sector8-sdk 1.0.2

Python SDK for Sector8 AI telemetry, alerts, and MCP guard installation

Sector8 SDK

Python SDK for sending AI telemetry and security events to Sector8.

Sector8 is an execution-boundary security platform for AI systems. The production Guard Module is live at https://sdkapi.sector8.ai.

What this package is for

Use sector8-sdk when you want to:

• send telemetry for LLM calls to Sector8
• emit threat alerts and incident logs from your application
• install the Sector8 MCP guard helper into a local project

This package is intentionally simple. The paid wedge is the live guard and decision service, not a large client-side framework.

Installation

pip install sector8-sdk

Optional extras:

pip install sector8-sdk[openai]
pip install sector8-sdk[anthropic]
pip install sector8-sdk[google]
pip install sector8-sdk[all]

Quick start

Set your credentials:

export SECTOR8_API_KEY="your-api-key"
export SECTOR8_CLIENT_ID="your-client-id"

Send telemetry:

import sector8

client = sector8.setup(
    api_key="your-api-key",
    client_id="your-client-id",
)

client.log_llm_call(
    provider="openai",
    model="gpt-4o",
    tokens=150,
    cost=0.003,
    latency_ms=800,
    prompt="Summarize this contract.",
    completion="Here is the summary...",
)

Protect an action before execution:

decision = await client.evaluate(
    "bash",
    {"command": "git status"},
    caller_id="developer-1",
    role="developer",
    session_id="customer-onboarding-1",
)

if decision.allowed:
    run_the_action()
else:
    audit_log(decision.reason_code, decision.decision_trace_id)

A policy DENY is returned as a normal decision artifact. Authentication, scope, validation, transport, and malformed-response failures raise SDK errors. Never execute an action unless decision.allowed is True.

You can also call the async methods directly:

import asyncio
import sector8


async def main() -> None:
    client = sector8.setup(api_key="your-api-key", client_id="your-client-id")
    await client.save_telemetry(
        provider="openai",
        model="gpt-4o",
        prompt="Classify this email",
        completion="Likely phishing",
        tokens_used=240,
        latency_ms=620,
        cost=0.0048,
        success=True,
        metadata={"route": "inbound-mail"},
    )
    await client.close()


asyncio.run(main())

Threat alerts and incidents

import sector8

client = sector8.setup(api_key="your-api-key", client_id="your-client-id")
client.alert_threat("prompt_injection", severity="High", description="Jailbreak attempt detected")
client.log_incident("Sensitive file request denied", severity="high", classification="policy_deny")

MCP guard helper

This package also ships a small CLI for installing the Sector8 guard MCP entry into a project:

sector8-guard install
sector8-guard version

The installer writes .claude/settings.json entries that point at the repo-local MCP stdio server and pass through:

• SECTOR8_API_KEY
• SECTOR8_CLIENT_ID

Runtime endpoints used by this SDK

• Production API: https://sdkapi.sector8.ai
• Telemetry ingest: POST /api/v1/telemetry
• Threat alerts: POST /api/v1/threat-alerts
• Incident logs: POST /api/v1/incident-logs

Secure host configuration

The SDK uses https://sdkapi.sector8.ai by default and treats endpoint as the preferred configuration field. The legacy base_url alias is still accepted for compatibility.

• plain HTTP is rejected by default
• arbitrary remote hosts other than sdkapi.sector8.ai are rejected by default
• endpoint values with /api/... paths, query strings, or fragments are rejected by default
• local or mock testing requires explicit opt-in

client = sector8.setup(
    api_key="your-api-key",
    endpoint="http://localhost:9876",
    unsafe_endpoint=True,
)

Use unsafe_endpoint=True only for deliberate local or test use. The older allow_unsafe_base_url=True option remains available as a compatibility alias.

Links

• Homepage: https://sector8.ai
• Production API: https://sdkapi.sector8.ai
• Dashboard: https://app.sector8.ai
• Repository: https://github.com/sector8-ai/sector8-sdk-python

Development notes

This package targets Python 3.8+ and is published as sector8-sdk on PyPI.

Verify a new customer connection

$env:SECTOR8_API_KEY = "<one-time-reveal-runtime-key>"
$env:SECTOR8_CLIENT_ID = "<client-id>"
$env:SECTOR8_ENDPOINT = "https://stgsdkapi.sector8.ai" # omit for production
$env:SECTOR8_UNSAFE_ENDPOINT = "true" # required for deliberate staging use
sector8-verify

The verifier submits safe simulated actions only. It confirms one ALLOW, one DENY, and the canonical decision artifact fields without printing credentials or request payloads.

Never use production credentials with staging, local, or other unsafe endpoints. Never share a one-time reveal key. A successful run prints one ALLOW trace, one DENY trace, and Staging onboarding smoke passed.

Exit	Meaning
0	Verification passed
2	Missing or invalid configuration
3	Endpoint/network unavailable
4	Malformed or unexpected decision contract
5	Authentication failed or key lacks scope