Policy engine for governing AI agent tool execution.
Project description
Guardian Angel
A lightweight Python SDK for governing AI agent tool execution.
Guardian Angel intercepts agent actions, evaluates policy, and returns allow, deny, or require_approval — before the tool runs.
Install
pip install guardian-angel
# optional CLI
pip install guardian-angel[cli]
Quickstart
# policy.yaml
rules:
- name: block_risky_delete
tool: resource.delete
decision: deny
all:
- key: resource.environment
op: eq
value: prod
- key: context.risk_level
op: eq
value: high
from guardian_angel import GuardianAngel, ActionRequest
guard = GuardianAngel.from_yaml("policy.yaml")
decision = guard.authorize(
ActionRequest(
tool="resource.delete",
attributes={
"resource.environment": "prod",
"context.risk_level": "high",
},
)
)
print(decision.status) # "deny"
First matching rule wins. No match → allow.
CLI
guardian-angel evaluate policy.yaml request.json
guardian-angel evaluate policy.yaml request.json --explain
guardian-angel --verbose evaluate policy.yaml request.json
guardian-angel --version
--explain prints the matched rule and reason. --verbose adds input context.
Features
- Predicate rules —
when,all,any,notwith operators (eq,ne,in,not_in,contains,gt,gte,lt,lte, …) - Cross-field comparison —
value_fromto compare one attribute against another - Tool decorator —
@guard.tool(name="...")for automatic policy enforcement - YAML or Python — define rules in files or construct
Ruleobjects in code - CLI — evaluate policies from the command line with colored output
See examples/ for more.
How It Works
Agent tool call → ActionRequest → GuardianAngel.authorize() → Decision
Roadmap
- v0.1 — Local policy evaluation, YAML rules, decorator
- v0.2 — Stronger validation, policy linting
- v0.3 — CLI with
evaluate,--explain,--verbose(current) - v0.4 — Framework adapters (LangGraph, OpenAI, CrewAI)
- v0.5+ — Remote policy sources, audit sinks, approval stores
License
MIT
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file guardian_angel-0.3.0.tar.gz.
File metadata
- Download URL: guardian_angel-0.3.0.tar.gz
- Upload date:
- Size: 22.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.10.7 {"installer":{"name":"uv","version":"0.10.7","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"macOS","version":null,"id":null,"libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
bd77b33ad68d4d64439b0dd06be2f28e9c76dea00223287e0725a692b54afa77
|
|
| MD5 |
831644ad858d94337780a6a53d1da8f5
|
|
| BLAKE2b-256 |
32ecac159ef1e390f48f179a9832424f0f5e064a0bbc06467fb814c2577f9ca8
|
File details
Details for the file guardian_angel-0.3.0-py3-none-any.whl.
File metadata
- Download URL: guardian_angel-0.3.0-py3-none-any.whl
- Upload date:
- Size: 14.7 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.10.7 {"installer":{"name":"uv","version":"0.10.7","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"macOS","version":null,"id":null,"libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
ad43f139a4ea847bd12174c00385b8a99bd6e43dbe64851e7906770f492c52a5
|
|
| MD5 |
12e9a5d554d8a5176b609b2a871f63dc
|
|
| BLAKE2b-256 |
99a0569ba7607df51b7e8b1e3ff9528ed6f40da15af865449113a122b925dbf8
|
