasive, or unsafe?
  • should the action be allowed, flagged, or blocked?

Depending on the action and context, Cerone can help catch:

  • agents drifting outside their role
  • over-permitted agents doing the wrong thing
  • suspicious file, API, or data access patterns
  • manipulative or policy-evasive tool calls

SDK Lifecycle Hooks

Cerone stays lightweight, but it can emit structured local lifecycle signals for debugging, integration analytics, or your own telemetry sink.

from cerone import CeroneClient, TelemetryEventType


def on_sdk_event(event):
    if event.event_type == TelemetryEventType.LOCAL_ERROR:
        print("Local SDK issue:", event.payload)


client = CeroneClient(
    integration_id="openclaw-plugin",
    telemetry_hook=on_sdk_event,
)

Current hook events:

  • client_initialized
  • hosted_trial_started
  • trial_token_received
  • agent_created
  • validation_attempted
  • validation_result_received
  • batch_validation_attempted
  • local_error

Hosted Trial and Access

Cerone currently has two usage paths.

1. Hosted trial

  • CeroneClient() can bootstrap an anonymous hosted trial token automatically
  • includes 2,500 one-time validations
  • designed for first use, testing, and demos
  • no model proxy required

2. Persistent access

  • for POCs, pilots, and production environments
  • contact us for provisioned persistent SDK access

Support and onboarding:

Hosted service terms:


Bring Your Own Model Key

Cerone validates agent behaviour. It does not replace your inference provider.

You keep your own OpenAI, Anthropic, or other provider key and send model calls through your normal stack. Cerone checks intended actions and returns runtime decisions around those actions.

import asyncio
import openai

from cerone import CeroneClient


async def main():
    client = CeroneClient(
        base_url="https://api.homersemantics.com",
    )
    openai_client = openai.AsyncOpenAI(api_key="sk-...")

    try:
        agent = client.create_agent(
            purpose="Summarise support tickets",
            capabilities=["read_ticket", "write_summary"],
        )

        validation = await client.validate_async(
            agent_id=agent.agent_id,
            action="write_summary",
            parameters={"ticket_id": "T-001"},
        )
        print("Decision:", validation.result)

        response = await openai_client.chat.completions.create(
            model="gpt-4o-mini",
            messages=[{"role": "user", "content": "Summarise ticket T-001"}],
        )
        print(response)
    finally:
        await client.aclose()


asyncio.run(main())

Other SDKs

Current Cerone SDK surfaces:

If you are building in Python:

pip install cerone

If you are building in Node:

npm install agent-governance

License

This SDK repository currently uses a proprietary commercial SDK license.

The SDK source license and the hosted Cerone service terms are separate:

Free trial and hosted commercial terms are subject to change.


Contact

If you are building with agents and want tighter control over what they are allowed to do, reach out. Now with advanced analytics.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

cerone-1.1.23.tar.gz (28.6 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

cerone-1.1.23-py3-none-any.whl (23.4 kB view details)

Uploaded Python 3

File details

Details for the file cerone-1.1.23.tar.gz.

File metadata

  • Download URL: cerone-1.1.23.tar.gz
  • Upload date:
  • Size: 28.6 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for cerone-1.1.23.tar.gz
Algorithm Hash digest
SHA256 08ed34bb805174da960cc1eec92921bc93b9a8705f32557c047099d2af6fcc2e
MD5 52b51fb0d15f6226c81e56559a1873ac
BLAKE2b-256 f61539c7461b0275b6d55685ce18899504db241979c51457649b2416f850dc37

See more details on using hashes here.

File details

Details for the file cerone-1.1.23-py3-none-any.whl.

File metadata

  • Download URL: cerone-1.1.23-py3-none-any.whl
  • Upload date:
  • Size: 23.4 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for cerone-1.1.23-py3-none-any.whl
Algorithm Hash digest
SHA256 582750ad01d2fb4b960abde0c085f0cc9011a8f502469dccc26aed56658216c0
MD5 757ab55b3c51f696b0d7f9996c7dd9da
BLAKE2b-256 afd2e8453bacfa318e668595aef66ab08de48d98cbcd78d5c636f861b0c6bd9c

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page