xShieldAI / AEGIS DAN gate callback for LangChain agents — pre-execution governance via @xshieldai/aegis
Project description
xshieldai-langchain
KavachOS DAN gate callback for LangChain agents.
Intercepts every tool call through the AEGIS KAVACH gate before execution. Zero agent code changes — add the callback and every tool invocation is governed.
Install
pip install xshieldai-langchain
Quick start
from xshieldai_langchain import KavachGateCallback
callback = KavachGateCallback(
base_url="http://localhost:4850", # AEGIS server
on_block="raise", # raise KavachGateError on DAN-3/4
dry_run=False,
)
# LangChain agent — pass callback in config
result = agent.invoke(
{"input": "summarise the quarterly report"},
config={"callbacks": [callback]},
)
# Or attach to a single tool:
result = my_tool.invoke("drop table users", config={"callbacks": [callback]})
KavachGateCallback parameters
| Parameter | Default | Description |
|---|---|---|
base_url |
http://localhost:4850 |
AEGIS server URL |
token |
$AEGIS_TOKEN |
Bearer auth token |
on_block |
"raise" |
"raise" → KavachGateError · "warn" → print + continue |
dry_run |
False |
Classify only — no notification, no human-in-loop polling |
tool_name |
"langchain" |
Label appearing in audit records |
session_id |
auto-generated | Audit grouping key (one per agent session) |
Direct client
from xshieldai_langchain import AegisClient
client = AegisClient(base_url="http://localhost:4850")
# Pre-flight budget check
state = client.state()
if state["budget"]["breached"]:
raise RuntimeError("Daily budget breached — halt")
# Manual gate call
result = client.gate(command="rm -rf /var/postgres", tool_name="my-agent")
print(result) # {"allow": false, "level": 4, "reason": "DAN-4 catastrophic..."}
# Audit query
records = client.audit(session_id="lc-abc123", status="stop", limit=20)
How it works
KavachGateCallback.on_tool_start() fires before any tool execution.
It POSTs to POST /api/v1/kavach/gate on the AEGIS server.
- DAN-1/2: allowed immediately, logged.
- DAN-3: notify approver via Telegram/WhatsApp, wait for ALLOW/STOP.
- DAN-4: blocked immediately,
KavachGateErrorraised.
All policy is in AEGIS — the callback is a thin HTTP relay.
AEGIS server
Run with: bun /root/aegis/src/dashboard/server.ts
Default port: 4850
Gate endpoint: POST /api/v1/kavach/gate
License
AGPL-3.0 — see LICENSE.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file xshieldai_langchain-1.0.0.tar.gz.
File metadata
- Download URL: xshieldai_langchain-1.0.0.tar.gz
- Upload date:
- Size: 5.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
6e6a7229c44cd90c196920f47a0f28b176df627e42c54e957be8e492fb6c6001
|
|
| MD5 |
3319cf2a624380ba5009f57297598099
|
|
| BLAKE2b-256 |
3fca83691745f386ba95a42083fcdd7e64d231da7c984ee7ae322dcd02251437
|
File details
Details for the file xshieldai_langchain-1.0.0-py3-none-any.whl.
File metadata
- Download URL: xshieldai_langchain-1.0.0-py3-none-any.whl
- Upload date:
- Size: 6.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
d606b2c73e0391416db69e07181b1457bca8001c923c86c03fa5be9a2c96707f
|
|
| MD5 |
1ba8436582e1081ae665d6a140741cb7
|
|
| BLAKE2b-256 |
339ef4c8fd7494effbef97b99a6c24be533a7986b16e62fe102856fb1c11cd76
|
