The Missing Safety Layer for AI Agents
Project description
FailWatch ๐ก๏ธ
The Missing Safety Layer for AI Agents
FailWatch prevents your AI agents from performing dangerous actions (e.g., unauthorized refunds, hallucinations, logic drift) by intercepting tool calls before they execute.
Unlike standard evaluation tools that check output after the fact, FailWatch acts as a synchronous Circuit Breaker in your production pipeline.
๐ฏ Why FailWatch?
When AI agents have access to production tools (databases, payment APIs, email), a single hallucination can cause real damage:
- E-commerce: Agent refunds $10,000 instead of $100
- Banking: Transfers money to wrong account due to context drift
- Operations: Deletes production database thinking it's a test environment
FailWatch sits between your agent and dangerous actions, enforcing safety policies in real-time.
โก Key Features
๐ Deterministic Policy Checks
Hard blocks on numeric limits, regex patterns, and business rules. No LLM guessing involved.
policy = {
"max_amount": 1000,
"allowed_accounts": ["checking", "savings"],
"forbidden_keywords": ["delete_all", "drop_table"]
}
๐ก๏ธ Fail-Closed Architecture
Financial-grade safety. If the guard server is down or times out, the action is blocked by default. Money stays put.
๐ฅ Human-in-the-Loop
Seamlessly escalate "gray area" actions to Slack, email, or CLI for human approval before execution.
๐ Audit Ready
Every decision generates a trace_id and decision_id for compliance logging and post-incident analysis.
โก Sub-50ms Latency
Deterministic checks run in microseconds. LLM checks (when needed) complete in <2s with caching.
๐ Quick Start
1๏ธโฃ Installation
Clone the repository and install dependencies:
git clone https://github.com/Ludwig1827/FailWatch.git
cd FailWatch
pip install -r requirements.txt
2๏ธโฃ Start the Guard Server
The stateless server handles policy evaluation and LLM-based judgment:
cd server
# Set your OpenAI API Key (required for LLM judge)
# Windows (PowerShell):
$env:OPENAI_API_KEY="sk-..."
# Mac/Linux:
export OPENAI_API_KEY="sk-..."
# Start the server
uvicorn main:app --reload
โ Server running at: http://127.0.0.1:8000
3๏ธโฃ Run the Demo Agent
Open a new terminal in the project root (FailWatch/) and run the banking agent simulation:
python examples/banking_agent.py
4๏ธโฃ See It In Action
The demo runs three scenarios:
-
โ Block: Agent tries to transfer $2,000 (Policy Limit: $1,000)
โ FailWatch blocks it instantly -
โธ๏ธ Review: Agent tries $5,000 transfer with override flag
โ FailWatch pauses for human approval -
๐ Fail-Closed: System simulates network outage
โ FailWatch prevents execution (safe default)
๐ ๏ธ Usage
Basic Integration
Wrap your sensitive functions with the @guard decorator:
from sdk import FailWatchSDK
# Initialize SDK
fw = FailWatchSDK(
server_url="http://localhost:8000",
default_fail_mode="closed" # Fail-safe default
)
@fw.guard(
input_arg="user_request", # Agent's intent
output_arg="tool_args", # Parsed parameters
policy={ # Your safety rules
"max_amount": 1000,
"require_approval_above": 500
}
)
def refund_user(user_request: str, tool_args: dict):
"""This code ONLY runs if FailWatch approves"""
amount = tool_args['amount']
account = tool_args['account']
# Execute the actual refund
print(f"๐ธ Refunding ${amount} to {account}")
return {"status": "success", "amount": amount}
Custom Policies
Define complex business logic:
policy = {
# Hard limits (deterministic)
"max_amount": 1000,
"max_daily_total": 5000,
# Pattern matching
"allowed_account_pattern": r"^[A-Z]{2}\d{8}$",
"forbidden_keywords": ["admin", "root", "sudo"],
# Contextual rules
"require_manager_approval_if": {
"amount_above": 500,
"account_type": "external",
"time_after": "18:00"
}
}
Handling Decisions
# Check the guard's decision
result = fw.check_action(
user_request="Please refund $1500",
tool_args={"amount": 1500, "account": "external"},
policy=policy
)
if result["decision"] == "approved":
execute_refund()
elif result["decision"] == "blocked":
log_security_event(result["reason"])
elif result["decision"] == "review":
notify_manager(result["review_url"])
๐ฆ Architecture
โโโโโโโโโโโโโโโโโโโ
โ Your Agent โ
โ (LangChain, โ
โ LlamaIndex, โ
โ Custom) โ
โโโโโโโโโโฌโโโโโโโโโ
โ
โ @guard decorator
โผ
โโโโโโโโโโโโโโโโโโโ
โ FailWatch SDK โ โโโ Lightweight client
โ (Python) โ Handles interception
โโโโโโโโโโฌโโโโโโโโโ & fallback logic
โ
โ HTTP/gRPC
โผ
โโโโโโโโโโโโโโโโโโโ
โ Guard Server โ โโโ Policy evaluation
โ (FastAPI) โ + LLM judgment
โโโโโโโโโโฌโโโโโโโโโ
โ
โโโบ Deterministic Checks (regex, limits)
โโโบ LLM Judge (logic drift detection)
โโโบ Audit Logger (PostgreSQL/S3)
Components
- SDK (
sdk/): Lightweight Python client with fail-safe defaults - Server (
server/): FastAPI engine for policy evaluation - Dashboard: Trace visualization at
http://localhost:8000/dashboard - Examples (
examples/): Demo agents for banking, e-commerce, ops
๐ Use Cases
Financial Services
- Block unauthorized transactions above policy limits
- Prevent wire transfers to unverified accounts
- Require dual approval for high-value operations
E-commerce
- Stop agents from issuing excessive refunds
- Validate discount codes before applying
- Prevent inventory over-commitment
DevOps
- Block destructive database operations in production
- Require confirmation for infrastructure changes
- Prevent accidental data deletion
Healthcare
- Enforce HIPAA compliance on data access
- Require attestation before PHI disclosure
- Block unauthorized prescription modifications
๐ง Configuration
Create a config.yaml in your project root:
failwatch:
server_url: "http://localhost:8000"
timeout: 5 # seconds
default_fail_mode: "closed" # or "open"
retry:
enabled: true
max_attempts: 3
backoff_multiplier: 2
logging:
level: "INFO"
destination: "failwatch.log"
human_review:
slack_webhook: "https://hooks.slack.com/..."
approval_timeout: 300 # 5 minutes
Load it in your code:
fw = FailWatchSDK.from_config("config.yaml")
๐งช Testing
Run the test suite:
# Unit tests
pytest tests/unit/
# Integration tests (requires server)
pytest tests/integration/
# Load tests
pytest tests/load/ -n auto
๐ Roadmap
- Core policy engine
- LLM-based logic drift detection
- Human-in-the-loop approvals
- Dashboard UI for trace analysis
- Slack/Teams integration
- Multi-LLM judge support (Claude, Gemini)
- gRPC support for lower latency
- Policy versioning & rollback
- Custom webhook integrations
- SOC2 compliance toolkit
๐ค Contributing
We're looking for design partners running agents in:
- ๐ฆ Fintech
- โ๏ธ Legal
- ๐ฅ Healthcare
- ๐ง DevOps
Want to help build the standard for AI reliability?
- Fork the repo
- Create a feature branch (
git checkout -b feature/amazing-safety-check) - Commit your changes (
git commit -m 'Add amazing safety check') - Push to the branch (
git push origin feature/amazing-safety-check) - Open a Pull Request
See CONTRIBUTING.md for detailed guidelines.
๐ Troubleshooting
Server won't start
# Check if port 8000 is in use
lsof -i :8000 # Mac/Linux
netstat -ano | findstr :8000 # Windows
# Use a different port
uvicorn main:app --port 8001
OpenAI API errors
# Verify your key is set
echo $OPENAI_API_KEY # Mac/Linux
echo $env:OPENAI_API_KEY # Windows
# Check your OpenAI quota
curl https://api.openai.com/v1/models \
-H "Authorization: Bearer $OPENAI_API_KEY"
Timeout errors
# Increase timeout in SDK
fw = FailWatchSDK(timeout=10) # seconds
๐ License
MIT License - see LICENSE for details.
๐ Acknowledgments
Built with:
๐ Support
- ๐ง Email: support@failwatch.dev
- ๐ฌ Discord: Join our community
- ๐ฆ Twitter: @failwatch
- ๐ Issues: GitHub Issues
Built with โค๏ธ for the AI safety community
โญ Star us on GitHub โข ๐ Documentation โข ๐ Get Started
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file failwatch-0.1.0.tar.gz.
File metadata
- Download URL: failwatch-0.1.0.tar.gz
- Upload date:
- Size: 18.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.10.11
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
7cfa771d6b148d29d248cbecac7fdd47b6a2472b070bd41a9b2148aedc626a45
|
|
| MD5 |
69667aaab5301eb71b8af376485071f1
|
|
| BLAKE2b-256 |
ed883e45989a940b664d9ec6ffb7c02ffe8072db6d382b0cf3ddc3060ec6907a
|
File details
Details for the file failwatch-0.1.0-py3-none-any.whl.
File metadata
- Download URL: failwatch-0.1.0-py3-none-any.whl
- Upload date:
- Size: 9.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.10.11
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
5344ecbac6579ce6ed5e62c9a0543686ec6003d46256b16a395aa367d4b76bb5
|
|
| MD5 |
fa003cd21852002786dce6ab2246680a
|
|
| BLAKE2b-256 |
e7eda91985abbebdd1164ec0276899fb50ac732b861bb331b2ed9c643d627ab9
|