Cordum Safety Guard — @guard decorator for LangChain, LlamaIndex, and plain Python functions

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for yaront111 from gravatar.com yaront111

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License Expression: Apache-2.0
    SPDX License Expression
  • Author: Cordum
  • Tags cordum , guard , safety , ai , langchain , llamaindex
  • Requires: Python >=3.9
  • Provides-Extra: langchain , llamaindex , dev
Report project as malware

Project description

cordum-guard

Safety governance for Python AI agents. Add Cordum safety checks to existing Python code with a single decorator — no rewrite required.

Install

pip install cordum-guard

With LangChain or LlamaIndex support:

pip install cordum-guard[langchain]
pip install cordum-guard[llamaindex]

Quick Start

from cordum_guard import CordumClient, guard

client = CordumClient("http://localhost:8081", api_key="your-api-key")

@guard(client, policy="financial_ops", risk_tags=["write", "financial"])
def execute_transfer(amount: float, to_account: str):
    bank_api.transfer(amount, to_account)

The @guard decorator intercepts every call to execute_transfer:

  1. Evaluates the safety policy via the Cordum Safety Kernel
  2. allow — function runs normally
  3. deny — raises CordumBlockedError
  4. require_approval — waits for human approval in the dashboard
  5. throttle — delays execution per policy

LangChain Integration

from cordum_guard import CordumClient
from cordum_guard.langchain import CordumToolGuard

client = CordumClient("http://localhost:8081", api_key="your-api-key")
guarded_tools = CordumToolGuard(client, policy="agent_ops").wrap(tools)
agent = initialize_agent(guarded_tools, llm)

LlamaIndex Integration

from cordum_guard import CordumClient
from cordum_guard.llamaindex import CordumToolGuard

client = CordumClient("http://localhost:8081", api_key="your-api-key")
guarded_tools = CordumToolGuard(client, policy="agent_ops").wrap(tools)

Async Support

The @guard decorator works with both sync and async functions:

@guard(client, policy="ops")
async def async_operation():
    return await some_api_call()

Configuration

CordumClient

Parameter Default Description
gateway_url Cordum gateway URL
api_key API key for authentication
tenant_id "default" Tenant identifier
timeout 30.0 HTTP request timeout (seconds)
cache_ttl 0 Cache TTL in seconds (0 = disabled)
cache_max_size 1000 Max cached policy entries
on_error "closed" Failure mode: "closed", "open", or callable

@guard decorator

Parameter Default Description
client CordumClient instance
policy "" Policy name (label for traceability)
risk_tags [] Risk tags sent to the Safety Kernel
capability function name Override the capability identifier
topic "job.guard" NATS topic for policy evaluation
timeout 300.0 Max wait for approval decisions (seconds)

CordumToolGuard (LangChain / LlamaIndex)

Parameter Default Description
client CordumClient instance
policy "" Policy name
risk_tags [] Risk tags for all wrapped tools
topic "job.guard" NATS topic for evaluation

Testing

Use MockCordumClient to test guarded code without a live gateway:

from cordum_guard import guard, MockCordumClient, Decision

mock = MockCordumClient(default_decision=Decision.ALLOW)
mock.set_policy_response("dangerous-ops", Decision.DENY)

@guard(mock, capability="safe-op")
def safe_func():
    return "works"

@guard(mock, capability="dangerous-ops")
def risky_func():
    return "blocked"

assert safe_func() == "works"
# risky_func() raises CordumBlockedError

# Inspect what was evaluated:
assert len(mock.call_log) == 1
assert mock.call_log[0].capability == "safe-op"

Caching

Enable TTL-based caching to reduce gateway round-trips:

client = CordumClient(
    gateway_url="http://localhost:8081",
    api_key="my-key",
    cache_ttl=30,       # cache decisions for 30s (0 = disabled)
    cache_max_size=500,  # max cached entries
)
# ALLOW/DENY/THROTTLE cached; REQUIRE_APPROVAL always fresh
# Bypass cache per-call: client.evaluate_policy(..., cache=False)
# Clear cache: client.clear_cache()

Failure Modes

Configure what happens when the gateway is unreachable:

# Default: fail-closed (raise CordumConnectionError)
client = CordumClient("http://localhost:8081", api_key="key", on_error="closed")

# Fail-open: allow operations when gateway is down
client = CordumClient("http://localhost:8081", api_key="key", on_error="open")

# Callback: custom logic per error
def my_fallback(error):
    if "critical" in str(error):
        raise error  # fail closed for critical
    return SafetyDecision(decision=Decision.ALLOW)

client = CordumClient("http://localhost:8081", api_key="key", on_error=my_fallback)

Only connection/timeout errors trigger fail-open. Auth errors (401/403) and explicit DENY responses always propagate normally.

License

Apache-2.0

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for yaront111 from gravatar.com yaront111

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License Expression: Apache-2.0
    SPDX License Expression
  • Author: Cordum
  • Tags cordum , guard , safety , ai , langchain , llamaindex
  • Requires: Python >=3.9
  • Provides-Extra: langchain , llamaindex , dev

Release history Release notifications | RSS feed

2.13.3

2.13.2

This version

2.13.1

2.13.0

2.10.0

2.9.3

2.9.2

2.9.1

2.9.0

2.8.6

2.8.4

2.7.0

2.6.1

2.6.0

2.5.4

2.5.3

2.5.2

2.0.20

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

cordum_guard-2.13.1.tar.gz (19.4 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

cordum_guard-2.13.1-py3-none-any.whl (14.9 kB view details)

Uploaded Python 3

File details

Details for the file cordum_guard-2.13.1.tar.gz.

File metadata

  • Download URL: cordum_guard-2.13.1.tar.gz
  • Upload date:
  • Size: 19.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.13

File hashes

Hashes for cordum_guard-2.13.1.tar.gz
Algorithm Hash digest
SHA256 910ca6acc5af95dea25b1cb5680e9cec497e8ecf1f5440193da0d09a81afcd0a
MD5 3e90246fcba3c30c60e04cacbd5f37e1
BLAKE2b-256 48d89ed47156d67a30d5550c0148930b6fbe905274f9f019cb48abe5196317af

See more details on using hashes here.

Provenance

The following attestation bundles were made for cordum_guard-2.13.1.tar.gz:

Publisher: publish-python-guard.yml on cordum-io/cap

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file cordum_guard-2.13.1-py3-none-any.whl.

File metadata

  • Download URL: cordum_guard-2.13.1-py3-none-any.whl
  • Upload date:
  • Size: 14.9 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.13

File hashes

Hashes for cordum_guard-2.13.1-py3-none-any.whl
Algorithm Hash digest
SHA256 95c141747a81119e5e88b398c6ea884e43a6510bc18afeb810a638bc7794aeee
MD5 d4df121078845413088b10bfb8653ca8
BLAKE2b-256 f20f2eda2df5ffb666e5c68716c1b928916bde05cb32f888cd686ecfb72b3239

See more details on using hashes here.

Provenance

The following attestation bundles were made for cordum_guard-2.13.1-py3-none-any.whl:

Publisher: publish-python-guard.yml on cordum-io/cap

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page