Cordum Safety Guard — @guard decorator for LangChain, LlamaIndex, and plain Python functions

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for yaront111 from gravatar.com yaront111

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License Expression: Apache-2.0
    SPDX License Expression
  • Author: Cordum
  • Tags cordum , guard , safety , ai , langchain , llamaindex
  • Requires: Python >=3.9
  • Provides-Extra: langchain , llamaindex , dev
Report project as malware

Project description

cordum-guard

Safety governance for Python AI agents. Add Cordum safety checks to existing Python code with a single decorator — no rewrite required.

Install

pip install cordum-guard

With LangChain or LlamaIndex support:

pip install cordum-guard[langchain]
pip install cordum-guard[llamaindex]

Quick Start

from cordum_guard import CordumClient, guard

client = CordumClient("http://localhost:8081", api_key="your-api-key")

@guard(client, policy="financial_ops", risk_tags=["write", "financial"])
def execute_transfer(amount: float, to_account: str):
    bank_api.transfer(amount, to_account)

The @guard decorator intercepts every call to execute_transfer:

  1. Evaluates the safety policy via the Cordum Safety Kernel
  2. allow — function runs normally
  3. deny — raises CordumBlockedError
  4. require_approval — waits for human approval in the dashboard
  5. throttle — delays execution per policy

LangChain Integration

from cordum_guard import CordumClient
from cordum_guard.langchain import CordumToolGuard

client = CordumClient("http://localhost:8081", api_key="your-api-key")
guarded_tools = CordumToolGuard(client, policy="agent_ops").wrap(tools)
agent = initialize_agent(guarded_tools, llm)

LlamaIndex Integration

from cordum_guard import CordumClient
from cordum_guard.llamaindex import CordumToolGuard

client = CordumClient("http://localhost:8081", api_key="your-api-key")
guarded_tools = CordumToolGuard(client, policy="agent_ops").wrap(tools)

Async Support

The @guard decorator works with both sync and async functions:

@guard(client, policy="ops")
async def async_operation():
    return await some_api_call()

Configuration

CordumClient

Parameter Default Description
gateway_url Cordum gateway URL
api_key API key for authentication
tenant_id "default" Tenant identifier
timeout 30.0 HTTP request timeout (seconds)
cache_ttl 0 Cache TTL in seconds (0 = disabled)
cache_max_size 1000 Max cached policy entries
on_error "closed" Failure mode: "closed", "open", or callable

@guard decorator

Parameter Default Description
client CordumClient instance
policy "" Policy name (label for traceability)
risk_tags [] Risk tags sent to the Safety Kernel
capability function name Override the capability identifier
topic "job.guard" NATS topic for policy evaluation
timeout 300.0 Max wait for approval decisions (seconds)

CordumToolGuard (LangChain / LlamaIndex)

Parameter Default Description
client CordumClient instance
policy "" Policy name
risk_tags [] Risk tags for all wrapped tools
topic "job.guard" NATS topic for evaluation

Testing

Use MockCordumClient to test guarded code without a live gateway:

from cordum_guard import guard, MockCordumClient, Decision

mock = MockCordumClient(default_decision=Decision.ALLOW)
mock.set_policy_response("dangerous-ops", Decision.DENY)

@guard(mock, capability="safe-op")
def safe_func():
    return "works"

@guard(mock, capability="dangerous-ops")
def risky_func():
    return "blocked"

assert safe_func() == "works"
# risky_func() raises CordumBlockedError

# Inspect what was evaluated:
assert len(mock.call_log) == 1
assert mock.call_log[0].capability == "safe-op"

Caching

Enable TTL-based caching to reduce gateway round-trips:

client = CordumClient(
    gateway_url="http://localhost:8081",
    api_key="my-key",
    cache_ttl=30,       # cache decisions for 30s (0 = disabled)
    cache_max_size=500,  # max cached entries
)
# ALLOW/DENY/THROTTLE cached; REQUIRE_APPROVAL always fresh
# Bypass cache per-call: client.evaluate_policy(..., cache=False)
# Clear cache: client.clear_cache()

Failure Modes

Configure what happens when the gateway is unreachable:

# Default: fail-closed (raise CordumConnectionError)
client = CordumClient("http://localhost:8081", api_key="key", on_error="closed")

# Fail-open: allow operations when gateway is down
client = CordumClient("http://localhost:8081", api_key="key", on_error="open")

# Callback: custom logic per error
def my_fallback(error):
    if "critical" in str(error):
        raise error  # fail closed for critical
    return SafetyDecision(decision=Decision.ALLOW)

client = CordumClient("http://localhost:8081", api_key="key", on_error=my_fallback)

Only connection/timeout errors trigger fail-open. Auth errors (401/403) and explicit DENY responses always propagate normally.

License

Apache-2.0

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for yaront111 from gravatar.com yaront111

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License Expression: Apache-2.0
    SPDX License Expression
  • Author: Cordum
  • Tags cordum , guard , safety , ai , langchain , llamaindex
  • Requires: Python >=3.9
  • Provides-Extra: langchain , llamaindex , dev

Release history Release notifications | RSS feed

2.10.0

2.9.3

This version

2.9.2

2.9.1

2.9.0

2.8.6

2.8.4

2.7.0

2.6.1

2.6.0

2.5.4

2.5.3

2.5.2

2.0.20

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

cordum_guard-2.9.2.tar.gz (19.4 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

cordum_guard-2.9.2-py3-none-any.whl (14.8 kB view details)

Uploaded Python 3

File details

Details for the file cordum_guard-2.9.2.tar.gz.

File metadata

  • Download URL: cordum_guard-2.9.2.tar.gz
  • Upload date:
  • Size: 19.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for cordum_guard-2.9.2.tar.gz
Algorithm Hash digest
SHA256 625c2cbac141d2bcf0e35b163d117b229bf9028b63512f1b01c385070f39e959
MD5 7933298d8d1b1408e7cc683165f6a56e
BLAKE2b-256 f2c068d1711a69df8ac3a97da51f9a78d4319683f3976b3ef5174795e7a6a4db

See more details on using hashes here.

Provenance

The following attestation bundles were made for cordum_guard-2.9.2.tar.gz:

Publisher: publish-python-guard.yml on cordum-io/cap

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file cordum_guard-2.9.2-py3-none-any.whl.

File metadata

  • Download URL: cordum_guard-2.9.2-py3-none-any.whl
  • Upload date:
  • Size: 14.8 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for cordum_guard-2.9.2-py3-none-any.whl
Algorithm Hash digest
SHA256 a1fb150b02126fc9005db7bec7ac7877e974d8f7dd65b80f5d35791bedb72f61
MD5 e53186793680aa0c96e9fdb80fc2d17a
BLAKE2b-256 a502f29a20ba07d66e98a390f10beb2703d59c5a4c5ebb83f537fc3a8be72e7f

See more details on using hashes here.

Provenance

The following attestation bundles were made for cordum_guard-2.9.2-py3-none-any.whl:

Publisher: publish-python-guard.yml on cordum-io/cap

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page