Skip to main content

Deterministic guardrails for AI agents. Your agent follows your rules. Always.

Project description

savants-guard

Deterministic guardrails for AI agents. Block dangerous actions, suggest alternatives, rewrite commands, enforce spend limits.

pip install savants-guard

Quick start

from savants_guard import create_guard

guard = create_guard([
    "when action contains 'delete' and env eq 'production' then block",
    "when spend gt 100 then require_approval",
])

result = guard.check({"action": "delete_database", "env": "production"})
print(result.blocked)  # True
print(result.rule)     # "when action contains 'delete'..."

Action types

Rules end with an action. Four actions available, from soft to hard:

guard = create_guard([
    "when command contains 'chmod 777' then suggest 'Use chmod 755 for directories'",
    "when command contains 'git push --force' then rewrite 'git push --force-with-lease'",
    "when command contains 'npm publish' then ask 'Publishing is permanent'",
    "when command contains 'rm -rf /' then block",
])
Action result.blocked result.allowed result.suggestion
suggest 'msg' False False The alternative suggestion
rewrite 'cmd' False False The replacement command
ask 'reason' False False The reason for approval
block True False None
(no match) False True None

GuardResult fields

guard.check() returns a GuardResult with:

  • blockedTrue for block and require_approval
  • allowedTrue only when no rule matched
  • action"block", "suggest", "rewrite", "ask", "require_approval", or None
  • suggestion — message from suggest, replacement from rewrite, or reason from ask
  • rule — the DSL rule that matched, or None
  • context — the context dict you passed in

Presets

from savants_guard import production_safety, spend_limit, business_hours, deploy_safety

guard = production_safety()       # blocks delete/terminate/drop in production
guard = spend_limit(100)          # blocks amount/spend/cost over 100
guard = business_hours()          # blocks actions on Saturday/Sunday
guard = deploy_safety()           # blocks risky Friday deploys

Wrap decorator

Protect functions with @guard.wrap — raises GuardError when blocked:

from savants_guard import create_guard, GuardError

guard = create_guard(["when action contains 'delete' then block"])

@guard.wrap
def dangerous_action(**kwargs):
    return "executed"

try:
    dangerous_action(action="delete_db")
except GuardError as e:
    print(e.rule)          # "when action contains 'delete' then block"
    print(e.guard_action)  # "block"

Runtime rule management

guard = create_guard([])

guard.add_rule("when action contains 'delete' then block")
print(guard.list_rules())  # ["when action contains 'delete' then block"]

guard.check({"action": "delete"})
guard.check({"action": "read"})
print(guard.get_log())     # [{timestamp, context, result}, ...]

Rule evaluation

First match wins. Rules evaluate in order. Put softer rules before harder ones:

guard = create_guard([
    "when action eq 'deploy' then suggest 'Use staging first'",  # fires first
    "when action eq 'deploy' then block",                        # never reached
])

DSL operators

eq, neq, gt, gte, lt, lte, contains, not_contains, starts_with, ends_with, matches, in, not_in, is_true, is_false, is_empty, is_not_empty

Combine with and / or:

"when action contains 'delete' and env eq 'production' then block"
"when env eq 'staging' or env eq 'development' then allow"

Framework integrations

Same guard, any framework. Install the framework, import the integration:

LangChain

from savants_guard import create_guard
from savants_guard.integrations import langchain_callback

guard = create_guard(["when action contains 'delete' then block"])
handler = langchain_callback(guard)

# Add to any LangChain agent
agent.invoke(input, config={"callbacks": [handler]})

CrewAI

from savants_guard import create_guard
from savants_guard.integrations import crewai_hook

guard = create_guard(["when action contains 'delete' then block"])
crewai_hook(guard)  # registers globally as @before_tool_call

OpenAI Agents SDK

from savants_guard import create_guard
from savants_guard.integrations import openai_tool_guardrail

guard = create_guard(["when action contains 'delete' then block"])
guardrail = openai_tool_guardrail(guard)

@function_tool(tool_input_guardrails=[guardrail])
def delete_user(user_id: str) -> str:
    ...

No framework dependency required. Integrations import the framework only when called. If the framework isn't installed, you get a clear error message.

Links

License

MIT

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

savants_guard-0.4.0.tar.gz (21.0 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

savants_guard-0.4.0-py3-none-any.whl (14.6 kB view details)

Uploaded Python 3

File details

Details for the file savants_guard-0.4.0.tar.gz.

File metadata

  • Download URL: savants_guard-0.4.0.tar.gz
  • Upload date:
  • Size: 21.0 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for savants_guard-0.4.0.tar.gz
Algorithm Hash digest
SHA256 cd278022cd95da1652a76185759ac8a3d2522f7ba88f861b5af546758c54b77a
MD5 c769f9b330bcb61a85886642554bb2c1
BLAKE2b-256 2e6b68f939141e7e3516ea44af7a2fd7909057aeb32a6fc68b2c37abef2f89f9

See more details on using hashes here.

File details

Details for the file savants_guard-0.4.0-py3-none-any.whl.

File metadata

  • Download URL: savants_guard-0.4.0-py3-none-any.whl
  • Upload date:
  • Size: 14.6 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for savants_guard-0.4.0-py3-none-any.whl
Algorithm Hash digest
SHA256 9214c3838071cba62099e038ae90e8c4a148d5dc391cc4d5c4f7ca0b31255c7d
MD5 056dda92d08d1a01665389217cdaadac
BLAKE2b-256 ad0e2590709c9acd132bcda44a601145ea41a66a4a77c19bd8e3053b187be9b4

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page