Track untrusted tool output before it enters prompts or actions. Python port of @mukundakatta/tool-result-taint.
Project description
tool-result-taint-py
Track untrusted tool output before it enters prompts or actions. Tag any value that came back from an LLM tool call as "tainted", carry that taint through your pipeline, and refuse to use it in a sensitive context until you've explicitly reviewed and unwrapped it. Zero runtime dependencies.
Python port of @mukundakatta/tool-result-taint.
Install
pip install tool-result-taint-py
Usage
from tool_result_taint import (
mark_tainted,
is_tainted,
taint_aware_dict,
taint_report,
unwrap_trusted,
)
# Wrap raw tool output before it enters your prompt-building pipeline.
result = mark_tainted("balance: $4321.00", source="bank.get_balance")
is_tainted(result) # True
result.value # "balance: $4321.00"
result.source # "bank.get_balance"
# Audit a batch of inputs (mix tainted + plain).
report = taint_report([result, "trusted-system-prompt"])
report.safe # False
report.tainted # [{"source": "bank.get_balance", "value": "..."}]
# Refuse to use a tainted value in a sensitive context.
try:
unwrap_trusted(result)
except RuntimeError:
pass # Caller must explicitly review or sanitize first.
unwrap_trusted("plain trusted string") # "plain trusted string"
# Wrap a dict so every entry is tainted automatically.
taint_aware_dict({"name": "Alice", "ssn": "XXX-XX-1234"}, source="crm.lookup")
# -> {"name": Tainted("Alice"), "ssn": Tainted("XXX-XX-1234")}
API
| Symbol | Behavior |
|---|---|
mark_tainted(value, source) |
Wraps value in a Tainted record stamped with source. |
is_tainted(value) |
True for any Tainted record (or dict with tainted=True). |
taint_aware_dict(mapping, source) |
Returns a new dict with each entry wrapped via mark_tainted. |
taint_report(inputs) |
Aggregates a list of inputs into TaintReport(safe, tainted). |
unwrap_trusted(value) |
Returns the raw value; raises if is_tainted(value). |
See the JS sibling's README for the full design notes.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file tool_result_taint_py-0.1.0.tar.gz.
File metadata
- Download URL: tool_result_taint_py-0.1.0.tar.gz
- Upload date:
- Size: 6.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.4
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
2027b6314cc28e9ef551836450574ca3a58e4984bc801e77b6bb347855aef061
|
|
| MD5 |
216fb699d22be9239d9a06d5a038550e
|
|
| BLAKE2b-256 |
2432359ff5f84a995e98acb985523dee9bf754538d05d4a7131a1521523d6d0d
|
File details
Details for the file tool_result_taint_py-0.1.0-py3-none-any.whl.
File metadata
- Download URL: tool_result_taint_py-0.1.0-py3-none-any.whl
- Upload date:
- Size: 6.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.4
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
2299357ca1f833463e50c4839cc9f63e12f24c2c3efb5ff616ac36ce31569812
|
|
| MD5 |
9de8f932dc63c1cc19b50cca82207142
|
|
| BLAKE2b-256 |
c4e47e43e2824fbe4900eb13fb4b44e96ba5de09c5949b4087868de045a9cb05
|
