SentraGuard framework-neutral guardrail core for AI agents — LangChain/LangGraph, LiteLLM, and direct provider adapters (no OpenTelemetry dependency).

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for manojsoaisec from gravatar.com manojsoaisec

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT)
  • Author: Sovereign AI Security Labs
  • Tags agent , ai-security , guardrails , langchain , langgraph , litellm , mitre-atlas , observability , owasp
  • Requires: Python >=3.9
  • Provides-Extra: all , anthropic , crewai , dev , gemini , google-adk , langchain , langgraph , litellm , memory , openai , openai-agents
Classifiers
Report project as malware

Project description

sentraguard-agent

Framework-neutral SentraGuard guardrail core for AI agents — LangChain/LangGraph, LiteLLM, and direct provider adapters. No OpenTelemetry dependency.

sentraguard-agent adds capture, identity attribution, and inline policy enforcement to AI-agent code with minimal change. The core (policy engine, identity, decisions, threats mapping) is framework-neutral; framework adapters are namespaced:

Import Covers
sentraguard_agent the framework-neutral core (engine, identity, threats)
sentraguard_agent.langchain LangChain / LangGraph hooks (callbacks, middleware, wrappers)
sentraguard_agent.litellm LiteLLM CustomGuardrail + CustomLogger (enforce under the Proxy; capture under SDK + Proxy)
sentraguard_agent.openai_agents OpenAI Agents SDK input/output guardrails + run hooks
sentraguard_agent.google_adk Google ADK (Gemini) runner plugin (before_model/tool callbacks)
sentraguard_agent.crewai CrewAI task guardrail + tool hook + event listener
sentraguard_agent.providers direct OpenAI / Anthropic / Gemini drop-ins

It uses the published sentraguard-sdk distribution (import name sentraguard) internally as its client (transport, auth, retries) — no new endpoints, no collector, no OTel.

Complete guide: docs/SENTRAGUARD_AGENT_SDK_GUIDE.md. Live in-framework test evidence: tests/integration/ — verified against openai-agents 0.17.4, litellm 1.88.0, google-adk 2.2.0, crewai 1.14.6.

Install

pip install "sentraguard-agent[langchain]"            # LangChain / LangGraph
pip install "sentraguard-agent[litellm]"              # LiteLLM (SDK or Proxy)
pip install "sentraguard-agent[langchain,openai]"     # + guard DIRECT (non-framework) OpenAI calls
pip install "sentraguard-agent[memory]"               # + Agent Memory Guard composition

The sentraguard-sdk distribution is a core dependency. LangChain/LangGraph, LiteLLM, Agent Memory Guard, and the provider drop-ins are optional extras. The pure policy engine still imports without the frameworks for embedding/testing.

Covering every surface

Call path Guarded by
LangChain / LangGraph framework calls sentraguard_agent.langchain (capture + middleware + wrappers)
LiteLLM (SDK or Proxy) sentraguard_agent.litellm (guardrail + logger)
Direct openai/anthropic/gemini calls outside a framework sentraguard_agent.providers.*

1. LangChain — zero-code-change capture (SAIS-327)

One import at startup; the handler auto-attaches to every run via register_configure_hook. No edits to your invoke/stream call sites.

# bootstrap_sentraguard.py
import sentraguard_agent.langchain.bootstrap as sg
from sentraguard_agent import BatchingAnalyticsSink, sdk_forwarder
from sentraguard import SentraGuard

client = SentraGuard()                      # internal SDK, auto-config
sg.install(BatchingAnalyticsSink(sdk_forwarder(client)))

# app.py — add ONE import near the top; nothing else changes
import bootstrap_sentraguard   # noqa: F401

2. LangChain — authenticated identity (SAIS-329)

agent.invoke(state, config={"metadata": {"user_id": u.id, "org_id": org.id, "session_id": sid}})

3. LangChain — inline enforcement (SAIS-330)

Prebuilt agent — one line:

from sentraguard_agent import PolicyEngine
from sentraguard_agent.langchain import SentraGuardMiddleware

agent = create_agent(model, tools, middleware=[SentraGuardMiddleware(PolicyEngine())])

Custom StateGraph — wrap, don't rewrite:

from sentraguard_agent import PolicyEngine
from sentraguard_agent.langchain import SentraGuardModelWrapper, guard_tool
eng = PolicyEngine()
model = SentraGuardModelWrapper(model, eng)
tools = [guard_tool(t, eng) for t in tools]

4. LiteLLM — SDK and Proxy

LiteLLM SDK — register the guardrail + logger:

import litellm
from sentraguard_agent.litellm import SentraGuardLiteLLMGuardrail, SentraGuardLiteLLMLogger

litellm.callbacks = [SentraGuardLiteLLMGuardrail(), SentraGuardLiteLLMLogger()]
litellm.completion(model="gpt-4o", messages=[...])   # capture (logger) runs under the SDK

Enforcement scope (verified, litellm 1.88.0): the pre/post-call enforcement hooks fire only under the LiteLLM Proxy. Under the bare SDK only the logger (capture) runs. To enforce on direct (non-proxy) calls, use the provider drop-ins (sentraguard_agent.providers.*) or route via the Proxy.

LiteLLM Proxy (the inline-gateway deployment, where enforcement applies) — reference the guardrail in config.yaml:

guardrails:
  - guardrail_name: sentraguard
    litellm_params:
      guardrail: sentraguard_agent.litellm.SentraGuardLiteLLMGuardrail
      mode: [pre_call, post_call]

A LiteLLM model used inside LangChain (ChatLiteLLM) is already covered by the LangChain hooks — no LiteLLM adapter needed there.

5. Other agent frameworks

OpenAI Agents SDK — input/output guardrails (DENY trips the tripwire, halting the run) + run hooks for capture:

from agents import Agent
from sentraguard_agent.openai_agents import SentraGuardAgentsGuardrail, SentraGuardRunHooks
g = SentraGuardAgentsGuardrail()
agent = Agent(name="...", input_guardrails=[g.as_input_guardrail()],
              output_guardrails=[g.as_output_guardrail()])

Google ADK (Gemini) — a runner-level plugin (blocks at before_model_callback, gates tools):

from google.adk.runners import Runner
from sentraguard_agent.google_adk import SentraGuardADKPlugin
runner = Runner(agent=..., plugins=[SentraGuardADKPlugin()])

CrewAI — task guardrail + tool hook (enforcement is at the tool/task gate):

from sentraguard_agent.crewai import SentraGuardCrewAI
sg = SentraGuardCrewAI()
task = Task(..., guardrail=sg.task_guardrail)   # + register sg.before_tool_hook as a BeforeToolCallHook

Roadmap (Tier 2+): Microsoft Agent Framework, LlamaIndex, Pydantic AI, AWS Strands — see the roadmap section of docs/SENTRAGUARD_AGENT_SDK_GUIDE.md.

6. Direct provider calls

from sentraguard_agent.providers.openai import OpenAI   # was: from openai import OpenAI
client = OpenAI()                                        # auto-guarded

7. Coverage modules (framework-neutral)

  • MCP security (SAIS-332): sentraguard_agent.mcpscan_tools, ToolPinRegistry.
  • Memory integrity (SAIS-333): sentraguard_agent.memory.MemoryGuard (composes Agent Memory Guard).
  • Behavioural features (SAIS-331): sentraguard_agent.analytics_featuresextract_features, score (incl. multi-agent).
  • Threat mapping (SAIS-334): map_detection, coverage_matrix, export_coverage_markdown (OWASP + MITRE ATLAS).

License

MIT © Sovereign AI Security Labs

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for manojsoaisec from gravatar.com manojsoaisec

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT)
  • Author: Sovereign AI Security Labs
  • Tags agent , ai-security , guardrails , langchain , langgraph , litellm , mitre-atlas , observability , owasp
  • Requires: Python >=3.9
  • Provides-Extra: all , anthropic , crewai , dev , gemini , google-adk , langchain , langgraph , litellm , memory , openai , openai-agents
Classifiers

Release history Release notifications | RSS feed

0.3.0

0.2.0

This version

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

sentraguard_agent-0.1.0.tar.gz (54.8 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

sentraguard_agent-0.1.0-py3-none-any.whl (44.8 kB view details)

Uploaded Python 3

File details

Details for the file sentraguard_agent-0.1.0.tar.gz.

File metadata

  • Download URL: sentraguard_agent-0.1.0.tar.gz
  • Upload date:
  • Size: 54.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for sentraguard_agent-0.1.0.tar.gz
Algorithm Hash digest
SHA256 673f4a1abecef81a9db04840afa00d74e7d7f9fefc3fef2ff4276b193d0c91f5
MD5 72a38389685609381de5f3bd928df36d
BLAKE2b-256 76e718bd362dd9042f7d2d57bf1c645021d22b9322437e7d71c82945ff26e2ba

See more details on using hashes here.

Provenance

The following attestation bundles were made for sentraguard_agent-0.1.0.tar.gz:

Publisher: publish.yml on SAISec/Sentraguard-agent-sdk-python

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file sentraguard_agent-0.1.0-py3-none-any.whl.

File metadata

File hashes

Hashes for sentraguard_agent-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 7da4a5d99df148c83c51e0b2f4705a445f671de3fd7b6e56632a04cae04097b5
MD5 032ad7f750758cf0b2c335b578315df5
BLAKE2b-256 c81bd3e8d27c4f621feaa31593c3bd3245f4565de091508c6d4ff38b273c4e36

See more details on using hashes here.

Provenance

The following attestation bundles were made for sentraguard_agent-0.1.0-py3-none-any.whl:

Publisher: publish.yml on SAISec/Sentraguard-agent-sdk-python

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page