Runtime safety for AI agents. Stop agents before they break things.

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for acartag7 from gravatar.com acartag7

Unverified details

These details have not been verified by PyPI
Meta
  • License Expression: MIT
    SPDX License Expression
  • Requires: Python >=3.11
  • Provides-Extra: agno , all , cli , crewai , dev , langchain , openai-agents , otel , semantic-kernel , yaml
Classifiers
Report project as malware

Project description

Edictum

PyPI License Python

Runtime contracts for AI agents.

AI agents make tool calls. Tool calls have side effects. Nobody governs what happens between "agent decides" and "tool executes." Edictum is that governance layer — preconditions, postconditions, session limits, and a full audit trail, enforced at the point where decision becomes action.

Show Me

contracts.yaml

apiVersion: edictum/v1
kind: ContractBundle

metadata:
  name: my-policy

defaults:
  mode: enforce

contracts:
  - id: block-sensitive-reads
    type: pre
    tool: read_file
    when:
      args.path:
        contains_any: [".env", ".secret", "credentials", ".pem", "id_rsa"]
    then:
      effect: deny
      message: "Sensitive file '{args.path}' blocked."
      tags: [secrets, dlp]

Python

import asyncio
from edictum import Edictum, EdictumDenied

async def main():
    guard = Edictum.from_yaml("contracts.yaml")

    try:
        result = await guard.run("read_file", {"path": "/app/config.json"}, read_file_fn)
        print(result)
    except EdictumDenied as e:
        print(f"Denied: {e}")

asyncio.run(main())

CLI

$ edictum validate contracts.yaml
✓ contracts.yaml  1 contract (1 pre)

$ edictum check contracts.yaml --tool read_file --args '{"path": ".env"}' DENIED by block-sensitive-reads
   Message: Sensitive file '.env' blocked.
   Tags: secrets, dlp
   Rules evaluated: 1

Framework integration (one adapter, same guard)

from edictum.adapters.langchain import EdictumMiddleware

middleware = EdictumMiddleware(guard)
# Wraps any LangChain tool — preconditions, audit, and session limits apply automatically

Features

  • YAML contracts — Preconditions, postconditions, and session limits declared in version-controlled YAML files
  • 6 framework adapters — LangChain, CrewAI, Agno, Semantic Kernel, OpenAI Agents SDK, Claude Agent SDK
  • Audit trail — Structured JSON events with automatic redaction of secrets (OpenAI keys, AWS creds, JWTs, GitHub tokens)
  • Observe mode — Shadow-deploy contracts without blocking; review CALL_WOULD_DENY events before enforcing
  • CLI toolingvalidate, check, diff, and replay commands for CI/CD integration
  • Principal context — Role, ticket ref, and claims propagated through every decision and audit event
  • Postcondition findings — Structured detection results from tool output checks, with optional remediation callbacks (redact PII, replace secrets, log and continue)
  • Session limits — Cap total calls, attempts, and per-tool executions to catch runaway agents
  • Zero runtime deps — Pure Python 3.11+. OTel and adapters are optional extras

How It Compares

Approach Scope Runtime enforcement Audit trail
Prompt/output guardrails Input/output text No — advisory only No
API gateways / MCP proxies Network transport Yes — at the proxy Partial
Security scanners Post-hoc analysis No — detection only Yes
Manual if-statements Per-tool, ad hoc Yes — scattered logic No
Edictum Tool call contracts Yes — deterministic pipeline Yes — structured + redacted

Framework Support

Edictum integrates with 6 agent frameworks. Same YAML contracts, same governance, different integration patterns:

Framework Integration PII Redaction Complexity
LangChain + LangGraph as_tool_wrapper() Full interception Low
OpenAI Agents SDK as_guardrails() Logged only Medium
Agno as_tool_hook() Full interception Low
Semantic Kernel register() Full interception Medium–High
CrewAI register() Partial High
Claude Agent SDK to_sdk_hooks() Logged only Low

See Adapter Docs for setup, known limitations, and recommendations.

Install

pip install edictum              # core (zero deps)
pip install edictum[yaml]        # + YAML contract engine
pip install edictum[otel]        # + OpenTelemetry span emission
pip install edictum[cli]         # + validate/check/diff/replay CLI
pip install edictum[all]         # everything

Built-in Templates

guard = Edictum.from_template("file-agent")      # secret file protection, destructive cmd blocking
guard = Edictum.from_template("research-agent")   # output PII detection, session limits
guard = Edictum.from_template("devops-agent")     # role gates, ticket requirements, bash safety

Links

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for acartag7 from gravatar.com acartag7

Unverified details

These details have not been verified by PyPI
Meta
  • License Expression: MIT
    SPDX License Expression
  • Requires: Python >=3.11
  • Provides-Extra: agno , all , cli , crewai , dev , langchain , openai-agents , otel , semantic-kernel , yaml
Classifiers

Release history Release notifications | RSS feed

0.18.0

0.17.0

0.16.0

0.15.0

0.13.0

0.12.2

0.12.1

0.12.0

0.11.3

0.11.2

0.11.1

0.11.0

0.10.0

0.9.0

0.8.1

0.8.0

0.7.0

0.6.2

0.6.1

0.6.0

0.5.4

0.5.3

This version

0.5.2

0.5.1

0.5.0

0.4.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

edictum-0.5.2.tar.gz (162.4 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

edictum-0.5.2-py3-none-any.whl (61.6 kB view details)

Uploaded Python 3

File details

Details for the file edictum-0.5.2.tar.gz.

File metadata

  • Download URL: edictum-0.5.2.tar.gz
  • Upload date:
  • Size: 162.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: uv/0.10.0 {"installer":{"name":"uv","version":"0.10.0","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for edictum-0.5.2.tar.gz
Algorithm Hash digest
SHA256 c24fce9248b4d7acc69783b02ccc132317850defb7a1f1bc9d6b449f3a461504
MD5 a70e3f280eb93900be55dfe4146d283d
BLAKE2b-256 f29c8ece8714988a4f836bcc20c7afca59a26d0637731f2939e61c59ba358326

See more details on using hashes here.

File details

Details for the file edictum-0.5.2-py3-none-any.whl.

File metadata

  • Download URL: edictum-0.5.2-py3-none-any.whl
  • Upload date:
  • Size: 61.6 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: uv/0.10.0 {"installer":{"name":"uv","version":"0.10.0","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for edictum-0.5.2-py3-none-any.whl
Algorithm Hash digest
SHA256 c4d446f240fd0fe95fa535951f6ee271476286003993fa993d4d0cffa2451204
MD5 0e419e714efad7da4789c26579a52d31
BLAKE2b-256 1aa8d7ee0e3aedfb186f648ac12b38a839ecd269eb953b921b809470dea5f142

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page