Shrike SDK for AI agent action governance — drop-in wrapper for OpenAI, Anthropic, and Gemini that governs every tool call, prompt, and response server-side. Allow / approve / block. Free tier available.
Project description
Shrike Guard
Shrike Guard is a Python SDK for the Shrike platform — AI governance for every AI interaction. It wraps OpenAI, Anthropic (Claude), and Google Gemini clients to automatically evaluate all prompts against policy before they reach the LLM. Govern LangChain agents, RAG pipelines, FastAPI chatbots, and any Python AI application with the same multi-layered cognitive pipeline.
Features
- Drop-in replacement for OpenAI, Anthropic, and Gemini clients
- Automatic prompt scanning for:
- Prompt injection attacks
- PII/sensitive data leakage
- Jailbreak attempts
- SQL injection
- Path traversal
- Malicious instructions
- Fail-safe modes: Choose between fail-open (default) or fail-closed behavior
- Async support: Works with both sync and async clients
- Zero code changes: Just replace your import
What Shrike Detects
Shrike's backend runs a multi-stage detection pipeline with security rules across 7 compliance frameworks:
| Framework | Coverage |
|---|---|
| GDPR | EU personal data — names, addresses, national IDs |
| HIPAA | Protected health information (PHI) |
| ISO 27001 | Information security — passwords, tokens, certificates |
| SOC 2 | Secrets, credentials, API keys, cloud tokens |
| NIST | AI risk management (IR 8596), cybersecurity framework (CSF 2.0) |
| PCI-DSS | Cardholder data — PAN, CVV, expiry, track data |
| WebMCP | MCP tool description injection, data exfiltration |
Plus built-in detection for prompt injection, jailbreaks, social engineering, and dangerous requests.
Tiers
Detection depth depends on your tier. All tiers get the same SDK wrappers — tiers control which backend layers run.
| Anonymous | Community | Pro | Enterprise | |
|---|---|---|---|---|
| Detection Layers | L1-L5 | L1-L7 | L1-L8 | L1-L9 |
| API Key | Not needed | Free signup | Paid | Paid |
| Rate Limit | — | 10/min | 100/min | 1,000/min |
| Scans/month | — | 1,000 | 25,000 | 1,000,000 |
Anonymous (no API key): Pattern-based detection (L1-L5). Community (free): Adds LLM-powered semantic analysis. Register at shrikesecurity.com/signup — instant, no credit card.
Installation
pip install shrike-guard # OpenAI (included by default)
pip install shrike-guard[anthropic] # + Anthropic Claude
pip install shrike-guard[gemini] # + Google Gemini
pip install shrike-guard[all] # All providers
Quick Start
OpenAI
from shrike_guard import ShrikeOpenAI
# Replace 'from openai import OpenAI' with this
client = ShrikeOpenAI(
api_key="sk-...", # Your OpenAI API key
shrike_api_key="shrike-...", # Your Shrike API key
)
# Use exactly like the regular OpenAI client
response = client.chat.completions.create(
model="gpt-4",
messages=[{"role": "user", "content": "Hello, how are you?"}]
)
print(response.choices[0].message.content)
Anthropic (Claude)
from shrike_guard import ShrikeAnthropic
client = ShrikeAnthropic(
api_key="sk-ant-...",
shrike_api_key="shrike-...",
)
response = client.messages.create(
model="claude-sonnet-4-5-20250929",
max_tokens=1024,
messages=[{"role": "user", "content": "Hello!"}]
)
print(response.content[0].text)
Google Gemini
from shrike_guard import ShrikeGemini
client = ShrikeGemini(
api_key="AIza...",
shrike_api_key="shrike-...",
)
model = client.GenerativeModel("gemini-pro")
response = model.generate_content("Hello!")
print(response.text)
Async Usage
import asyncio
from shrike_guard import ShrikeAsyncOpenAI
async def main():
client = ShrikeAsyncOpenAI(
api_key="sk-...",
shrike_api_key="shrike-...",
)
response = await client.chat.completions.create(
model="gpt-4",
messages=[{"role": "user", "content": "Hello!"}]
)
print(response.choices[0].message.content)
await client.close()
asyncio.run(main())
Configuration
Fail Modes
Choose how the SDK behaves when the security scan fails (timeout, network error, etc.):
# Fail-open (default): Allow requests if scan fails
# Best for: Most applications where availability is important
client = ShrikeOpenAI(
api_key="sk-...",
shrike_api_key="shrike-...",
fail_mode="open", # This is the default
)
# Fail-closed: Block requests if scan fails
# Best for: Security-critical applications
client = ShrikeOpenAI(
api_key="sk-...",
shrike_api_key="shrike-...",
fail_mode="closed",
)
Timeout Configuration
client = ShrikeOpenAI(
api_key="sk-...",
shrike_api_key="shrike-...",
scan_timeout=2.0, # Timeout in seconds (default: 10.0)
)
Custom Endpoint
For self-hosted Shrike deployments:
client = ShrikeOpenAI(
api_key="sk-...",
shrike_api_key="shrike-...",
shrike_endpoint="https://your-shrike-instance.com",
)
SQL and File Scanning
from shrike_guard import ScanClient
with ScanClient(api_key="shrike-...") as scanner:
# Scan SQL queries for injection attacks
sql_result = scanner.scan_sql("SELECT * FROM users WHERE id = 1")
if not sql_result["safe"]:
print(f"SQL threat: {sql_result['reason']}")
# Scan file paths for path traversal
file_result = scanner.scan_file("/app/data/output.csv")
# Scan file content for secrets/PII
content_result = scanner.scan_file("/tmp/config.py", "api_key = 'sk-...'")
