TealTiger - AI agent security platform with guardrails, cost tracking, and policy management for LLM applications
Project description
TealTiger Python SDK
The first open-source AI agent security SDK with client-side guardrails 🛡️
🚀 Quick Start
pip install tealtiger
import asyncio
from tealtiger import TealOpenAI, GuardrailEngine, PIIDetectionGuardrail, PromptInjectionGuardrail
async def main():
# Set up guardrails
engine = GuardrailEngine()
engine.register_guardrail(PIIDetectionGuardrail())
engine.register_guardrail(PromptInjectionGuardrail())
# Create guarded client — drop-in replacement for OpenAI
client = TealOpenAI(
api_key="your-openai-key",
agent_id="my-agent",
guardrail_engine=engine
)
response = await client.chat.completions.create(
model="gpt-4",
messages=[{"role": "user", "content": "Hello!"}]
)
print(response.choices[0].message.content)
print(f"Guardrails passed: {response.security.guardrail_result.passed}")
asyncio.run(main())
🌐 Supported Providers
95%+ market coverage with 7 LLM providers:
| Provider | Client | Models | Features |
|---|---|---|---|
| OpenAI | TealOpenAI |
GPT-4, GPT-3.5 Turbo | Chat, Completions, Embeddings |
| Anthropic | TealAnthropic |
Claude 3, Claude 2 | Chat, Streaming |
TealGemini |
Gemini Pro, Ultra | Multimodal, Safety Settings | |
| AWS | TealBedrock |
Claude, Titan, Jurassic, Command, Llama | Multi-model, Regional |
| Azure | TealAzureOpenAI |
GPT-4, GPT-3.5 | Deployment-based, Azure AD |
| Mistral | TealMistral |
Large, Medium, Small, Mixtral | EU Data Residency, GDPR |
| Cohere | TealCohere |
Command, Embed | RAG, Citations, Connectors |
🛡️ Key Features
TealEngine — Policy Evaluation
Deterministic policy evaluation with multi-mode enforcement:
from tealtiger import TealEngine, PolicyMode, DecisionAction, ReasonCode
engine = TealEngine(
policies=my_policies,
mode={
"default_mode": PolicyMode.ENFORCE, # or MONITOR, REPORT_ONLY
"policy_modes": {
"tools.file_delete": PolicyMode.ENFORCE,
"identity.admin_access": PolicyMode.ENFORCE
}
}
)
decision = engine.evaluate({
"agent_id": "agent-001",
"action": "tool.execute",
"tool": "file_delete",
"correlation_id": "req-12345"
})
if decision.action == DecisionAction.ALLOW:
await execute_tool()
elif decision.action == DecisionAction.DENY:
if ReasonCode.TOOL_NOT_ALLOWED in decision.reason_codes:
raise ToolNotAllowedError(decision.reason)
elif decision.action == DecisionAction.REQUIRE_APPROVAL:
await request_approval(decision)
# Risk-based routing
if decision.risk_score > 80:
await escalate_to_human(decision)
Decision fields: action (ALLOW, DENY, REDACT, TRANSFORM, REQUIRE_APPROVAL, DEGRADE), reason_codes (standardized enums), risk_score (0-100), correlation_id, metadata
TealGuard — Security Guardrails
Client-side guardrails that run in milliseconds with no server dependency:
from tealtiger import GuardrailEngine, PIIDetectionGuardrail, PromptInjectionGuardrail, ContentModerationGuardrail
engine = GuardrailEngine(mode="parallel", timeout=5000)
engine.register_guardrail(PIIDetectionGuardrail(action="redact"))
engine.register_guardrail(PromptInjectionGuardrail(sensitivity="high"))
engine.register_guardrail(ContentModerationGuardrail(threshold=0.7))
result = await engine.execute(user_input)
print(f"Passed: {result.passed}")
print(f"Risk Score: {result.risk_score}")
Detects: PII (emails, phones, SSNs, credit cards), prompt injection, jailbreaks, harmful content, custom patterns.
TealCircuit — Circuit Breaker
Cascading failure prevention with automatic failover:
from tealtiger import TealCircuit
circuit = TealCircuit(
failure_threshold=5,
reset_timeout=30000,
monitor_interval=10000
)
# Wraps provider calls with circuit breaker protection
response = await circuit.execute(
lambda: client.chat.completions.create(model="gpt-4", messages=messages)
)
TealAudit — Audit Logging & Redaction
Versioned audit events with security-by-default PII redaction:
from tealtiger import TealAudit, RedactionLevel, FileOutput
audit = TealAudit(
outputs=[FileOutput("./audit.log")],
config={
"input_redaction": RedactionLevel.HASH, # SHA-256 hash + size (default)
"output_redaction": RedactionLevel.HASH,
"detect_pii": True,
"debug_mode": False
}
)
Redaction levels: HASH (default, production-safe), SIZE_ONLY, CATEGORY_ONLY, FULL, NONE (debug only).
