Skip to main content

The Missing Safety Layer for AI Agents

Project description

FailWatch ๐Ÿ›ก๏ธ

The Missing Safety Layer for AI Agents

License: MIT Python 3.8+ FastAPI

FailWatch prevents your AI agents from performing dangerous actions (e.g., unauthorized refunds, hallucinations, logic drift) by intercepting tool calls before they execute.

Unlike standard evaluation tools that check output after the fact, FailWatch acts as a synchronous Circuit Breaker in your production pipeline.


๐ŸŽฏ Why FailWatch?

When AI agents have access to production tools (databases, payment APIs, email), a single hallucination can cause real damage:

  • E-commerce: Agent refunds $10,000 instead of $100
  • Banking: Transfers money to wrong account due to context drift
  • Operations: Deletes production database thinking it's a test environment

FailWatch sits between your agent and dangerous actions, enforcing safety policies in real-time.


โšก Key Features

๐Ÿ”’ Deterministic Policy Checks

Hard blocks on numeric limits, regex patterns, and business rules. No LLM guessing involved.

policy = {
    "max_amount": 1000,
    "allowed_accounts": ["checking", "savings"],
    "forbidden_keywords": ["delete_all", "drop_table"]
}

๐Ÿ›ก๏ธ Fail-Closed Architecture

Financial-grade safety. If the guard server is down or times out, the action is blocked by default. Money stays put.

๐Ÿ‘ฅ Human-in-the-Loop

Seamlessly escalate "gray area" actions to Slack, email, or CLI for human approval before execution.

๐Ÿ“Š Audit Ready

Every decision generates a trace_id and decision_id for compliance logging and post-incident analysis.

โšก Sub-50ms Latency

Deterministic checks run in microseconds. LLM checks (when needed) complete in <2s with caching.


๐Ÿš€ Quick Start

1๏ธโƒฃ Installation

Clone the repository and install dependencies:

git clone https://github.com/Ludwig1827/FailWatch.git
cd FailWatch
pip install -r requirements.txt

2๏ธโƒฃ Start the Guard Server

The stateless server handles policy evaluation and LLM-based judgment:

cd server

# Set your OpenAI API Key (required for LLM judge)
# Windows (PowerShell):
$env:OPENAI_API_KEY="sk-..."

# Mac/Linux:
export OPENAI_API_KEY="sk-..."

# Start the server
uvicorn main:app --reload

โœ… Server running at: http://127.0.0.1:8000

3๏ธโƒฃ Run the Demo Agent

Open a new terminal in the project root (FailWatch/) and run the banking agent simulation:

python examples/banking_agent.py

4๏ธโƒฃ See It In Action

The demo runs three scenarios:

  1. โŒ Block: Agent tries to transfer $2,000 (Policy Limit: $1,000)
    โ†’ FailWatch blocks it instantly

  2. โธ๏ธ Review: Agent tries $5,000 transfer with override flag
    โ†’ FailWatch pauses for human approval

  3. ๐Ÿ”’ Fail-Closed: System simulates network outage
    โ†’ FailWatch prevents execution (safe default)


๐Ÿ› ๏ธ Usage

Basic Integration

Wrap your sensitive functions with the @guard decorator:

from sdk import FailWatchSDK

# Initialize SDK
fw = FailWatchSDK(
    server_url="http://localhost:8000",
    default_fail_mode="closed"  # Fail-safe default
)

@fw.guard(
    input_arg="user_request",      # Agent's intent
    output_arg="tool_args",         # Parsed parameters
    policy={                        # Your safety rules
        "max_amount": 1000,
        "require_approval_above": 500
    }
)
def refund_user(user_request: str, tool_args: dict):
    """This code ONLY runs if FailWatch approves"""
    amount = tool_args['amount']
    account = tool_args['account']
    
    # Execute the actual refund
    print(f"๐Ÿ’ธ Refunding ${amount} to {account}")
    return {"status": "success", "amount": amount}

Custom Policies

Define complex business logic:

policy = {
    # Hard limits (deterministic)
    "max_amount": 1000,
    "max_daily_total": 5000,
    
    # Pattern matching
    "allowed_account_pattern": r"^[A-Z]{2}\d{8}$",
    "forbidden_keywords": ["admin", "root", "sudo"],
    
    # Contextual rules
    "require_manager_approval_if": {
        "amount_above": 500,
        "account_type": "external",
        "time_after": "18:00"
    }
}

Handling Decisions

# Check the guard's decision
result = fw.check_action(
    user_request="Please refund $1500",
    tool_args={"amount": 1500, "account": "external"},
    policy=policy
)

if result["decision"] == "approved":
    execute_refund()
elif result["decision"] == "blocked":
    log_security_event(result["reason"])
elif result["decision"] == "review":
    notify_manager(result["review_url"])

๐Ÿ“ฆ Architecture

โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
โ”‚   Your Agent    โ”‚
โ”‚   (LangChain,   โ”‚
โ”‚   LlamaIndex,   โ”‚
โ”‚   Custom)       โ”‚
โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ฌโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜
         โ”‚
         โ”‚ @guard decorator
         โ–ผ
โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
โ”‚  FailWatch SDK  โ”‚  โ—„โ”€โ”€ Lightweight client
โ”‚  (Python)       โ”‚      Handles interception
โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ฌโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜      & fallback logic
         โ”‚
         โ”‚ HTTP/gRPC
         โ–ผ
โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
โ”‚  Guard Server   โ”‚  โ—„โ”€โ”€ Policy evaluation
โ”‚  (FastAPI)      โ”‚      + LLM judgment
โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ฌโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜
         โ”‚
         โ”œโ”€โ–บ Deterministic Checks (regex, limits)
         โ”œโ”€โ–บ LLM Judge (logic drift detection)
         โ””โ”€โ–บ Audit Logger (PostgreSQL/S3)

