Policy engine for governing AI agent tool execution.
Project description
GuardianAngel
A lightweight Python SDK for governing AI agent tool execution.
GuardianAngel intercepts agent actions, evaluates policy, and decides whether they should be allowed, denied, or require approval — before the tool runs.
Install
pip install guardian-angel
Quickstart
Define rules in YAML:
# policy.yaml
rules:
- name: block_risky_delete
tool: resource.delete
decision: deny
all:
- key: resource.environment
op: eq
value: prod
- key: context.risk_level
op: eq
value: high
Enforce them in Python:
from guardian_angel import GuardianAngel, ActionRequest
guard = GuardianAngel.from_yaml("policy.yaml")
decision = guard.authorize(
ActionRequest(
tool="resource.delete",
attributes={
"resource.environment": "prod",
"context.risk_level": "high",
},
)
)
print(decision.status) # "deny"
Rules are evaluated top to bottom, first match wins. If no rule matches, the default decision is allow.
Features
- Attribute matching — exact match on
attributesfields. - Predicate rules —
when,all,any,notwith operators (eq,ne,in,not_in,contains,gt,gte,lt,lte, …). - Cross-field comparison —
value_fromto compare one request field against another. - Tool decorator —
@guard.tool(name="resource.delete")to enforce policy automatically on Python functions. - YAML or Python — define rules in YAML files or construct
Ruleobjects in code.
See examples/ for more.
How It Works
Agent tool call
↓
ActionRequest(tool, attributes, request_id?)
↓
GuardianAngel.authorize(request)
↓
Decision (allow / deny / require_approval)
Roadmap
- v0.1 — Local policy evaluation, YAML rules, decorator
- v0.2 — Stronger validation, policy linting, documented adapter conventions (current)
- v0.3 —
guardian-angel simulateCLI, policy testing - v0.4 — Lightweight framework adapters (LangGraph, OpenAI, CrewAI)
- v0.5+ — Remote policy sources, audit sinks, approval stores
License
MIT
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file guardian_angel-0.2.1.tar.gz.
File metadata
- Download URL: guardian_angel-0.2.1.tar.gz
- Upload date:
- Size: 19.6 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.10.7 {"installer":{"name":"uv","version":"0.10.7","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"macOS","version":null,"id":null,"libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
5700abef28dc9a8e9d9295324d27c815adcb2098e1c0d300aece103f3d146d8a
|
|
| MD5 |
68a129b53bac5184cef5d4ee140569b1
|
|
| BLAKE2b-256 |
1655adbc1d1711e7db04002d1ffb65081a9ff0d5596f25525b2bf12bc52237c4
|
File details
Details for the file guardian_angel-0.2.1-py3-none-any.whl.
File metadata
- Download URL: guardian_angel-0.2.1-py3-none-any.whl
- Upload date:
- Size: 11.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.10.7 {"installer":{"name":"uv","version":"0.10.7","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"macOS","version":null,"id":null,"libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
130be12071c54b9ba0aad757507aea85e36d20e4d1e3b8ed1419edaf9d5dac6e
|
|
| MD5 |
789c0d14e96a0e9db0b0a5762925f959
|
|
| BLAKE2b-256 |
5afa72b5db6ac7e23bcbd22acf1fbbbe26701b9a63af4c8b3fb5cf8142066174
|
