Cordum Safety Guard — @guard decorator for LangChain, LlamaIndex, and plain Python functions

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for yaront111 from gravatar.com yaront111

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License Expression: Apache-2.0
    SPDX License Expression
  • Author: Cordum
  • Tags cordum , guard , safety , ai , langchain , llamaindex
  • Requires: Python >=3.9
  • Provides-Extra: langchain , llamaindex , dev
Report project as malware

Project description

cordum-guard

Safety governance for Python AI agents. Add Cordum safety checks to existing Python code with a single decorator — no rewrite required.

Install

pip install cordum-guard

With LangChain or LlamaIndex support:

pip install cordum-guard[langchain]
pip install cordum-guard[llamaindex]

Quick Start

from cordum_guard import CordumClient, guard

client = CordumClient("http://localhost:8081", api_key="your-api-key")

@guard(client, policy="financial_ops", risk_tags=["write", "financial"])
def execute_transfer(amount: float, to_account: str):
    bank_api.transfer(amount, to_account)

The @guard decorator intercepts every call to execute_transfer:

  1. Evaluates the safety policy via the Cordum Safety Kernel
  2. allow — function runs normally
  3. deny — raises CordumBlockedError
  4. require_approval — waits for human approval in the dashboard
  5. throttle — delays execution per policy

LangChain Integration

from cordum_guard import CordumClient
from cordum_guard.langchain import CordumToolGuard

client = CordumClient("http://localhost:8081", api_key="your-api-key")
guarded_tools = CordumToolGuard(client, policy="agent_ops").wrap(tools)
agent = initialize_agent(guarded_tools, llm)

LlamaIndex Integration

from cordum_guard import CordumClient
from cordum_guard.llamaindex import CordumToolGuard

client = CordumClient("http://localhost:8081", api_key="your-api-key")
guarded_tools = CordumToolGuard(client, policy="agent_ops").wrap(tools)

Async Support

The @guard decorator works with both sync and async functions:

@guard(client, policy="ops")
async def async_operation():
    return await some_api_call()

Configuration

CordumClient

Parameter Default Description
gateway_url Cordum gateway URL
api_key API key for authentication
tenant_id "default" Tenant identifier
timeout 30.0 HTTP request timeout (seconds)
cache_ttl 0 Cache TTL in seconds (0 = disabled)
cache_max_size 1000 Max cached policy entries
on_error "closed" Failure mode: "closed", "open", or callable

@guard decorator

Parameter Default Description
client CordumClient instance
policy "" Policy name (label for traceability)
risk_tags [] Risk tags sent to the Safety Kernel
capability function name Override the capability identifier
topic "job.guard" NATS topic for policy evaluation
timeout 300.0 Max wait for approval decisions (seconds)

CordumToolGuard (LangChain / LlamaIndex)

Parameter Default Description
client CordumClient instance
policy "" Policy name
risk_tags [] Risk tags for all wrapped tools
topic "job.guard" NATS topic for evaluation

Testing

Use MockCordumClient to test guarded code without a live gateway:

from cordum_guard import guard, MockCordumClient, Decision

mock = MockCordumClient(default_decision=Decision.ALLOW)
mock.set_policy_response("dangerous-ops", Decision.DENY)

@guard(mock, capability="safe-op")
def safe_func():
    return "works"

@guard(mock, capability="dangerous-ops")
def risky_func():
    return "blocked"

assert safe_func() == "works"
# risky_func() raises CordumBlockedError

# Inspect what was evaluated:
assert len(mock.call_log) == 1
assert mock.call_log[0].capability == "safe-op"

Caching

Enable TTL-based caching to reduce gateway round-trips:

client = CordumClient(
    gateway_url="http://localhost:8081",
    api_key="my-key",
    cache_ttl=30,       # cache decisions for 30s (0 = disabled)
    cache_max_size=500,  # max cached entries
)
# ALLOW/DENY/THROTTLE cached; REQUIRE_APPROVAL always fresh
# Bypass cache per-call: client.evaluate_policy(..., cache=False)
# Clear cache: client.clear_cache()

Failure Modes

Configure what happens when the gateway is unreachable:

# Default: fail-closed (raise CordumConnectionError)
client = CordumClient("http://localhost:8081", api_key="key", on_error="closed")

# Fail-open: allow operations when gateway is down
client = CordumClient("http://localhost:8081", api_key="key", on_error="open")

# Callback: custom logic per error
def my_fallback(error):
    if "critical" in str(error):
        raise error  # fail closed for critical
    return SafetyDecision(decision=Decision.ALLOW)

client = CordumClient("http://localhost:8081", api_key="key", on_error=my_fallback)

Only connection/timeout errors trigger fail-open. Auth errors (401/403) and explicit DENY responses always propagate normally.

License

Apache-2.0

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for yaront111 from gravatar.com yaront111

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License Expression: Apache-2.0
    SPDX License Expression
  • Author: Cordum
  • Tags cordum , guard , safety , ai , langchain , llamaindex
  • Requires: Python >=3.9
  • Provides-Extra: langchain , llamaindex , dev

Release history Release notifications | RSS feed

2.10.0

2.9.3

2.9.2

2.9.1

2.9.0

2.8.6

2.8.4

2.7.0

2.6.1

2.6.0

This version

2.5.4

2.5.3

2.5.2

2.0.20

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

cordum_guard-2.5.4.tar.gz (19.4 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

cordum_guard-2.5.4-py3-none-any.whl (14.8 kB view details)

Uploaded Python 3

File details

Details for the file cordum_guard-2.5.4.tar.gz.

File metadata

  • Download URL: cordum_guard-2.5.4.tar.gz
  • Upload date:
  • Size: 19.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for cordum_guard-2.5.4.tar.gz
Algorithm Hash digest
SHA256 b7bcb8529495e007102282c38f5dcc4c55039ce89c6ec149b69c99c5758d444c
MD5 3ca62734e26a741982bca85c7e3bc901
BLAKE2b-256 46e7c28ede43c9e130b6ef6e9617769a5dc755e46dfd727b1505531f927acda9

See more details on using hashes here.

Provenance

The following attestation bundles were made for cordum_guard-2.5.4.tar.gz:

Publisher: publish-python-guard.yml on cordum-io/cap

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file cordum_guard-2.5.4-py3-none-any.whl.

File metadata

  • Download URL: cordum_guard-2.5.4-py3-none-any.whl
  • Upload date:
  • Size: 14.8 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for cordum_guard-2.5.4-py3-none-any.whl
Algorithm Hash digest
SHA256 ef62ffa9053da7c9eeac9ec1230f0ca33683460ddb9614ba41e30394cc6c1c7b
MD5 e5e2e50fc88e2e1c9e1cc58f1c004833
BLAKE2b-256 6fd6cdc4475a6d06a142894e462cd4b983dc02e1c728e4ea4f1fc0bd53a0a1df

See more details on using hashes here.

Provenance

The following attestation bundles were made for cordum_guard-2.5.4-py3-none-any.whl:

Publisher: publish-python-guard.yml on cordum-io/cap

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page