SecureVector SDK for LangChain — brings the local threat monitor's three controls (tool-call permissions, secret/data-leak detection, threat detection) to every LangChain tool call, with tamper-evident audit logging.
Project description
SecureVector SDK for LangChain
Bring the SecureVector local threat monitor's three controls — tool-call permissions, secret / data-leak detection, and threat detection — to every LangChain tool call, with tamper-evident audit logging. One import.
pip install securevector-sdk-langchain
📦 One install — batteries included.
pip install securevector-sdk-langchainalso installs the local SecureVector app (securevector-ai-monitor): the adapter and the detection engine + tamper-evident audit chain arrive in a singlepip install. The SDK is a thin interception layer — the app must be running locally (securevector-app --web) for it to do anything.
Quick start
Enforcement (recommended) — the documented wrap_tool_call middleware,
which can cleanly block a tool before it runs:
from securevector_sdk_langchain import secure_middleware
from langchain.agents import create_agent
agent = create_agent(
model, tools,
middleware=[secure_middleware(mode="enforce")],
)
A denied tool is short-circuited with a ToolMessage (the model sees a clean
"blocked by policy" result) — no exceptions, no crashed runs.
Observe-only logging for legacy AgentExecutor / raw LCEL chains, where the
middleware surface isn't available:
from securevector_sdk_langchain import SecureVectorCallbackHandler
chain.invoke(payload, config={"callbacks": [SecureVectorCallbackHandler()]})
Why two paths? LangChain callbacks are an observability surface — they cannot reliably block a tool call. The
wrap_tool_callmiddleware is the documented interception/short-circuit point, so enforcement lives there.
What happens on every tool call
Before a tool runs, the SDK:
- (a) Permissions — resolves an allow/block verdict for the tool, using the app's own precedence: cloud-pushed synced policy → local override → essential registry → default-allow.
- (b)+(c) Secret & threat scan — sends the serialized tool input through the
app's
/analyzepipeline.
After the tool returns, the result is scanned the same way to catch secrets /
exfiltration in tool output. Every decision is written to the app's audit chain
tagged runtime_kind="langchain".
observe vs enforce
| local app reachable | local app unreachable | |
|---|---|---|
| observe (default) | log + advisory verdict; tool always runs | tool runs (fail-open) |
| enforce (opt-in) | tool runs only if the verdict ≠ block | tool denied (fail-closed) |
agent = create_agent(model, tools, middleware=[secure_middleware(mode="enforce")])
Enforce mode prints a one-time disclosure to stderr. (Enforcement requires the middleware path; the observe-only callback handler always runs in observe mode.)
Configuration
All optional, via env or install(...) kwargs:
| Env var | Default | Meaning |
|---|---|---|
SECUREVECTOR_SDK_APP_URL |
http://127.0.0.1:8741 |
local app base URL |
SECUREVECTOR_SDK_MODE |
observe |
observe or enforce |
SECUREVECTOR_SDK_TIMEOUT_MS |
3000 |
per-call verdict timeout |
SECUREVECTOR_SDK_RISK_THRESHOLD |
70 |
risk score that blocks in enforce mode |
SECUREVECTOR_SDK_DISABLED |
(unset) | set truthy to no-op |
Compliance
The tool-call-level, attributed, tamper-evident audit trail this produces is exactly the action-layer logging auditors ask for under EU AI Act Art. 12 / 15. This SDK produces the local evidence; the cloud governance surface turns it into an auditor-ready pack.
Trademarks
SecureVector is the product name of this SDK. LangChain and LangGraph are trademarks of LangChain, Inc. This is an independent, community SDK that integrates with LangChain via its public callback API. It is not affiliated with, sponsored by, or endorsed by LangChain, Inc. The name uses "langchain" only descriptively, to identify the framework this package works with (nominative fair use).
License
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file securevector_sdk_langchain-1.0.0.tar.gz.
File metadata
- Download URL: securevector_sdk_langchain-1.0.0.tar.gz
- Upload date:
- Size: 22.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
3722b61153ca38f535da2260a3bcdf6ac7a03a66aa1ebf3d1c2eb42698c630d7
|
|
| MD5 |
045c48745925de4907bf1e178a2e32a9
|
|
| BLAKE2b-256 |
31f2eea5526a1c4177b4f8945ec8c18c65871b8d11cc1da6c668baf198c9f404
|
Provenance
The following attestation bundles were made for securevector_sdk_langchain-1.0.0.tar.gz:
Publisher:
release.yml on Secure-Vector/securevector-sdk-langchain
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
securevector_sdk_langchain-1.0.0.tar.gz -
Subject digest:
3722b61153ca38f535da2260a3bcdf6ac7a03a66aa1ebf3d1c2eb42698c630d7 - Sigstore transparency entry: 1877770320
- Sigstore integration time:
-
Permalink:
Secure-Vector/securevector-sdk-langchain@f0d3a6c1a6ffe6bad6c0a679909a4ed6a87669d9 -
Branch / Tag:
refs/tags/v1.0.0 - Owner: https://github.com/Secure-Vector
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@f0d3a6c1a6ffe6bad6c0a679909a4ed6a87669d9 -
Trigger Event:
release
-
Statement type:
File details
Details for the file securevector_sdk_langchain-1.0.0-py3-none-any.whl.
File metadata
- Download URL: securevector_sdk_langchain-1.0.0-py3-none-any.whl
- Upload date:
- Size: 22.6 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
14c70463db63430f984661c65fe0a68d1e8e695d810155afc2c4171b5ff966ae
|
|
| MD5 |
7b7908b7199c39d4bbac7c04b231a645
|
|
| BLAKE2b-256 |
990a9c29ef4fbb44c59f24cbfadd315e1ae4e4afc8a43230e68b4196e9c707c8
|
Provenance
The following attestation bundles were made for securevector_sdk_langchain-1.0.0-py3-none-any.whl:
Publisher:
release.yml on Secure-Vector/securevector-sdk-langchain
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
securevector_sdk_langchain-1.0.0-py3-none-any.whl -
Subject digest:
14c70463db63430f984661c65fe0a68d1e8e695d810155afc2c4171b5ff966ae - Sigstore transparency entry: 1877770330
- Sigstore integration time:
-
Permalink:
Secure-Vector/securevector-sdk-langchain@f0d3a6c1a6ffe6bad6c0a679909a4ed6a87669d9 -
Branch / Tag:
refs/tags/v1.0.0 - Owner: https://github.com/Secure-Vector
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@f0d3a6c1a6ffe6bad6c0a679909a4ed6a87669d9 -
Trigger Event:
release
-
Statement type: