raxit-sdk 0.1.2

RAXIT SDK - Runtime AI eXecution Integrity & Trust

RAXIT SDK

Runtime AI eXecution Integrity & Trust - Security scanning SDK for AI agent applications.

Overview

RAXIT SDK is a static analysis tool that scans AI agent codebases and generates an Agent Assets Schema for security analysis, compliance checking, and runtime enforcement. It implements the A2AS (Agentic AI Runtime Security) framework developed collaboratively by AWS, Google, Meta, Cisco, and other major tech companies.

Features

• 12+ Framework Extractors: LangGraph, CrewAI, AutoGen, Swarm, PydanticAI, LlamaIndex, Google ADK, and more
• Security Analysis: Semgrep/CodeQL rules for trust boundary detection
• CaMeL Provenance: Agent asset metadata with data flow tracking
• CLI Tools: raxit init, raxit migrate, raxit status
• Incremental Scanning: xxhash-based cache for fast re-scans
• Trust Boundary Detection: Meta's "Rule of Two" compliance checking
• Graph Topology Extraction: Complete LangGraph structure analysis

Installation

Python (TestPyPI - Beta)

pip install -i https://test.pypi.org/simple/ raxit-sdk

TypeScript/Node.js (npm - Beta)

npm install @raxit/raxit@beta

Rust (crates.io)

[dependencies]
raxit-core = "0.1"

From Source (Development)

Using UV (recommended):

cd src/ai-security-sdk
uv venv
uv pip install -e ".[dev]"

Using pip:

pip install -e ".[dev]"

Quick Start

# Scan your agent project
cd /path/to/your/agent/project
raxit init

# View generated assets
cat .raxit/assets.yaml

Usage

Scanning a Project

raxit init [directory] --output .raxit/assets.yaml

Options:

• --output / -o: Output file path (default: .raxit/assets.yaml)
• --format: Output format (yaml or json, default: yaml)
• --workers: Number of parallel workers for scanning
• --incremental: Enable incremental scanning with cache
• --sign: Sign the schema with HMAC-SHA256
• --detect-trust: Enable trust boundary detection

Schema Migration

raxit migrate .raxit/assets.yaml --target-version 0.8.0

Status Check

raxit status

Shows tool version, dependencies, and configuration.

Architecture

raxit_sdk/
├── cli/          # Command-line interface
├── parser/       # AST parsing and framework extractors
│   ├── extractors/   # Framework-specific extractors (12+ frameworks)
│   └── analyzers/    # Cross-cutting analysis (secrets, networks, memory, etc.)
├── schema/       # Pydantic models for Agent Assets Schema
├── trust/        # Security analysis (Semgrep, CodeQL, Joern)
├── decorators/   # Trust decorators for agent code
└── integrity/    # Cryptographic signing and verification

Supported Frameworks

The SDK can extract agent metadata from these frameworks:

• LangGraph - StateGraph, nodes, edges, conditional routing
• CrewAI - Agents, tasks, crews, pipelines
• AutoGen - Agents, tools, group chats
• OpenAI Agents - Agent SDK
• Swarm - Multi-agent orchestration
• PydanticAI - Type-safe agents
• LlamaIndex - FunctionAgent, ReActAgent
• Google ADK - Sequential/parallel/loop agents
• n8n - Workflow automation (JSON)
• AgentChat - Conversational agents
• Strands - Custom framework
• Generic - Custom agent implementations

Examples

See examples/ directory for sample agent projects across multiple frameworks:

• examples/langgraph/ - LangGraph examples
• examples/crewai/ - CrewAI examples
• examples/custom/ - Custom agent implementations
• And more...

Development

Running Tests

# All tests
uv run pytest tests/ -v

# Specific test suite
uv run pytest tests/test_extractors/ -v
uv run pytest tests/test_integration/ -v

Code Quality

# Lint
uv run ruff check raxit_sdk/

# Type check
uv run mypy raxit_sdk/

Trust Boundary Analysis

RAXIT implements Meta's "Rule of Two" for trust boundary detection:

A component is non-compliant if it has ALL three properties:

• [A] Processes untrusted input
• [B] Has sensitive access (credentials, data, systems)
• [C] Performs external actions (network, files, processes)

Use raxit init --detect-trust to enable this analysis. Requires Semgrep and optionally Joern for deep taint analysis.

Agent Assets Schema

The generated schema includes:

• Manifest: Metadata about the scan
• Agents: AI agents with roles, tools, and models
• Tools: Functions and capabilities
• Models: LLM configurations
• Graphs: LangGraph topologies
• DataFlows: CaMeL provenance tracking
• Networks: External API endpoints
• Memory: Vector stores and databases
• Secrets: Detected credentials (names only)
• Boundaries: Trust boundary analysis
• Guardrails: Security controls
• Audit: Security findings

License

Proprietary - raxIT Labs

Contact

For questions and support: engineering@raxit.io