Error Handling
from shrike_guard import ShrikeOpenAI, ShrikeBlockedError, ShrikeScanError
client = ShrikeOpenAI(
api_key="sk-...",
shrike_api_key="shrike-...",
fail_mode="closed", # To see scan errors
)
try:
response = client.chat.completions.create(
model="gpt-4",
messages=[{"role": "user", "content": "Some prompt..."}]
)
except ShrikeBlockedError as e:
# Prompt was blocked due to security threat
print(f"Blocked: {e.message}")
print(f"Threat type: {e.threat_type}")
print(f"Confidence: {e.confidence}")
except ShrikeScanError as e:
# Scan failed (only raised with fail_mode="closed")
print(f"Scan error: {e.message}")
Low-Level Scan Client
For more control, use the scan client directly:
from shrike_guard import ScanClient
with ScanClient(api_key="shrike-...") as scanner:
result = scanner.scan("Check this prompt for threats")
if result["safe"]:
print("Prompt is safe!")
else:
print(f"Threat detected: {result['reason']}")
Compatibility
- Python: 3.8+
- LLM SDKs:
- OpenAI SDK
>=1.0.0 - Anthropic SDK
>=0.18.0(optional:pip install shrike-guard[anthropic]) - Google Generative AI
>=0.3.0(optional:pip install shrike-guard[gemini])
- OpenAI SDK
- Works with:
- OpenAI API
- Azure OpenAI
- OpenAI-compatible APIs (Ollama, vLLM, etc.)
Environment Variables
You can configure the SDK using environment variables:
export OPENAI_API_KEY="sk-..."
export ANTHROPIC_API_KEY="sk-ant-..."
export SHRIKE_API_KEY="shrike-..."
export SHRIKE_ENDPOINT="https://your-shrike-instance.com"
Scope and Limitations
| Scanned | Not Scanned |
|---|---|
| Input prompts (user messages) | Streaming output from LLM |
| System prompts | Image/audio content |
| Multi-modal text content | Non-chat API calls |
| SQL queries | |
| File paths and content |
Why Input-Only Scanning?
Shrike Guard focuses on pre-flight protection — blocking malicious prompts BEFORE they reach the LLM. This:
- Prevents prompt injection attacks at the source
- Has zero latency impact on LLM responses
- Catches the vast majority of threats at the input layer
Other Integration Surfaces
Shrike Guard is one of several ways to integrate with the Shrike platform:
- MCP Server —
npx shrike-mcp(GitHub) - TypeScript SDK —
npm install shrike-guard(GitHub) - REST API —
POST https://api.shrikesecurity.com/agent/scan - LLM Gateway — Change one URL, scan everything
- Browser Extension — Chrome/Edge for ChatGPT, Claude, Gemini
- Dashboard — shrikesecurity.com
Use Cases
| Scenario | How Shrike Guard Helps |
|---|---|
| LangChain / CrewAI agents | Wrap your LLM client. Every agent action scanned before execution. |
| RAG pipelines | Scan retrieved context + user queries for PII leakage and injection. |
| FastAPI chatbot | Middleware-style integration. Scan every request before it hits the model. |
| Internal AI tools | Protect Slack bots, email assistants, and internal AI applications. |
Alternatives
Looking for a Python AI security SDK? Here's how Shrike Guard compares:
| Feature | Shrike Guard | Lakera | Prompt Armor |
|---|---|---|---|
| Drop-in OpenAI/Anthropic/Gemini wrapper | Yes | No | No |
| Multi-layered evaluation pipeline | Yes | Limited | Limited |
| PII detection + redaction | Yes | Partial | No |
| Async support | Yes | Partial | No |
| Free tier (no API key) | Yes | No | No |
| Open source client | Yes (Apache 2.0) | No | No |
License
Apache 2.0
Support
- Shrike — Sign up, dashboard, docs
- Documentation — Quick start, API reference
- GitHub Issues — Bug reports
- MCP Server — For MCP/agent integration
- TypeScript SDK — TypeScript equivalent
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file shrike_guard-1.1.2.tar.gz.
File metadata
- Download URL: shrike_guard-1.1.2.tar.gz
- Upload date:
- Size: 28.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/2.3.4 CPython/3.11.4 Darwin/25.4.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
dbca90a98f86054004b8139c8a1c03da670f9a69880eb6dfe01c488263afdf57
|
|
| MD5 |
513948bdb50d1f3d518feb7f0c31f7ad
|
|
| BLAKE2b-256 |
a1b695dc4c2f50f18e0fdd81682a17186180fc4f93402599043af889f17bcd70
|
File details
Details for the file shrike_guard-1.1.2-py3-none-any.whl.
File metadata
- Download URL: shrike_guard-1.1.2-py3-none-any.whl
- Upload date:
- Size: 35.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/2.3.4 CPython/3.11.4 Darwin/25.4.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
3c3b62653d6dbf5ebac2d411a4db2b5e9afb8113c733a9a9aefe27515450123b
|
|
| MD5 |
2967b22f38104cf8018ed726ea29e287
|
|
| BLAKE2b-256 |
b94a3b8407d1dd58b9d05a8b2383fad30411bb6a83a01ff1f7fa88364a515fc2
|
