Runtime safety for AI agents. Stop agents before they break things.
Project description
Edictum
Runtime contracts for AI agents.
AI agents make tool calls. Tool calls have side effects. Nobody governs what happens between "agent decides" and "tool executes." Edictum is that governance layer — preconditions, postconditions, session limits, and a full audit trail, enforced at the point where decision becomes action.
Show Me
contracts.yaml
apiVersion: edictum/v1
kind: ContractBundle
metadata:
name: my-policy
defaults:
mode: enforce
contracts:
- id: block-sensitive-reads
type: pre
tool: read_file
when:
args.path:
contains_any: [".env", ".secret", "credentials", ".pem", "id_rsa"]
then:
effect: deny
message: "Sensitive file '{args.path}' blocked."
tags: [secrets, dlp]
Python
import asyncio
from edictum import Edictum, EdictumDenied
async def main():
guard = Edictum.from_yaml("contracts.yaml")
try:
result = await guard.run("read_file", {"path": "/app/config.json"}, read_file_fn)
print(result)
except EdictumDenied as e:
print(f"Denied: {e}")
asyncio.run(main())
CLI
$ edictum validate contracts.yaml
✓ contracts.yaml — 1 contract (1 pre)
$ edictum check contracts.yaml --tool read_file --args '{"path": ".env"}'
⛔ DENIED by block-sensitive-reads
Message: Sensitive file '.env' blocked.
Tags: secrets, dlp
Rules evaluated: 1
Framework integration (one adapter, same guard)
from edictum.adapters.langchain import EdictumMiddleware
middleware = EdictumMiddleware(guard)
# Wraps any LangChain tool — preconditions, audit, and session limits apply automatically
Features
- YAML contracts — Preconditions, postconditions, and session limits declared in version-controlled YAML files
- 6 framework adapters — LangChain, CrewAI, Agno, Semantic Kernel, OpenAI Agents SDK, Claude Agent SDK
- Audit trail — Structured JSON events with automatic redaction of secrets (OpenAI keys, AWS creds, JWTs, GitHub tokens)
- Observe mode — Shadow-deploy contracts without blocking; review
CALL_WOULD_DENYevents before enforcing - CLI tooling —
validate,check,diff, andreplaycommands for CI/CD integration - Principal context — Role, ticket ref, and claims propagated through every decision and audit event
- Session limits — Cap total calls, attempts, and per-tool executions to catch runaway agents
- Zero runtime deps — Pure Python 3.11+. OTel, sinks, and adapters are optional extras
How It Compares
| Approach | Scope | Runtime enforcement | Audit trail |
|---|---|---|---|
| Prompt/output guardrails | Input/output text | No — advisory only | No |
| API gateways / MCP proxies | Network transport | Yes — at the proxy | Partial |
| Security scanners | Post-hoc analysis | No — detection only | Yes |
| Manual if-statements | Per-tool, ad hoc | Yes — scattered logic | No |
| Edictum | Tool call contracts | Yes — deterministic pipeline | Yes — structured + redacted |
Install
pip install edictum # core (zero deps)
pip install edictum[yaml] # + YAML contract engine
pip install edictum[sinks] # + webhook, Splunk, Datadog sinks
pip install edictum[cli] # + validate/check/diff/replay CLI
pip install edictum[all] # everything
Built-in Templates
guard = Edictum.from_template("file-agent") # secret file protection, destructive cmd blocking
guard = Edictum.from_template("research-agent") # output PII detection, session limits
guard = Edictum.from_template("devops-agent") # role gates, ticket requirements, bash safety
Links
- Documentation
- GitHub
- PyPI
- Changelog
- License (MIT)
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
edictum-0.4.0.tar.gz
(146.6 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
edictum-0.4.0-py3-none-any.whl
(57.9 kB
view details)
File details
Details for the file edictum-0.4.0.tar.gz.
File metadata
- Download URL: edictum-0.4.0.tar.gz
- Upload date:
- Size: 146.6 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: uv/0.10.0 {"installer":{"name":"uv","version":"0.10.0","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
0fdcb4e2708e11cb48a99f527cac8119d62868eec6fb47bd6a110eadc0dfc042
|
|
| MD5 |
13dc53f9cbc3047b4ebd395fd9f6b34f
|
|
| BLAKE2b-256 |
9fe9117a9a2f6f96e3ede8a4e4904d1c9bffd8b35f724f52dc264f4c82e33580
|
File details
Details for the file edictum-0.4.0-py3-none-any.whl.
File metadata
- Download URL: edictum-0.4.0-py3-none-any.whl
- Upload date:
- Size: 57.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: uv/0.10.0 {"installer":{"name":"uv","version":"0.10.0","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
780fc7fb5a0b684f42edf6b0836b88022cf1a5d4d2c5417effcf449fc4a97b5b
|
|
| MD5 |
b7636a91c89be116a38b22df3f27227b
|
|
| BLAKE2b-256 |
6336b96dcf91b06996ea939da5f7a35e87e4f51674f8662c92f40d8614a7e384
|
