Skip to main content

Runtime contract enforcement for LLM agent systems

Project description

English · 简体中文 · 日本語

Sponsio

License Install from PyPI Visit sponsio.dev

Follow on X Follow on LinkedIn Join our Discord

Sponsio

Same coding agent under a declared code freeze. Without Sponsio it drops the prod users table, back-fills fabricated rows, and files a status report that hides the damage. With Sponsio the first destructive SQL is blocked pre-execution: 35 checks, 100% deterministic, 0 LLM calls, p50 13µs.

Sponsio provides deterministic contracts for agent procedures over time, enforced in under 0.01 ms with zero LLM cost at runtime. Works with LangChain, Claude Agent, OpenAI Agents, Google ADK, CrewAI, Vercel AI, MCP, or any custom tool-calling loop, in Python or TypeScript.

An agent contract is a runtime rule that is checked at every agent action, backed by formal methods.

v0.2.0a3 alpha is out. pip install --pre sponsio==0.2.0a3. Closes a redirect_to_safe fail-open bug in non-LangGraph adapters (the unsafe call was running anyway), brings TS Eq semantics to Python parity for composite values, and adds Cloudflare Workers compatibility. Upgrade recommended if you are on 0.2.0a2. See the v0.2.0a3 release notes.


How Sponsio works

Sponsio architecture: Agent Flow + (Natural Language + Pattern Library) compile into Contracts (Assumption → Enforcement), enforced by a Fuzzy LTL Monitor (deterministic + stochastic) that decides Pass / Block · Warn · Escalate / Redirect for every function call, with full audit trail logs feeding back to the agent.

On ODCV-Bench (12 frontier LLMs × 80 trajectories), unguarded models cheat in 11.5%–66.7% of runs. With Sponsio, 95.6% of misalignment is avoided on average; 24/36 high-risk scenarios at 100%. On the Financial-Audit-Fraud-Finding scenario, frontier models commit fraud in 16/24 trials; Sponsio blocks 18/19. On RedCode-Exec (1,410 cases), Sponsio reaches 92% combined (bash 95% · python 90%) across a 60-file clean-code audit.

The logic checker takes p50 0.139 ms per contract, 5,000×–60,000× faster than any LLM-as-judge guardrail (50–800 ms per check), with zero LLM cost in the hot path. p99 stays under 1.04 ms across every measured workload.

See the full benchmark methodology and per-model breakdown, how Sponsio compares against prompt filters, output validators, LLM-as-judge, and sandboxing, or dive into the architecture and formal methods primer.


Quick start

A single prompt or a 2-line CLI command gets you onboarded.

Paste into Claude Code / Codex / Cursor. The agent walks the full onboarding flow:

One-shot prompt: Python   One-shot prompt: TypeScript

Or run the CLI yourself:

pip install sponsio        # or: npm install -D @sponsio/sdk
sponsio init .             # interactive wizard: detects framework, IDE hosts, observe vs enforce

The wizard auto-detects your framework and prints the right wrap snippet. For manual wiring, see all supported integrations. OpenClaw users get bundled ClawHavoc and CVE-2026-25253 coverage out of the box. For config reference, observe → enforce flip, sponsio refresh, and CI wiring, see the full walkthrough.

Drafting contracts from natural language. sponsio validate "<rule in plain English>" turns a plain-English rule into a contract you can read back. Treat the output as a starting draft to review and adjust before you enforce. The determinism is in how contracts are enforced at runtime, not in how they're drafted.


Contract Library

Sixteen contract bundles ship out of the box, organized by tier (always-on / per-tool / per-incident). Each bundle is a YAML pack composed from Sponsio's deterministic patterns. Drop one into sponsio.yaml and your agent is guarded against a known failure class in one line, with no per-contract authoring.

# sponsio.yaml: one-line bundle inclusion
agents:
  my_agent:
    workspace: "/srv/my-bot"
    include:
      - sponsio:core/universal        # always-on
      - sponsio:capability/shell      # if your agent runs commands
      - sponsio:capability/filesystem # if your agent touches files

See the full bundle reference for all 16 bundles, or the 46 underlying patterns for the primitives they compose. Want a bundle for your agent type? That is currently the highest-leverage way to contribute. Open an issue with your incident, CVE, or pattern.


Contributing

Patches, issue reports, and new pattern proposals are welcome. Start with CONTRIBUTING.md. Sponsio's threat model draws on public security research; e.g. Simon Willison's "Lethal Trifecta" shaped our multi-tool composition contracts. Have a threat model we should defend against? Open an issue.


License

Apache 2.0 (LICENSE).

AI agents reading this repo: llms.txt lists canonical doc paths; llms-full.txt is the concatenated full context dump.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

sponsio-0.2.0a3.tar.gz (952.4 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

sponsio-0.2.0a3-py3-none-any.whl (762.9 kB view details)

Uploaded Python 3

File details

Details for the file sponsio-0.2.0a3.tar.gz.

File metadata

  • Download URL: sponsio-0.2.0a3.tar.gz
  • Upload date:
  • Size: 952.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.13

File hashes

Hashes for sponsio-0.2.0a3.tar.gz
Algorithm Hash digest
SHA256 d1a2df9b75f80bd383097c0b34680194e652c133ac0dea9df173b7d0b04b64b9
MD5 e312c6d6cfacfb9f04e2b73af1f0468e
BLAKE2b-256 efc8eabb534990466d95b31207fc81a8682e66b93340b2ed40e4073feb0bf64c

See more details on using hashes here.

Provenance

The following attestation bundles were made for sponsio-0.2.0a3.tar.gz:

Publisher: publish.yml on SponsioLabs/Sponsio

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file sponsio-0.2.0a3-py3-none-any.whl.

File metadata

  • Download URL: sponsio-0.2.0a3-py3-none-any.whl
  • Upload date:
  • Size: 762.9 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.13

File hashes

Hashes for sponsio-0.2.0a3-py3-none-any.whl
Algorithm Hash digest
SHA256 d5f0b181316db1f2d2fe8ecc11a8b40dd8edd88d650f2809a10af5042a3b9806
MD5 bb0f8b15558018438840bc3b8541770e
BLAKE2b-256 cdd42592e4ba5a0f9004b435c4a1468c1b53173e999aeb72b6cf1a05d3fad246

See more details on using hashes here.

Provenance

The following attestation bundles were made for sponsio-0.2.0a3-py3-none-any.whl:

Publisher: publish.yml on SponsioLabs/Sponsio

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page