Agentic AI audits for tool-use, memory, permissions, and prompt injection
Project description
rai-audit-agents
Agentic AI audits for tool use, memory, permissions, and prompt injection delivered through tools, retrieval, email, or webpages.
Checks also cover instruction poisoning persisted into agent memory and bounded tool-execution budgets. Agent findings include OWASP Agentic Top 10 2026 mappings where applicable.
Additional controls cover tool arguments, scoped identities, credential propagation, MCP/tool manifests, recursion and retry limits, stop signals, reversible high-impact actions, authenticated handoffs, and delegated permissions. Reports include an explicit OWASP Agentic Top 10 2026 evidence map.
Trace Schema
The canonical versioned JSON schema follows the current OpenTelemetry GenAI operation vocabulary.
New traces should set "schema_version": "1.0"; unversioned traces are migrated
during loading:
invoke_agent, invoke_workflow, execute_tool, and retrieval. Events emit aligned
attributes such as gen_ai.agent.name, gen_ai.tool.name, and
gen_ai.data_source.id.
OpenTelemetry currently marks its GenAI agent conventions as Development, so the
schema preserves a general attributes mapping alongside stable audit fields.
CLI
rai-audit agents run \
--trace packages/rai-audit-agents/examples/customer_support_trace.json \
--allowed-tools lookup_order \
--format html
Python API
from rai_audit.agents import AgentAudit, load_trace
trace = load_trace("packages/rai-audit-agents/examples/customer_support_trace.json")
report = AgentAudit(trace, allowed_tools=["lookup_order"], persist=False).run()
Framework Adapters
Adapters normalize captured records without requiring framework installations:
from rai_audit.agents import (
adapt_autogen_messages,
adapt_langgraph_events,
adapt_openai_agents_trace,
adapt_otel_spans,
)
References:
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file rai_audit_agents-0.1.8.tar.gz.
File metadata
- Download URL: rai_audit_agents-0.1.8.tar.gz
- Upload date:
- Size: 17.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
d355301232298e7ea3285bf3b10686ddbe4444c423ff4fd915b6669e07a64f79
|
|
| MD5 |
1a698a73c791d31ff787429cee12d54f
|
|
| BLAKE2b-256 |
67cb796f00d17862dc3f3780b964818f465c3148dba426e55eae1d8bb77fa762
|
Provenance
The following attestation bundles were made for rai_audit_agents-0.1.8.tar.gz:
Publisher:
publish.yml on SaiTeja-Erukude/rai-audit
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
rai_audit_agents-0.1.8.tar.gz -
Subject digest:
d355301232298e7ea3285bf3b10686ddbe4444c423ff4fd915b6669e07a64f79 - Sigstore transparency entry: 1686250324
- Sigstore integration time:
-
Permalink:
SaiTeja-Erukude/rai-audit@765d806641dfb84532bfe7781e171f85ba80c1c5 -
Branch / Tag:
refs/tags/rai-audit-agents-v0.1.8 - Owner: https://github.com/SaiTeja-Erukude
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@765d806641dfb84532bfe7781e171f85ba80c1c5 -
Trigger Event:
push
-
Statement type:
File details
Details for the file rai_audit_agents-0.1.8-py3-none-any.whl.
File metadata
- Download URL: rai_audit_agents-0.1.8-py3-none-any.whl
- Upload date:
- Size: 18.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
fa5f0c2ffb38232ff8ee27e02c1fc885ab5a55380cc308c1c951687aacc6b2e3
|
|
| MD5 |
67dfd00f9fcd6f186d442caed6dee2e3
|
|
| BLAKE2b-256 |
c526e6b340500b1b55350e62382c0587d6ed136ea1747011b51300c08d6df163
|
Provenance
The following attestation bundles were made for rai_audit_agents-0.1.8-py3-none-any.whl:
Publisher:
publish.yml on SaiTeja-Erukude/rai-audit
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
rai_audit_agents-0.1.8-py3-none-any.whl -
Subject digest:
fa5f0c2ffb38232ff8ee27e02c1fc885ab5a55380cc308c1c951687aacc6b2e3 - Sigstore transparency entry: 1686250498
- Sigstore integration time:
-
Permalink:
SaiTeja-Erukude/rai-audit@765d806641dfb84532bfe7781e171f85ba80c1c5 -
Branch / Tag:
refs/tags/rai-audit-agents-v0.1.8 - Owner: https://github.com/SaiTeja-Erukude
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@765d806641dfb84532bfe7781e171f85ba80c1c5 -
Trigger Event:
push
-
Statement type:
