Server-side engine behind Vindicara AIR Cloud. Not intended for direct pip install. The open-source developer SDK is `projectair` (https://pypi.org/project/projectair/).
Project description
Project AIR
Forensic reconstruction and incident response for AI agents.
When your AI agent goes off-script, AIR tells you what happened and proves it.
vindicara.io · Quickstart · Pricing · Blog
What AIR is
AIR writes a signed forensic record of every agent decision (llm, tool, finish) as an AgDR (AI Decision Record). Each record is content-hashed with BLAKE3, signed with Ed25519, and chained to the previous step. The air CLI replays the chain, verifies every signature, and reports OWASP Top 10 for Agentic Applications violations (5 of 10 detectors shipped today: ASI01, ASI02, ASI03, ASI05, ASI09. ASI04, ASI06, ASI07, ASI08, ASI10 on roadmap).
It is the layer that runs behind your guardrails. Prevention tools (Lakera, NeMo Guardrails, Bedrock Guardrails) try to stop bad things from happening. AIR produces the evidence of what actually happened, in a form security, legal, and insurance can act on.
Install
pip install projectair
This installs both the air terminal command and the airsdk Python library.
10-second sanity check
air demo
Generates a fresh signed AgDR chain (13 steps, two baked-in ASI violations), verifies every signature, runs the detectors, and writes forensic-report.json next to you. No agent, no log file, no wiring required.
30-second usage
Instrument your LangChain agent:
from airsdk import AIRCallbackHandler
from langchain.agents import AgentExecutor
handler = AIRCallbackHandler(
key="...", # Ed25519 signing key; auto-generated when omitted
log_path="my-agent.log",
user_intent="Draft a Q3 sales report from the CRM data",
)
agent = AgentExecutor(callbacks=[handler], ...)
Every step the agent takes is appended to my-agent.log as a signed AgDR record.
Replay the trace:
air trace my-agent.log
You get a console report: signatures verified, ASI01/ASI02 findings flagged, detector coverage shown honestly, and forensic-report.json emitted alongside.
What's in this repo
This is a monorepo.
packages/projectair/: the MIT-licensedprojectairpackage published to PyPI. Ships theairCLI and theairsdkPython library. This is the public, supported AIR surface.site/: the SvelteKit source for vindicara.io.src/vindicara/: the older Apache-2.0 runtime security engine (policy evaluator, MCP scanner, agent IAM, drift monitor, compliance collector). This is now the engine substrate underneath AIR, not the public product surface. Retained for reference and for future integrations.
For the legacy five-pillar README that used to live here, see docs/legacy-vindicara-readme.md.
Status
| Surface | Status |
|---|---|
| BLAKE3 + Ed25519 signed AgDR chain | implemented, tested |
| Tamper detection on chain replay | implemented, tested |
LangChain AIRCallbackHandler |
implemented |
| ASI01 Agent Goal Hijack detector | implemented (heuristic) |
| ASI02 Tool Misuse detector | implemented (regex) |
| ASI03 Prompt Injection detector | implemented (heuristic) |
| ASI05 Sensitive Data Exposure detector | implemented (pattern set) |
| ASI09 Supply Chain / MCP Risk detector | implemented (heuristic) |
| ASI04, ASI06, ASI07, ASI08, ASI10 | not yet implemented |
| JSON forensic export | implemented |
| PDF forensic export | implemented (fpdf2) |
| SIEM forensic export (ArcSight CEF v0) | implemented |
| LangChain callback integration | implemented |
| OpenAI SDK integration | implemented |
| Anthropic, LlamaIndex, CrewAI, AutoGen | not yet implemented |
| AIR Cloud (hosted dashboards, SIEM) | not yet implemented |
Pre-1.0. The detector heuristics will produce false positives and false negatives. The signed chain itself is production-grade cryptography. See the pricing page for what's planned next.
Contributing
Issues, traces that break the detectors, and new ASI detector PRs are welcome. Bugs and feature requests: https://github.com/get-sltr/vindicara-ai/issues.
License
packages/projectair/and theprojectairPyPI distribution: MIT. Seepackages/projectair/LICENSE.src/vindicara/(engine substrate, not published): Apache-2.0.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file vindicara-0.2.0.tar.gz.
File metadata
- Download URL: vindicara-0.2.0.tar.gz
- Upload date:
- Size: 707.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
19a68ae6249ef397fb226c22c585fee7db6775e28d52d96f30d636a738f004c8
|
|
| MD5 |
87574bede582465318686461f5c159f3
|
|
| BLAKE2b-256 |
16b8cf3e4eebc171d83e67b1e481fb59da17a650f27807f1e6a11558a898528c
|
File details
Details for the file vindicara-0.2.0-py3-none-any.whl.
File metadata
- Download URL: vindicara-0.2.0-py3-none-any.whl
- Upload date:
- Size: 91.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
9231122bdf6aa9546b9ed9563f00d8cca74578194a53b1d2f2fb2a369ce1e401
|
|
| MD5 |
c2d968fa3964b2c9b41041b6b37544af
|
|
| BLAKE2b-256 |
bfc6dbd64ede4f3228c3bb99298fe2d04ed42ab1e890704c057eb628c80a4860
|
