Runtime safety for AI agents. Stop agents before they break things.

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for acartag7 from gravatar.com acartag7

Unverified details

These details have not been verified by PyPI
Meta
  • License Expression: MIT
    SPDX License Expression
  • Requires: Python >=3.11
  • Provides-Extra: agno , all , cli , crewai , dev , langchain , openai-agents , otel , semantic-kernel , yaml
Classifiers
Report project as malware

Project description

Edictum

PyPI License Python

Runtime contract enforcement for AI agent tool calls.

AI agents call tools with real-world side effects -- reading files, querying databases, executing commands. The standard defense is prompt engineering, but prompts are suggestions the LLM can ignore. Edictum enforces contracts at the decision-to-action seam: before a tool call executes, Edictum checks it against YAML contracts and denies it if it violates policy. The agent cannot bypass it.

This is not feature flags. This is not prompt guardrails. Edictum is a deterministic enforcement point for tool calls -- preconditions before execution, postconditions after, session limits across turns, and a full audit trail.

Show Me

contracts.yaml

apiVersion: edictum/v1
kind: ContractBundle

metadata:
  name: my-policy

defaults:
  mode: enforce

contracts:
  - id: block-sensitive-reads
    type: pre
    tool: read_file
    when:
      args.path:
        contains_any: [".env", ".secret", "credentials", ".pem", "id_rsa"]
    then:
      effect: deny
      message: "Sensitive file '{args.path}' denied."
      tags: [secrets, dlp]

Python

import asyncio
from edictum import Edictum, EdictumDenied

async def read_file_fn(path):
    return open(path).read()

async def main():
    guard = Edictum.from_yaml("contracts.yaml")

    try:
        result = await guard.run("read_file", {"path": "/app/config.json"}, read_file_fn)
        print(result)
    except EdictumDenied as e:
        print(f"Denied: {e}")

asyncio.run(main())

CLI

$ edictum validate contracts.yaml
  contracts.yaml -- 1 contract (1 pre)

$ edictum check contracts.yaml --tool read_file --args '{"path": ".env"}'
  DENIED by block-sensitive-reads
   Message: Sensitive file '.env' denied.
   Tags: secrets, dlp
   Rules evaluated: 1

Framework integration (one adapter, same contracts)

from edictum import Edictum, Principal
from edictum.adapters.langchain import LangChainAdapter

guard = Edictum.from_yaml("contracts.yaml")
adapter = LangChainAdapter(guard, principal=Principal(role="analyst"))
wrapper = adapter.as_tool_wrapper()
# Wraps any LangChain tool -- preconditions, audit, and session limits apply automatically

How It Works

  1. Write contracts in YAML. Preconditions deny dangerous calls before execution. Postconditions check tool output after. Session limits cap total calls and retries.
  2. Attach to your agent framework. One adapter line. Same contracts across all six frameworks.
  3. Every tool call passes through the pipeline. Preconditions, session limits, and principal context are evaluated. If any contract fails, the call is denied and never executes.
  4. Full audit trail. Every evaluation produces a structured event with automatic secret redaction.

How It Compares

Approach Scope Runtime enforcement Audit trail
Prompt/output guardrails Input/output text No -- advisory only No
API gateways / MCP proxies Network transport Yes -- at the proxy Partial
Security scanners Post-hoc analysis No -- detection only Yes
Manual if-statements Per-tool, ad hoc Yes -- scattered logic No
Edictum Tool call contracts Yes -- deterministic pipeline Yes -- structured + redacted

Framework Support

Edictum integrates with six agent frameworks. Same YAML contracts, same enforcement, different adapter patterns:

Framework Integration PII Redaction Complexity
LangChain + LangGraph as_tool_wrapper() Full interception Low
OpenAI Agents SDK as_guardrails() Logged only Medium
Agno as_tool_hook() Full interception Low
Semantic Kernel register() Full interception Medium-High
CrewAI register() Partial High
Claude Agent SDK to_sdk_hooks() Logged only Low

See Adapter Docs for setup, known limitations, and recommendations.

Install

Requires Python 3.11+. Current version: v0.5.4.

pip install edictum              # core (zero deps)
pip install edictum[yaml]        # + YAML contract engine
pip install edictum[otel]        # + OpenTelemetry span emission
pip install edictum[cli]         # + validate/check/diff/replay CLI
pip install edictum[all]         # everything

Built-in Templates

guard = Edictum.from_template("file-agent")      # secret file protection, destructive cmd blocking
guard = Edictum.from_template("research-agent")   # output PII detection, session limits
guard = Edictum.from_template("devops-agent")     # role gates, ticket requirements, bash safety

Demos & Examples

Links

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for acartag7 from gravatar.com acartag7

Unverified details

These details have not been verified by PyPI
Meta
  • License Expression: MIT
    SPDX License Expression
  • Requires: Python >=3.11
  • Provides-Extra: agno , all , cli , crewai , dev , langchain , openai-agents , otel , semantic-kernel , yaml
Classifiers

Release history Release notifications | RSS feed

0.18.0

0.17.0

0.16.0

0.15.0

0.13.0

0.12.2

0.12.1

0.12.0

0.11.3

0.11.2

0.11.1

0.11.0

0.10.0

0.9.0

0.8.1

0.8.0

0.7.0

0.6.2

0.6.1

0.6.0

This version

0.5.4

0.5.3

0.5.2

0.5.1

0.5.0

0.4.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

edictum-0.5.4.tar.gz (206.9 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

edictum-0.5.4-py3-none-any.whl (65.1 kB view details)

Uploaded Python 3

File details

Details for the file edictum-0.5.4.tar.gz.

File metadata

  • Download URL: edictum-0.5.4.tar.gz
  • Upload date:
  • Size: 206.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: uv/0.10.0 {"installer":{"name":"uv","version":"0.10.0","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for edictum-0.5.4.tar.gz
Algorithm Hash digest
SHA256 ffc114e966f8122e39a92483308139e797dd80c7fff289df1b7dbb0d362fe08a
MD5 f51421e8f3b883230383f9cb060b6fd9
BLAKE2b-256 8ca192090fb890a4f316c1859358051de0f81c3e74142d5af6218756a6223d7b

See more details on using hashes here.

File details

Details for the file edictum-0.5.4-py3-none-any.whl.

File metadata

  • Download URL: edictum-0.5.4-py3-none-any.whl
  • Upload date:
  • Size: 65.1 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: uv/0.10.0 {"installer":{"name":"uv","version":"0.10.0","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for edictum-0.5.4-py3-none-any.whl
Algorithm Hash digest
SHA256 4cd4c201749b663678882c06c389cc2bf87d8398479500c89ba498d6f86570f6
MD5 fbed0b3eeddae729ecb369aa44d94b23
BLAKE2b-256 70460df202a53759b30ed5932df3f7de084e10b30f8127b44f3e35c51b033ef6

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page