Python SDK for Surfinguard — the trust layer for AI agents

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for surfinguard from gravatar.com surfinguard

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License Expression: MIT
    SPDX License Expression
  • Author: Surfinguard
  • Tags agent , ai , llm , safety , security
  • Requires: Python >=3.9
  • Provides-Extra: autogen , crewai , dev , langchain
Classifiers
Report project as malware

Project description

Surfinguard Python SDK

The trust layer for AI agents. Protect your AI agents from executing dangerous actions — phishing URLs, destructive commands, prompt injection, and sensitive file access.

Installation

pip install surfinguard

With framework integrations:

pip install surfinguard[langchain]   # LangChain
pip install surfinguard[crewai]      # CrewAI
pip install surfinguard[autogen]     # AutoGen

Quick Start

from surfinguard import Guard

guard = Guard(api_key="sg_live_...")

# Check a URL
result = guard.check_url("https://paypa1.com/login")
print(result.level)    # DANGER
print(result.score)    # 9
print(result.reasons)  # ['Brand impersonation: paypal']

# Check a command
result = guard.check_command("rm -rf /")
print(result.allow)    # False
print(result.level)    # DANGER

# Check text for prompt injection
result = guard.check_text("Ignore all previous instructions")
print(result.level)    # DANGER

# Check file operations
result = guard.check_file_read("~/.ssh/id_rsa")
print(result.primitive)  # EXFILTRATION

Policy Enforcement

The SDK can automatically block dangerous actions:

from surfinguard import Guard, Policy, NotAllowedError

# MODERATE (default): blocks DANGER, allows SAFE and CAUTION
guard = Guard(api_key="sg_live_...", policy=Policy.MODERATE)

# STRICT: blocks CAUTION and DANGER, only allows SAFE
guard = Guard(api_key="sg_live_...", policy=Policy.STRICT)

# PERMISSIVE: never blocks, returns results only
guard = Guard(api_key="sg_live_...", policy=Policy.PERMISSIVE)

try:
    guard.check_command("rm -rf /")
except NotAllowedError as e:
    print(f"Blocked: {e.result.level} (score={e.result.score})")

Decorator

Use @guard.protect to automatically check function arguments:

@guard.protect("command")
def execute(cmd: str) -> str:
    import subprocess
    return subprocess.check_output(cmd, shell=True, text=True)

execute("ls -la")       # Allowed
execute("rm -rf /")     # Raises NotAllowedError

All Check Methods

Method Action Type Input
check_url(url) URL URL string
check_command(command) Command Shell command
check_text(text) Text Free text / prompt
check_file_read(path) File Read File path
check_file_write(path, content?) File Write Path + optional content
check(type, value, **metadata) Any Universal check

CheckResult

Every check returns a CheckResult:

class CheckResult:
    allow: bool              # Should the action be allowed?
    score: int               # 0-10 risk score
    level: RiskLevel         # SAFE, CAUTION, or DANGER
    primitive: RiskPrimitive # DESTRUCTION, EXFILTRATION, ESCALATION, PERSISTENCE, MANIPULATION
    primitive_scores: list   # Per-primitive breakdown
    reasons: list[str]       # Human-readable explanations
    alternatives: list[str]  # Safer alternatives (if any)
    latency_ms: float        # Analysis time

Framework Integrations

LangChain

from surfinguard import Guard
from surfinguard.integrations.langchain import SurfinguardToolGuard

guard = Guard(api_key="sg_live_...")
tool_guard = SurfinguardToolGuard(guard)

# Wrap a single tool
safe_tool = tool_guard.wrap(shell_tool)

# Wrap all tools
safe_tools = tool_guard.wrap_all([shell_tool, file_tool, web_tool])

CrewAI

from surfinguard import Guard
from surfinguard.integrations.crewai import SurfinguardCrewGuard

guard = Guard(api_key="sg_live_...")
crew_guard = SurfinguardCrewGuard(guard)

# As a tool decorator
@crew_guard.check_tool("command")
def execute_command(command: str) -> str:
    ...

# As a step callback
crew = Crew(..., step_callback=crew_guard.step_callback)

AutoGen

from surfinguard import Guard
from surfinguard.integrations.autogen import SurfinguardAutoGenGuard

guard = Guard(api_key="sg_live_...")
ag_guard = SurfinguardAutoGenGuard(guard)

# Wrap functions
@ag_guard.wrap_function("command")
def execute(command: str) -> str:
    ...

# Check messages
ag_guard.check_message(message)

Error Handling

from surfinguard.exceptions import (
    AuthenticationError,  # Invalid API key (401)
    RateLimitError,       # Rate limit exceeded (429) — has .retry_after
    APIError,             # Server error (4xx/5xx) — has .status_code
    NotAllowedError,      # Policy blocked action — has .result
)

Context Manager

with Guard(api_key="sg_live_...") as guard:
    result = guard.check_url("https://example.com")

API Reference

Risk Levels

Level Score Meaning
SAFE 0-2 No risk detected
CAUTION 3-6 Potential risk, review recommended
DANGER 7-10 High risk, action should be blocked

Risk Primitives

Primitive Description
DESTRUCTION Data loss, system damage
EXFILTRATION Data theft, credential access
ESCALATION Privilege escalation
PERSISTENCE Backdoor installation, startup modification
MANIPULATION Phishing, prompt injection, deception

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for surfinguard from gravatar.com surfinguard

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License Expression: MIT
    SPDX License Expression
  • Author: Surfinguard
  • Tags agent , ai , llm , safety , security
  • Requires: Python >=3.9
  • Provides-Extra: autogen , crewai , dev , langchain
Classifiers

Release history Release notifications | RSS feed

This version

1.0.0

0.3.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

surfinguard-1.0.0.tar.gz (19.5 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

surfinguard-1.0.0-py3-none-any.whl (16.0 kB view details)

Uploaded Python 3

File details

Details for the file surfinguard-1.0.0.tar.gz.

File metadata

  • Download URL: surfinguard-1.0.0.tar.gz
  • Upload date:
  • Size: 19.5 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.11.14

File hashes

Hashes for surfinguard-1.0.0.tar.gz
Algorithm Hash digest
SHA256 5bfb49dcbae898a36c27dee94a449a957d55f8ebc3a94c233b91443c4e848bae
MD5 2aa4365084947ed0f28b8f6267ea1f32
BLAKE2b-256 281ee04fc9d1c4c8c0d8efeec786e0fdd6be1e0a58028e02af4e88a6ec51af99

See more details on using hashes here.

File details

Details for the file surfinguard-1.0.0-py3-none-any.whl.

File metadata

  • Download URL: surfinguard-1.0.0-py3-none-any.whl
  • Upload date:
  • Size: 16.0 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.11.14

File hashes

Hashes for surfinguard-1.0.0-py3-none-any.whl
Algorithm Hash digest
SHA256 11a71d73b2618c188cc45b9856a91b7977e109c28465f04507cfa9f822606b4e
MD5 523258b0310e9b0a6f1d1c8ff407584f
BLAKE2b-256 7313239f3cd516682e5f047481bece933e66aa03b65310a0a9ada3dedc9198f0

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page