Runtime AI governance SDK — intercept, evaluate, and enforce compliance policies on LLM and agent tool calls.
Project description
Don't ship AI you can't govern.
Runtime policy enforcement for LLM applications.
One SDK. Every call intercepted. Full audit trail. EU AI Act ready.
Get Started | Why Overrule | Docs | Website
Get Started
pip install overrule[openai] # OpenAI only
pip install overrule[anthropic] # Anthropic only
pip install overrule[all] # Both providers
from overrule import Guard
async with Guard() as guard:
response = await guard.chat(
model="gpt-4o",
messages=[{"role": "user", "content": user_input}],
policies=["pii-detection", "injection-detection"],
)
That's it. Every call is now scanned for PII and injection attacks, violations are blocked before reaching users, and a structured event is shipped to your audit trail.
Why
|
Without Overrule
|
With Overrule
|
How It Works
Your App ──▶ Guard ──▶ Policy Engine ──▶ LLM Provider
│ │
│ ▼
BLOCK / LOG Response
│ │
▼ ▼
Violation raised Event shipped (async)
│
▼
Cloud Dashboard
Zero latency on the hot path. Policies evaluate locally in <1ms. Telemetry ships asynchronously in the background. Your application never waits on governance.
Features
Governance
- Intercept + evaluate every LLM input and output
- Block, log, or pass based on policy outcome
- Structured violation events with full context
Policies
pii-detection— credit cards, SSN, email, phone, IBAN, passport, IPv4injection-detection— 8 prompt injection + 5 SQL injection patterns- Custom policies via
BasePolicy— ship your own in minutes
Production-grade resilience
- Fail-open by default — SDK errors never crash your application
- Circuit breaker (opens after 5 failures, 30s cooldown)
- Bounded buffer (10K events max), graceful shutdown flush
- Exponential backoff with jitter on transport failures
Compliance
- Maps directly to EU AI Act Articles 13, 14, 15
- Exportable telemetry for auditors
- Enforcement begins August 2, 2026 — fines up to €35M / 7% revenue
More Examples
Protect any function with a decorator
from overrule import Guard, PolicyAction
guard = Guard()
@guard.protect(policies=["injection-detection"], action=PolicyAction.BLOCK)
async def query_database(sql: str) -> str:
return await db.execute(sql)
Synchronous API
from overrule import SyncGuard
with SyncGuard() as guard:
response = guard.chat(model="gpt-4o", messages=messages)
Standalone evaluation (no LLM call)
result = await guard.evaluate("My SSN is 123-45-6789", policies=["pii-detection"])
result.passed # False
result.violations # [Violation(policy_id="pii-detection", pattern="ssn", ...)]
Multi-provider support
# OpenAI
await guard.chat(model="gpt-4o", messages=[...], provider="openai")
# Anthropic
await guard.chat(model="claude-sonnet-4-20250514", messages=[...], provider="anthropic")
Same governance. Same audit trail. Swap providers without touching policy logic.
Custom policy
from overrule.policies.base import BasePolicy, PolicyResult
from overrule.models.violation import Violation
class TopicRestriction(BasePolicy):
policy_id = "topic-restriction"
def evaluate(self, content: str, *, direction: str = "input") -> PolicyResult:
if "medical advice" in content.lower():
return PolicyResult(
passed=False,
violations=[Violation(
policy_id=self.policy_id,
severity="high",
description="Medical advice is restricted",
)],
)
return PolicyResult(passed=True, violations=[])
guard.register_policy(TopicRestriction)
Configuration
OVERRULE_API_KEY=sk_ovr_xxxxx
OVERRULE_ENDPOINT=https://overrule.dev/api/v1
OVERRULE_ENVIRONMENT=production
OVERRULE_FAIL_OPEN=true
OVERRULE_BATCH_SIZE=50
OVERRULE_FLUSH_INTERVAL=5.0
Or programmatic:
guard = Guard(config=GuardConfig.from_env(api_key="sk_ovr_xxxxx", fail_open=True))
Performance
| Policy evaluation | <1ms |
| Network calls on hot path | 0 |
| Buffer capacity | 10,000 events |
| Test suite | 78 tests passing |
| Python | 3.10 · 3.11 · 3.12 · 3.13 · 3.14 |
Security
- API keys are never exposed in
repr(),str(), or serialized output - PII redaction shows only last 4 characters (no BIN/prefix leakage)
- Content truncation emits a warning when policy evaluation is partial
- Config values are bounds-validated (batch_size, flush_interval, etc.)
- PEP 561 compliant (
py.typedmarker for downstream type checking) - Fail-open design ensures SDK errors never crash your application
Roadmap
- Core Guard with fail-open architecture
- PII + Injection detection policies
- Async + Sync APIs
- Multi-provider (OpenAI + Anthropic)
- Custom policy engine
- Cloud dashboard with real-time enforcement data
- Event ingestion API (
POST /api/v1/events) - Streaming interception
- LangChain / CrewAI / OpenAI Agents SDK integrations
- Rust core for <100μs evaluation
Development
git clone https://github.com/overruledev/overrule-python.git && cd overrule-python
pip install -e ".[dev]"
pytest && ruff check . && mypy overrule/
License
MIT
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file overrule-0.1.0.tar.gz.
File metadata
- Download URL: overrule-0.1.0.tar.gz
- Upload date:
- Size: 28.6 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.4
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
0312a5150af5c138f31b85196b5953bc819654105b647fd338924142e6c8d7ae
|
|
| MD5 |
7041f8a84ad1631e6af395e3a7ebc97d
|
|
| BLAKE2b-256 |
6cf8fe28969c6559a335cf06c561651f146281046788d63cc8afca413f9499e3
|
File details
Details for the file overrule-0.1.0-py3-none-any.whl.
File metadata
- Download URL: overrule-0.1.0-py3-none-any.whl
- Upload date:
- Size: 25.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.4
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
f84aae1a91b64cff3c1269e22953edad172fa45487f70d4d0c458eccb1261203
|
|
| MD5 |
23556e0ce980fa63563e00035a1f2fba
|
|
| BLAKE2b-256 |
b882bee3fa23c7ad6b1605bce5bb899600594573031520aaa561438083be198a
|