SentraGuard framework-neutral guardrail core for AI agents — LangChain/LangGraph, LiteLLM, and direct provider adapters (no OpenTelemetry dependency).

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for manojsoaisec from gravatar.com manojsoaisec

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT)
  • Author: Sovereign AI Security Labs
  • Tags agent , ai-security , guardrails , langchain , langgraph , litellm , mitre-atlas , observability , owasp
  • Requires: Python >=3.9
  • Provides-Extra: all , anthropic , crewai , dev , gemini , google-adk , langchain , langgraph , litellm , memory , openai , openai-agents
Classifiers
Report project as malware

Project description

sentraguard-agent

Framework-neutral SentraGuard guardrail core for AI agents — LangChain/LangGraph, LiteLLM, and direct provider adapters. No OpenTelemetry dependency.

sentraguard-agent adds capture, identity attribution, and inline policy enforcement to AI-agent code with minimal change. The core (policy engine, identity, decisions, threats mapping) is framework-neutral; framework adapters are namespaced:

Import Covers
sentraguard_agent the framework-neutral core (engine, identity, threats)
sentraguard_agent.langchain LangChain / LangGraph hooks (callbacks, middleware, wrappers)
sentraguard_agent.litellm LiteLLM CustomGuardrail + CustomLogger (enforce under the Proxy; capture under SDK + Proxy)
sentraguard_agent.openai_agents OpenAI Agents SDK input/output guardrails + run hooks
sentraguard_agent.google_adk Google ADK (Gemini) runner plugin (before_model/tool callbacks)
sentraguard_agent.crewai CrewAI task guardrail + tool hook + event listener
sentraguard_agent.providers direct OpenAI / Anthropic / Gemini drop-ins

It uses the published sentraguard-sdk distribution (import name sentraguard) internally as its client (transport, auth, retries) — no new endpoints, no collector, no OTel.

Complete guide: docs/SENTRAGUARD_AGENT_SDK_GUIDE.md. Live in-framework test evidence: tests/integration/ — verified against openai-agents 0.17.4, litellm 1.88.0, google-adk 2.2.0, crewai 1.14.6.

Install

pip install "sentraguard-agent[langchain]"            # LangChain / LangGraph
pip install "sentraguard-agent[litellm]"              # LiteLLM (SDK or Proxy)
pip install "sentraguard-agent[langchain,openai]"     # + guard DIRECT (non-framework) OpenAI calls
pip install "sentraguard-agent[memory]"               # + Agent Memory Guard composition

The sentraguard-sdk distribution is a core dependency. LangChain/LangGraph, LiteLLM, Agent Memory Guard, and the provider drop-ins are optional extras. The pure policy engine still imports without the frameworks for embedding/testing.

Covering every surface

Call path Guarded by
LangChain / LangGraph framework calls sentraguard_agent.langchain (capture + middleware + wrappers)
LiteLLM (SDK or Proxy) sentraguard_agent.litellm (guardrail + logger)
Direct openai/anthropic/gemini calls outside a framework sentraguard_agent.providers.*

1. LangChain — zero-code-change capture (SAIS-327)

One import at startup; the handler auto-attaches to every run via register_configure_hook. No edits to your invoke/stream call sites.

# bootstrap_sentraguard.py
import sentraguard_agent.langchain.bootstrap as sg
from sentraguard_agent import BatchingAnalyticsSink, sdk_forwarder
from sentraguard import SentraGuard

client = SentraGuard()                      # internal SDK, auto-config
sg.install(BatchingAnalyticsSink(sdk_forwarder(client)))

# app.py — add ONE import near the top; nothing else changes
import bootstrap_sentraguard   # noqa: F401

2. LangChain — authenticated identity (SAIS-329)

agent.invoke(state, config={"metadata": {"user_id": u.id, "org_id": org.id, "session_id": sid}})

3. LangChain — inline enforcement (SAIS-330)

Prebuilt agent — one line:

from sentraguard_agent import PolicyEngine
from sentraguard_agent.langchain import SentraGuardMiddleware

agent = create_agent(model, tools, middleware=[SentraGuardMiddleware(PolicyEngine())])

Custom StateGraph — wrap, don't rewrite:

from sentraguard_agent import PolicyEngine
from sentraguard_agent.langchain import SentraGuardModelWrapper, guard_tool
eng = PolicyEngine()
model = SentraGuardModelWrapper(model, eng)
tools = [guard_tool(t, eng) for t in tools]

4. LiteLLM — SDK and Proxy

LiteLLM SDK — register the guardrail + logger:

import litellm
from sentraguard_agent.litellm import SentraGuardLiteLLMGuardrail, SentraGuardLiteLLMLogger

litellm.callbacks = [SentraGuardLiteLLMGuardrail(), SentraGuardLiteLLMLogger()]
litellm.completion(model="gpt-4o", messages=[...])   # capture (logger) runs under the SDK

Enforcement scope (verified, litellm 1.88.0): the pre/post-call enforcement hooks fire only under the LiteLLM Proxy. Under the bare SDK only the logger (capture) runs. To enforce on direct (non-proxy) calls, use the provider drop-ins (sentraguard_agent.providers.*) or route via the Proxy.

