Skip to main content

SecureVector SDK for LangChain — brings the local threat monitor's three controls (tool-call permissions, secret/data-leak detection, threat detection) to every LangChain tool call, with tamper-evident audit logging.

Project description

SecureVector SDK for LangChain

Bring the SecureVector local threat monitor's three controls — tool-call permissions, secret / data-leak detection, and threat detection — to every LangChain tool call, with tamper-evident audit logging. One import.

pip install securevector-sdk-langchain

📦 One install — batteries included. pip install securevector-sdk-langchain also installs the local SecureVector app (securevector-ai-monitor): the adapter and the detection engine + tamper-evident audit chain arrive in a single pip install. The SDK is a thin interception layer — the app must be running locally (securevector-app --web) for it to do anything.

Quick start

Enforcement (recommended) — the documented wrap_tool_call middleware, which can cleanly block a tool before it runs:

from securevector_sdk_langchain import secure_middleware
from langchain.agents import create_agent

agent = create_agent(
    model, tools,
    middleware=[secure_middleware(mode="enforce")],
)

A denied tool is short-circuited with a ToolMessage (the model sees a clean "blocked by policy" result) — no exceptions, no crashed runs.

Observe-only logging for legacy AgentExecutor / raw LCEL chains, where the middleware surface isn't available:

from securevector_sdk_langchain import SecureVectorCallbackHandler

chain.invoke(payload, config={"callbacks": [SecureVectorCallbackHandler()]})

Why two paths? LangChain callbacks are an observability surface — they cannot reliably block a tool call. The wrap_tool_call middleware is the documented interception/short-circuit point, so enforcement lives there.

What happens on every tool call

Before a tool runs, the SDK:

  1. (a) Permissions — resolves an allow/block verdict for the tool, using the app's own precedence: cloud-pushed synced policy → local overrideessential registry → default-allow.
  2. (b)+(c) Secret & threat scan — sends the serialized tool input through the app's /analyze pipeline.

After the tool returns, the result is scanned the same way to catch secrets / exfiltration in tool output. Every decision is written to the app's audit chain tagged runtime_kind="langchain".

observe vs enforce

local app reachable local app unreachable
observe (default) log + advisory verdict; tool always runs tool runs (fail-open)
enforce (opt-in) tool runs only if the verdict ≠ block tool denied (fail-closed)
agent = create_agent(model, tools, middleware=[secure_middleware(mode="enforce")])

Enforce mode prints a one-time disclosure to stderr. (Enforcement requires the middleware path; the observe-only callback handler always runs in observe mode.)

Configuration

All optional, via env or install(...) kwargs:

Env var Default Meaning
SECUREVECTOR_SDK_APP_URL http://127.0.0.1:8741 local app base URL
SECUREVECTOR_SDK_MODE observe observe or enforce
SECUREVECTOR_SDK_TIMEOUT_MS 3000 per-call verdict timeout
SECUREVECTOR_SDK_RISK_THRESHOLD 70 risk score that blocks in enforce mode
SECUREVECTOR_SDK_DISABLED (unset) set truthy to no-op

Compliance

The tool-call-level, attributed, tamper-evident audit trail this produces is exactly the action-layer logging auditors ask for under EU AI Act Art. 12 / 15. This SDK produces the local evidence; the cloud governance surface turns it into an auditor-ready pack.

Trademarks

SecureVector is the product name of this SDK. LangChain and LangGraph are trademarks of LangChain, Inc. This is an independent, community SDK that integrates with LangChain via its public callback API. It is not affiliated with, sponsored by, or endorsed by LangChain, Inc. The name uses "langchain" only descriptively, to identify the framework this package works with (nominative fair use).

License

Apache-2.0. See LICENSE and NOTICE.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

securevector_sdk_langchain-1.0.0.tar.gz (22.7 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

securevector_sdk_langchain-1.0.0-py3-none-any.whl (22.6 kB view details)

Uploaded Python 3

File details

Details for the file securevector_sdk_langchain-1.0.0.tar.gz.

File metadata

File hashes

Hashes for securevector_sdk_langchain-1.0.0.tar.gz
Algorithm Hash digest
SHA256 3722b61153ca38f535da2260a3bcdf6ac7a03a66aa1ebf3d1c2eb42698c630d7
MD5 045c48745925de4907bf1e178a2e32a9
BLAKE2b-256 31f2eea5526a1c4177b4f8945ec8c18c65871b8d11cc1da6c668baf198c9f404

See more details on using hashes here.

Provenance

The following attestation bundles were made for securevector_sdk_langchain-1.0.0.tar.gz:

Publisher: release.yml on Secure-Vector/securevector-sdk-langchain

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file securevector_sdk_langchain-1.0.0-py3-none-any.whl.

File metadata

File hashes

Hashes for securevector_sdk_langchain-1.0.0-py3-none-any.whl
Algorithm Hash digest
SHA256 14c70463db63430f984661c65fe0a68d1e8e695d810155afc2c4171b5ff966ae
MD5 7b7908b7199c39d4bbac7c04b231a645
BLAKE2b-256 990a9c29ef4fbb44c59f24cbfadd315e1ae4e4afc8a43230e68b4196e9c707c8

See more details on using hashes here.

Provenance

The following attestation bundles were made for securevector_sdk_langchain-1.0.0-py3-none-any.whl:

Publisher: release.yml on Secure-Vector/securevector-sdk-langchain

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page