Correlation IDs & Traceability
End-to-end request tracking across all components:
from tealtiger import ContextManager
context = ContextManager.create_context(
tenant_id="acme-corp",
app="customer-support",
env="production"
)
# Context propagates through TealEngine, TealAudit, and all providers
response = await client.chat.completions.create(
model="gpt-4",
messages=[{"role": "user", "content": "Hello"}],
context=context
)
# Query audit logs by correlation_id
events = await audit.query(correlation_id=context.correlation_id)
Features: Auto-generated UUID v4 correlation IDs, OpenTelemetry-compatible trace IDs, HTTP header propagation, multi-tenant support.
Policy Test Harness
Validate policy behavior before production deployment:
from tealtiger import PolicyTester, TestCorpora
tester = PolicyTester(engine)
report = tester.run_suite({
"name": "Customer Support Policy Tests",
"tests": [
{
"name": "Block file deletion",
"context": {"agent_id": "support-001", "action": "tool.execute", "tool": "file_delete"},
"expected": {"action": DecisionAction.DENY, "reason_codes": [ReasonCode.TOOL_NOT_ALLOWED]}
},
*TestCorpora.prompt_injection(),
*TestCorpora.pii_detection()
]
})
print(f"Tests: {report.passed}/{report.total} passed")
# CLI usage
python -m tealtiger.cli.test ./policies/*.test.json --coverage --format=junit --output=./results.xml
Cost Tracking & Budget Management
Track costs across 50+ models and enforce spending limits:
from tealtiger import CostTracker, BudgetManager, InMemoryCostStorage
storage = InMemoryCostStorage()
tracker = CostTracker()
budget_manager = BudgetManager(storage)
budget_manager.create_budget({
"name": "Daily GPT-4 Budget",
"limit": 10.0,
"period": "daily",
"alert_thresholds": [50, 75, 90, 100],
"action": "block",
"enabled": True
})
# Estimate before request
estimate = tracker.estimate_cost("gpt-4", {"input_tokens": 1000, "output_tokens": 500}, "openai")
# Check budget
check = await budget_manager.check_budget("agent-123", estimate)
if not check.allowed:
print(f"Blocked by: {check.blocked_by.name}")
🛡️ OWASP Top 10 for Agentic Applications Coverage
TealTiger v1.1.0 covers 7 out of 10 OWASP ASIs through its SDK-only architecture:
| ASI | Vulnerability | Coverage | Components |
|---|---|---|---|
| ASI01 | Goal Hijacking & Prompt Injection | 🟡 Partial | TealGuard, TealEngine |
| ASI02 | Tool Misuse & Unauthorized Actions | 🟢 Full | TealEngine |
| ASI03 | Identity & Access Control Failures | 🟢 Full | TealEngine |
| ASI04 | Supply Chain Vulnerabilities | 🔧 Support | TealAudit |
| ASI05 | Unsafe Code Execution | 🟢 Full | TealEngine |
| ASI06 | Memory & Context Corruption | 🟢 Full | TealEngine, TealGuard |
| ASI07 | Inter-Agent Communication Security | ❌ Platform | N/A |
| ASI08 | Cascading Failures & Resource Exhaustion | 🟢 Full | TealCircuit |
| ASI09 | Harmful Content Generation | 🔧 Support | TealGuard |
| ASI10 | Rogue Agent Behavior | 🟢 Full | TealAudit |
📖 Complete OWASP ASI Mapping | OWASP Top 10 for Agentic Applications
🎯 Use Cases
- Customer Support Bots — Protect customer PII
- Healthcare AI — HIPAA compliance
- Financial Services — Prevent data leakage
- E-commerce — Secure payment information
- Enterprise AI — Policy enforcement and audit trails
- Education Platforms — Content safety
📚 Documentation
🤝 Contributing
We welcome contributions! Please see our Contributing Guide.
📄 License
Apache 2.0 — see LICENSE
🔗 Links
- PyPI: https://pypi.org/project/tealtiger/
- GitHub: https://github.com/agentguard-ai/tealtiger-python-prod
- TypeScript SDK: https://www.npmjs.com/package/tealtiger
- Documentation: https://docs.tealtiger.ai
- Contact: reachout@tealtiger.ai
- Issues: https://github.com/agentguard-ai/tealtiger-python-prod/issues
Made with ❤️ by the TealTiger team
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file tealtiger-1.1.1.tar.gz.
File metadata
- Download URL: tealtiger-1.1.1.tar.gz
- Upload date:
- Size: 8.6 MB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.15
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
0cfeed3f0bc98b5113f00db1ecfd33cc1e5541e1cdb44a488f4432a3e01f4bb0
|
|
| MD5 |
d294d1fbdc22d7ef66b74d8b86c879ec
|
|
| BLAKE2b-256 |
9474393934fa733ab6ff3127f6a09bc72bd2ac338c5caf44e928911eb7105daf
|
File details
Details for the file tealtiger-1.1.1-py3-none-any.whl.
File metadata
- Download URL: tealtiger-1.1.1-py3-none-any.whl
- Upload date:
- Size: 102.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.15
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
18c93965cf54cd2eb62f640b661761cbae0a53e49b54458a2048d746d728e799
|
|
| MD5 |
b83f29dc93618b6b9b1982cb81ef1b40
|
|
| BLAKE2b-256 |
de55276fb0cc8afc0fd794b698625f622f732a8e98195ece36d4f936dc031a0a
|