LiteLLM Proxy (the inline-gateway deployment, where enforcement applies) — reference the guardrail in config.yaml:

guardrails:
  - guardrail_name: sentraguard
    litellm_params:
      guardrail: sentraguard_agent.litellm.SentraGuardLiteLLMGuardrail
      mode: [pre_call, post_call]

A LiteLLM model used inside LangChain (ChatLiteLLM) is already covered by the LangChain hooks — no LiteLLM adapter needed there.

5. Other agent frameworks

OpenAI Agents SDK — input/output guardrails (DENY trips the tripwire, halting the run) + run hooks for capture:

from agents import Agent
from sentraguard_agent.openai_agents import SentraGuardAgentsGuardrail, SentraGuardRunHooks
g = SentraGuardAgentsGuardrail()
agent = Agent(name="...", input_guardrails=[g.as_input_guardrail()],
              output_guardrails=[g.as_output_guardrail()])

Google ADK (Gemini) — a runner-level plugin (blocks at before_model_callback, gates tools):

from google.adk.runners import Runner
from sentraguard_agent.google_adk import SentraGuardADKPlugin
runner = Runner(agent=..., plugins=[SentraGuardADKPlugin()])

CrewAI — task guardrail + tool hook (enforcement is at the tool/task gate):

from sentraguard_agent.crewai import SentraGuardCrewAI
sg = SentraGuardCrewAI()
task = Task(..., guardrail=sg.task_guardrail)   # + register sg.before_tool_hook as a BeforeToolCallHook

Roadmap (Tier 2+): Microsoft Agent Framework, LlamaIndex, Pydantic AI, AWS Strands — see the roadmap section of docs/SENTRAGUARD_AGENT_SDK_GUIDE.md.

6. Direct provider calls

from sentraguard_agent.providers.openai import OpenAI   # was: from openai import OpenAI
client = OpenAI()                                        # auto-guarded

7. Coverage modules (framework-neutral)

  • MCP security (SAIS-332): sentraguard_agent.mcpscan_tools, ToolPinRegistry.
  • Memory integrity (SAIS-333): sentraguard_agent.memory.MemoryGuard (composes Agent Memory Guard).
  • Behavioural features (SAIS-331): sentraguard_agent.analytics_featuresextract_features, score (incl. multi-agent).
  • Threat mapping (SAIS-334): map_detection, coverage_matrix, export_coverage_markdown (OWASP + MITRE ATLAS).

License

MIT © Sovereign AI Security Labs

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for manojsoaisec from gravatar.com manojsoaisec

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT)
  • Author: Sovereign AI Security Labs
  • Tags agent , ai-security , guardrails , langchain , langgraph , litellm , mitre-atlas , observability , owasp
  • Requires: Python >=3.9
  • Provides-Extra: all , anthropic , crewai , dev , gemini , google-adk , langchain , langgraph , litellm , memory , openai , openai-agents
Classifiers

Release history Release notifications | RSS feed

0.3.0

This version

0.2.0

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

sentraguard_agent-0.2.0.tar.gz (68.9 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

sentraguard_agent-0.2.0-py3-none-any.whl (51.6 kB view details)

Uploaded Python 3

File details

Details for the file sentraguard_agent-0.2.0.tar.gz.

File metadata

  • Download URL: sentraguard_agent-0.2.0.tar.gz
  • Upload date:
  • Size: 68.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for sentraguard_agent-0.2.0.tar.gz
Algorithm Hash digest
SHA256 9ec7dfb90337a8b1495512013061de287c693bb539701b872b2618a55b9ad679
MD5 dfd0000a810476325c80ef01e2420ded
BLAKE2b-256 9c55ae2b93350760ecedf670e3e011395241c03761d3b5414685e4eb02fc2c03

See more details on using hashes here.

Provenance

The following attestation bundles were made for sentraguard_agent-0.2.0.tar.gz:

Publisher: publish.yml on SAISec/Sentraguard-agent-sdk-python

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file sentraguard_agent-0.2.0-py3-none-any.whl.

File metadata

File hashes

Hashes for sentraguard_agent-0.2.0-py3-none-any.whl
Algorithm Hash digest
SHA256 cbd2efb09c99308bacc14402a51f28c35239bb41a513dd3e219cc3dde3b9331e
MD5 da83021b8ecb5fcd01331155309c66f0
BLAKE2b-256 35c22cdbf67ae16caf15d4ad084952a3c3ca49d717399005f4dd1937c40595bf

See more details on using hashes here.

Provenance

The following attestation bundles were made for sentraguard_agent-0.2.0-py3-none-any.whl:

Publisher: publish.yml on SAISec/Sentraguard-agent-sdk-python

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page