Cordum Safety Guard — @guard decorator for LangChain, LlamaIndex, and plain Python functions

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for yaront111 from gravatar.com yaront111

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License Expression: Apache-2.0
    SPDX License Expression
  • Author: Cordum
  • Tags cordum , guard , safety , ai , langchain , llamaindex
  • Requires: Python >=3.9
  • Provides-Extra: langchain , llamaindex , dev
Report project as malware

Project description

cordum-guard

Safety governance for Python AI agents. Add Cordum safety checks to existing Python code with a single decorator — no rewrite required.

Install

pip install cordum-guard

With LangChain or LlamaIndex support:

pip install cordum-guard[langchain]
pip install cordum-guard[llamaindex]

Quick Start

from cordum_guard import CordumClient, guard

client = CordumClient("http://localhost:8081", api_key="your-api-key")

@guard(client, policy="financial_ops", risk_tags=["write", "financial"])
def execute_transfer(amount: float, to_account: str):
    bank_api.transfer(amount, to_account)

The @guard decorator intercepts every call to execute_transfer:

  1. Evaluates the safety policy via the Cordum Safety Kernel
  2. allow — function runs normally
  3. deny — raises CordumBlockedError
  4. require_approval — waits for human approval in the dashboard
  5. throttle — delays execution per policy

LangChain Integration

from cordum_guard import CordumClient
from cordum_guard.langchain import CordumToolGuard

client = CordumClient("http://localhost:8081", api_key="your-api-key")
guarded_tools = CordumToolGuard(client, policy="agent_ops").wrap(tools)
agent = initialize_agent(guarded_tools, llm)

LlamaIndex Integration

from cordum_guard import CordumClient
from cordum_guard.llamaindex import CordumToolGuard

client = CordumClient("http://localhost:8081", api_key="your-api-key")
guarded_tools = CordumToolGuard(client, policy="agent_ops").wrap(tools)

Async Support

The @guard decorator works with both sync and async functions:

@guard(client, policy="ops")
async def async_operation():
    return await some_api_call()

Configuration

CordumClient

Parameter Default Description
gateway_url Cordum gateway URL
api_key API key for authentication
tenant_id "default" Tenant identifier
timeout 30.0 HTTP request timeout (seconds)
cache_ttl 0 Cache TTL in seconds (0 = disabled)
cache_max_size 1000 Max cached policy entries
on_error "closed" Failure mode: "closed", "open", or callable

@guard decorator

Parameter Default Description
client CordumClient instance
policy "" Policy name (label for traceability)
risk_tags [] Risk tags sent to the Safety Kernel
capability function name Override the capability identifier
topic "job.guard" NATS topic for policy evaluation
timeout 300.0 Max wait for approval decisions (seconds)

CordumToolGuard (LangChain / LlamaIndex)

Parameter Default Description
client CordumClient instance
policy "" Policy name
risk_tags [] Risk tags for all wrapped tools
topic "job.guard" NATS topic for evaluation

Testing

Use MockCordumClient to test guarded code without a live gateway:

from cordum_guard import guard, MockCordumClient, Decision

mock = MockCordumClient(default_decision=Decision.ALLOW)
mock.set_policy_response("dangerous-ops", Decision.DENY)

@guard(mock, capability="safe-op")
def safe_func():
    return "works"

@guard(mock, capability="dangerous-ops")
def risky_func():
    return "blocked"

assert safe_func() == "works"
# risky_func() raises CordumBlockedError

# Inspect what was evaluated:
assert len(mock.call_log) == 1
assert mock.call_log[0].capability == "safe-op"

Caching

Enable TTL-based caching to reduce gateway round-trips:

client = CordumClient(
    gateway_url="http://localhost:8081",
    api_key="my-key",
    cache_ttl=30,       # cache decisions for 30s (0 = disabled)
    cache_max_size=500,  # max cached entries
)
# ALLOW/DENY/THROTTLE cached; REQUIRE_APPROVAL always fresh
# Bypass cache per-call: client.evaluate_policy(..., cache=False)
# Clear cache: client.clear_cache()

Failure Modes

Configure what happens when the gateway is unreachable:

# Default: fail-closed (raise CordumConnectionError)
client = CordumClient("http://localhost:8081", api_key="key", on_error="closed")

# Fail-open: allow operations when gateway is down
client = CordumClient("http://localhost:8081", api_key="key", on_error="open")

# Callback: custom logic per error
def my_fallback(error):
    if "critical" in str(error):
        raise error  # fail closed for critical
    return SafetyDecision(decision=Decision.ALLOW)

client = CordumClient("http://localhost:8081", api_key="key", on_error=my_fallback)

Only connection/timeout errors trigger fail-open. Auth errors (401/403) and explicit DENY responses always propagate normally.

License

Apache-2.0

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for yaront111 from gravatar.com yaront111

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License Expression: Apache-2.0
    SPDX License Expression
  • Author: Cordum
  • Tags cordum , guard , safety , ai , langchain , llamaindex
  • Requires: Python >=3.9
  • Provides-Extra: langchain , llamaindex , dev

Release history Release notifications | RSS feed

2.10.0

2.9.3

2.9.2

2.9.1

2.9.0

2.8.6

2.8.4

2.7.0

2.6.1

2.6.0

2.5.4

This version

2.5.3

2.5.2

2.0.20

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

cordum_guard-2.5.3.tar.gz (19.4 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

cordum_guard-2.5.3-py3-none-any.whl (14.8 kB view details)

Uploaded Python 3

File details

Details for the file cordum_guard-2.5.3.tar.gz.

File metadata

  • Download URL: cordum_guard-2.5.3.tar.gz
  • Upload date:
  • Size: 19.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for cordum_guard-2.5.3.tar.gz
Algorithm Hash digest
SHA256 14725751a4e396b9af63e718e7d8468eef16f09e1a5917093b65260c7b0fbb3a
MD5 9e00a2a84bbc269951e95b2911218284
BLAKE2b-256 2b8bea2b03f0635eecfc80ab675c6f990484d9e70969f4ee3c22f2c1471665a3

See more details on using hashes here.

Provenance

The following attestation bundles were made for cordum_guard-2.5.3.tar.gz:

Publisher: publish-python-guard.yml on cordum-io/cap

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file cordum_guard-2.5.3-py3-none-any.whl.

File metadata

  • Download URL: cordum_guard-2.5.3-py3-none-any.whl
  • Upload date:
  • Size: 14.8 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for cordum_guard-2.5.3-py3-none-any.whl
Algorithm Hash digest
SHA256 d0ea115d1e11559eacf71b29b16223eb7a384bd0e06cf10124eda484be617d5b
MD5 6fcfb0b27d4c5151cd08b2616c644124
BLAKE2b-256 a0a4dabc6a9b86640e8dae329b711251334d2739fee9a1ab41491167a31dfc4c

See more details on using hashes here.

Provenance

The following attestation bundles were made for cordum_guard-2.5.3-py3-none-any.whl:

Publisher: publish-python-guard.yml on cordum-io/cap

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page