Components

  • SDK (sdk/): Lightweight Python client with fail-safe defaults
  • Server (server/): FastAPI engine for policy evaluation
  • Dashboard: Trace visualization at http://localhost:8000/dashboard
  • Examples (examples/): Demo agents for banking, e-commerce, ops

๐Ÿ“‹ Use Cases

Financial Services

  • Block unauthorized transactions above policy limits
  • Prevent wire transfers to unverified accounts
  • Require dual approval for high-value operations

E-commerce

  • Stop agents from issuing excessive refunds
  • Validate discount codes before applying
  • Prevent inventory over-commitment

DevOps

  • Block destructive database operations in production
  • Require confirmation for infrastructure changes
  • Prevent accidental data deletion

Healthcare

  • Enforce HIPAA compliance on data access
  • Require attestation before PHI disclosure
  • Block unauthorized prescription modifications

๐Ÿ”ง Configuration

Create a config.yaml in your project root:

failwatch:
  server_url: "http://localhost:8000"
  timeout: 5  # seconds
  default_fail_mode: "closed"  # or "open"
  
  retry:
    enabled: true
    max_attempts: 3
    backoff_multiplier: 2
    
  logging:
    level: "INFO"
    destination: "failwatch.log"
    
  human_review:
    slack_webhook: "https://hooks.slack.com/..."
    approval_timeout: 300  # 5 minutes

Load it in your code:

fw = FailWatchSDK.from_config("config.yaml")

๐Ÿงช Testing

Run the test suite:

# Unit tests
pytest tests/unit/

# Integration tests (requires server)
pytest tests/integration/

# Load tests
pytest tests/load/ -n auto

๐Ÿ“ˆ Roadmap

  • Core policy engine
  • LLM-based logic drift detection
  • Human-in-the-loop approvals
  • Dashboard UI for trace analysis
  • Slack/Teams integration
  • Multi-LLM judge support (Claude, Gemini)
  • gRPC support for lower latency
  • Policy versioning & rollback
  • Custom webhook integrations
  • SOC2 compliance toolkit

๐Ÿค Contributing

We're looking for design partners running agents in:

  • ๐Ÿฆ Fintech
  • โš–๏ธ Legal
  • ๐Ÿฅ Healthcare
  • ๐Ÿ”ง DevOps

Want to help build the standard for AI reliability?

  1. Fork the repo
  2. Create a feature branch (git checkout -b feature/amazing-safety-check)
  3. Commit your changes (git commit -m 'Add amazing safety check')
  4. Push to the branch (git push origin feature/amazing-safety-check)
  5. Open a Pull Request

See CONTRIBUTING.md for detailed guidelines.


๐Ÿ› Troubleshooting

Server won't start

# Check if port 8000 is in use
lsof -i :8000  # Mac/Linux
netstat -ano | findstr :8000  # Windows

# Use a different port
uvicorn main:app --port 8001

OpenAI API errors

# Verify your key is set
echo $OPENAI_API_KEY  # Mac/Linux
echo $env:OPENAI_API_KEY  # Windows

# Check your OpenAI quota
curl https://api.openai.com/v1/models \
  -H "Authorization: Bearer $OPENAI_API_KEY"

Timeout errors

# Increase timeout in SDK
fw = FailWatchSDK(timeout=10)  # seconds

๐Ÿ“„ License

MIT License - see LICENSE for details.


๐Ÿ™ Acknowledgments

Built with:


๐Ÿ“ž Support


Built with โค๏ธ for the AI safety community

โญ Star us on GitHub โ€ข ๐Ÿ“– Documentation โ€ข ๐Ÿš€ Get Started

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

failwatch-0.1.0.tar.gz (18.4 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

failwatch-0.1.0-py3-none-any.whl (9.5 kB view details)

Uploaded Python 3

File details

Details for the file failwatch-0.1.0.tar.gz.

File metadata

  • Download URL: failwatch-0.1.0.tar.gz
  • Upload date:
  • Size: 18.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.10.11

File hashes

Hashes for failwatch-0.1.0.tar.gz
Algorithm Hash digest
SHA256 7cfa771d6b148d29d248cbecac7fdd47b6a2472b070bd41a9b2148aedc626a45
MD5 69667aaab5301eb71b8af376485071f1
BLAKE2b-256 ed883e45989a940b664d9ec6ffb7c02ffe8072db6d382b0cf3ddc3060ec6907a

See more details on using hashes here.

File details

Details for the file failwatch-0.1.0-py3-none-any.whl.

File metadata

  • Download URL: failwatch-0.1.0-py3-none-any.whl
  • Upload date:
  • Size: 9.5 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.10.11

File hashes

Hashes for failwatch-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 5344ecbac6579ce6ed5e62c9a0543686ec6003d46256b16a395aa367d4b76bb5
MD5 fa003cd21852002786dce6ab2246680a
BLAKE2b-256 e7eda91985abbebdd1164ec0276899fb50ac732b861bb331b2ed9c643d627ab9

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page