Framework-agnostic middleware for approving or denying AI agent tool calls.
Project description
Doberman
Framework-agnostic middleware for approving or denying AI agent tool calls before they execute.
Doberman sits between an AI agent and its tools. Instead of allowing an agent to directly execute a function, the call is first routed through Doberman, which decides whether to allow or block it based on user-defined policies or an interactive approval prompt.
Features
- Approve or deny tool calls before execution
- Allow once / deny once
- Always allow / always deny
- Persistent permission storage (
policies.json) - CLI for managing permissions
- Framework-agnostic design
- Zero external runtime dependencies
Installation
pip install doberman-agent
Or install from source:
git clone https://github.com/DakshSharma304/Doberman.git
cd Doberman
pip install -e .
Quick Example
from doberman import doberman
tool_call = {
"tool": "gmail",
"args": {
"action": "send_email",
"to": "alice@example.com",
"subject": "Hello",
"body": "Hi!"
}
}
tools = {
"gmail": gmail_tool
}
result = doberman(tool_call, tools)
If the permission has never been seen before, Doberman asks the user:
Doberman permission request
Tool: gmail
Action: send_email
1 = Allow once
2 = Always allow
3 = Deny once
4 = Always deny
Future requests follow the stored policy automatically.
Example
A complete Gemini + Gmail example is included:
examples/gemini_gmail_agent.py
Install the example dependencies:
pip install -r requirements-examples.txt
CLI
List permissions:
doberman list
Allow permissions:
doberman allow gmail.send_email
Allow multiple permissions:
doberman allow gmail.send_email gmail.read_latest
Deny permissions:
doberman deny gmail.send_email
Remove permissions:
doberman remove gmail.send_email
Project Structure
doberman/
__init__.py
cli.py
doberman.py
policy.py
examples/
gemini_gmail_agent.py
Roadmap
- Desktop approval dialog
- Wildcard policies (
gmail.*) - Conditional policies
- Framework adapters (OpenAI, Anthropic, LangGraph, CrewAI)
- Logging and auditing
- PyPI release
Contributing
Issues and pull requests are welcome.
License
Licensed under the GNU GPL v3.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file doberman_agent-0.1.0.tar.gz.
File metadata
- Download URL: doberman_agent-0.1.0.tar.gz
- Upload date:
- Size: 16.6 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
2bddac7bf8b12a4b93e003ef64d696b05e5686bdd4aeaed5b3b42e0789c53b4d
|
|
| MD5 |
0d9366f590b5f2ea316583ba8cd2c9eb
|
|
| BLAKE2b-256 |
3693fe17c9ae7200a59575c433a00c2080e6f7d6e5e272b16dfe9f5dc9585bcd
|
Provenance
The following attestation bundles were made for doberman_agent-0.1.0.tar.gz:
Publisher:
publish.yml on DakshSharma304/Doberman
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
doberman_agent-0.1.0.tar.gz -
Subject digest:
2bddac7bf8b12a4b93e003ef64d696b05e5686bdd4aeaed5b3b42e0789c53b4d - Sigstore transparency entry: 2085106909
- Sigstore integration time:
-
Permalink:
DakshSharma304/Doberman@78e48317209eae7338c342ca3d163d9df35f319e -
Branch / Tag:
refs/heads/main - Owner: https://github.com/DakshSharma304
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@78e48317209eae7338c342ca3d163d9df35f319e -
Trigger Event:
workflow_dispatch
-
Statement type:
File details
Details for the file doberman_agent-0.1.0-py3-none-any.whl.
File metadata
- Download URL: doberman_agent-0.1.0-py3-none-any.whl
- Upload date:
- Size: 17.7 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
f3b15903e8746ab92e53f5c7a71f069358969c9bdd6cb42af47eacdf6002cae3
|
|
| MD5 |
5d663fad77611ba79fd9c46fa289c46c
|
|
| BLAKE2b-256 |
1f21d630d5b9ff0f73dd359f77f99e38e711545b58560491c3a1aa51520d60dc
|
Provenance
The following attestation bundles were made for doberman_agent-0.1.0-py3-none-any.whl:
Publisher:
publish.yml on DakshSharma304/Doberman
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
doberman_agent-0.1.0-py3-none-any.whl -
Subject digest:
f3b15903e8746ab92e53f5c7a71f069358969c9bdd6cb42af47eacdf6002cae3 - Sigstore transparency entry: 2085106925
- Sigstore integration time:
-
Permalink:
DakshSharma304/Doberman@78e48317209eae7338c342ca3d163d9df35f319e -
Branch / Tag:
refs/heads/main - Owner: https://github.com/DakshSharma304
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@78e48317209eae7338c342ca3d163d9df35f319e -
Trigger Event:
workflow_dispatch
-
Statement type: