agentguard-eu 0.1.0__tar.gz

agentguard_eu-0.1.0/.gitignore

@@ -0,0 +1,52 @@
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[cod]
+*$py.class
+
+# Distribution / packaging
+dist/
+build/
+*.egg-info/
+*.egg
+
+# Virtual environments
+.venv/
+venv/
+env/
+
+# Testing
+.pytest_cache/
+.coverage
+htmlcov/
+.tox/
+.nox/
+examples/generate_sample_data.py
+
+# Type checking
+.mypy_cache/
+
+# Linting
+.ruff_cache/
+
+# IDEs
+.vscode/
+.idea/
+*.swp
+*.swo
+*~
+
+# Environment variables
+.env
+.env.local
+
+# OS files
+.DS_Store
+Thumbs.db
+
+# AgentGuard runtime artifacts
+agentguard_audit/
+*.db
+
+# Claude Code / Playbook
+CLAUDE.md
+CLAUDE_CODE_PLAYBOOK.md

agentguard_eu-0.1.0/CHANGELOG.md

@@ -0,0 +1,28 @@
+# Changelog
+
+All notable changes to AgentGuard will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [0.1.0] - 2026-02-07
+
+### Added
+
+- Core `AgentGuard` class with three usage patterns: `invoke()`, `@compliant` decorator, `interaction()` context manager
+- EU AI Act compliance pipeline: escalation check, disclosure injection, content labeling, audit logging
+- `AuditLogger` with FILE (JSONL), SQLITE, and CUSTOM backends
+- `DisclosureManager` for Article 50 transparency (prepend, metadata, HTTP headers, C2PA assertions)
+- `HumanOversight` with confidence-based and keyword-based escalation, in-memory review queue
+- `ComplianceReporter` generating JSON and Markdown compliance reports
+- Provider wrappers:
+  - `wrap_openai()` — OpenAI client monkey-patch (streaming + non-streaming)
+  - `wrap_azure_openai()` — Azure OpenAI client wrapper
+  - `wrap_anthropic()` — Anthropic client monkey-patch (streaming + non-streaming)
+  - `AgentGuardCallback` — LangChain `BaseCallbackHandler` for any LangChain LLM
+- Streamlit human review dashboard (`agentguard-dashboard` CLI)
+- 90 tests covering core, all wrappers, escalation, audit, and error handling
+- FastAPI integration example
+- Example scripts for OpenAI, Azure OpenAI, Anthropic, and LangChain
+
+[0.1.0]: https://github.com/Sagar-Gogineni/agentguard/releases/tag/v0.1.0

agentguard_eu-0.1.0/LICENSE

@@ -0,0 +1,15 @@
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

agentguard_eu-0.1.0/PKG-INFO

@@ -0,0 +1,459 @@
+Metadata-Version: 2.4
+Name: agentguard-eu
+Version: 0.1.0
+Summary: EU AI Act compliance middleware for AI agents. Make any LLM-powered agent legally deployable in Europe with 3 lines of code.
+Project-URL: Homepage, https://github.com/Sagar-Gogineni/agentguard
+Project-URL: Documentation, https://agentguard.dev
+Project-URL: Repository, https://github.com/Sagar-Gogineni/agentguard
+Project-URL: Issues, https://github.com/Sagar-Gogineni/agentguard/issues
+Project-URL: Changelog, https://github.com/Sagar-Gogineni/agentguard/blob/main/CHANGELOG.md
+Author: Sagar
+License-Expression: Apache-2.0
+License-File: LICENSE
+Keywords: ai-agents,ai-compliance,audit,eu-ai-act,governance,llm,middleware,transparency
+Classifier: Development Status :: 3 - Alpha
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: Apache Software License
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
+Classifier: Topic :: Scientific/Engineering :: Artificial Intelligence
+Classifier: Topic :: Software Development :: Libraries :: Python Modules
+Classifier: Typing :: Typed
+Requires-Python: >=3.10
+Requires-Dist: pydantic>=2.0
+Provides-Extra: all
+Requires-Dist: anthropic>=0.30; extra == 'all'
+Requires-Dist: langchain-core>=0.2; extra == 'all'
+Requires-Dist: langchain-openai>=0.1; extra == 'all'
+Requires-Dist: openai>=1.0; extra == 'all'
+Requires-Dist: python-dotenv>=1.0; extra == 'all'
+Requires-Dist: streamlit>=1.30; extra == 'all'
+Provides-Extra: anthropic
+Requires-Dist: anthropic>=0.30; extra == 'anthropic'
+Provides-Extra: dashboard
+Requires-Dist: streamlit>=1.30; extra == 'dashboard'
+Provides-Extra: dev
+Requires-Dist: build>=1.0; extra == 'dev'
+Requires-Dist: pytest-asyncio>=0.23; extra == 'dev'
+Requires-Dist: pytest>=8.0; extra == 'dev'
+Requires-Dist: ruff>=0.4; extra == 'dev'
+Requires-Dist: twine>=5.0; extra == 'dev'
+Provides-Extra: dotenv
+Requires-Dist: python-dotenv>=1.0; extra == 'dotenv'
+Provides-Extra: langchain
+Requires-Dist: langchain-core>=0.2; extra == 'langchain'
+Requires-Dist: langchain-openai>=0.1; extra == 'langchain'
+Provides-Extra: openai
+Requires-Dist: openai>=1.0; extra == 'openai'
+Description-Content-Type: text/markdown
+
+# 🛡️ AgentGuard
+
+**EU AI Act compliance middleware for AI agents. Make any LLM-powered agent legally deployable in Europe with 3 lines of code.**
+
+[![PyPI version](https://img.shields.io/pypi/v/agentguard-eu.svg)](https://pypi.org/project/agentguard-eu/)
+[![License: Apache 2.0](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)
+[![Python 3.10+](https://img.shields.io/badge/python-3.10+-blue.svg)](https://www.python.org/downloads/)
+
+---
+
+## The Problem
+
+Starting **August 2, 2026**, every company deploying AI systems in the EU must comply with the [EU AI Act](https://artificialintelligenceact.eu/) — or face fines up to **€35M or 7% of global turnover**.
+
+There are hundreds of AI agent frameworks on GitHub. Almost none of them can be legally deployed in Europe.
+
+AgentGuard fixes that. It's a lightweight middleware that wraps any AI agent or LLM call with the compliance layer required by the EU AI Act:
+
+| EU AI Act Requirement | Article | AgentGuard Feature |
+|---|---|---|
+| Users must know they're talking to AI | Art. 50(1) | Automatic disclosure injection |
+| AI content must be machine-readable labeled | Art. 50(2) | Content labeling (C2PA-compatible) |
+| Interactions must be logged and auditable | Art. 12 | Structured audit logging (file/SQLite) |
+| Human oversight must be possible | Art. 14 | Automatic escalation + review queue |
+| System must be documented | Art. 11, 18 | Auto-generated compliance reports |
+
+## Quick Start
+
+```bash
+pip install agentguard-eu
+```
+
+```python
+from agentguard import AgentGuard
+
+# 1. Initialize with your system details
+guard = AgentGuard(
+    system_name="customer-support-bot",
+    provider_name="my-provider",
+    risk_level="limited",
+)
+
+# 2. Wrap any LLM function
+result = guard.invoke(
+    func=my_llm_function,       # Your existing AI function
+    input_text="What is your return policy?",
+    user_id="customer-42",
+)
+
+# 3. Everything is now compliant
+print(result["response"])         # AI response with disclosure
+print(result["interaction_id"])   # Unique audit trail ID
+print(result["disclosure"])       # HTTP headers for Article 50
+print(result["content_label"])    # Machine-readable content label
+print(result["escalated"])        # Whether human review was triggered
+```
+
+**That's it.** Your existing AI code doesn't change. AgentGuard wraps it.
+
+## Three Ways to Use
+
+### 1. `guard.invoke()` — Wrap any function call
+
+```python
+result = guard.invoke(
+    func=lambda q: openai_client.chat.completions.create(
+        model="gpt-4", messages=[{"role": "user", "content": q}]
+    ).choices[0].message.content,
+    input_text="Hello!",
+    user_id="user-123",
+    model="gpt-4",
+    confidence=0.92,
+)
+```
+
+### 2. `@guard.compliant` — Decorator
+
+```python
+@guard.compliant(model="gpt-4")
+def ask_support(query: str) -> str:
+    return openai_client.chat.completions.create(...).choices[0].message.content
+
+result = ask_support("Do you ship internationally?", user_id="user-456")
+```
+
+### 3. `guard.interaction()` — Context manager
+
+```python
+with guard.interaction(user_id="user-789") as ctx:
+    response = my_complex_agent.run("Analyze this contract")
+    ctx.record(
+        input_text="Analyze this contract",
+        output_text=response,
+        confidence=0.45,
+    )
+    # Low confidence + keyword "contract" → auto-escalated
+```
+
+## Human Oversight (Article 14)
+
+AgentGuard automatically detects when interactions should be reviewed by a human:
+
+```python
+guard = AgentGuard(
+    system_name="my-bot",
+    provider_name="my-provider",
+    human_escalation="low_confidence",
+    confidence_threshold=0.7,
+    sensitive_keywords=["legal", "medical", "financial advice"],
+    block_on_escalation=True,  # Block response until human approves
+)
+
+# Check pending reviews
+for review in guard.pending_reviews:
+    print(f"Needs review: {review['reason']}")
+
+# Approve or reject
+guard.oversight.approve(interaction_id)
+guard.oversight.reject(interaction_id, reason="Inaccurate response")
+```
+
+## Compliance Reports (Articles 11, 18)
+
+Generate audit documentation with one line:
+
+```python
+# JSON report
+guard.generate_report("compliance_report.json")
+
+# Markdown report (for human reading)
+print(guard.generate_report_markdown())
+```
+
+Reports include: system identification, transparency configuration, human oversight settings, interaction statistics, and escalation history.
+
+## Provider Wrappers
+
+Zero-effort compliance for popular LLM clients — wrap once, every call is compliant.
+
+### OpenAI
+
+```bash
+pip install "agentguard-eu[openai]"
+```
+
+```python
+from agentguard import AgentGuard, wrap_openai
+from openai import OpenAI
+
+guard = AgentGuard(system_name="my-bot", provider_name="my-provider")
+client = wrap_openai(OpenAI(), guard)
+
+# Every call is now compliant — logged, disclosed, escalation-checked
+response = client.chat.completions.create(
+    model="gpt-4",
+    messages=[{"role": "user", "content": "Hello!"}],
+)
+print(response.choices[0].message.content)  # unchanged
+print(response._agentguard["interaction_id"])  # compliance metadata
+```
+
+Streaming works too — chunks yield in real-time, compliance runs after the stream completes:
+
+```python
+stream = client.chat.completions.create(
+    model="gpt-4",
+    messages=[{"role": "user", "content": "Hello!"}],
+    stream=True,
+)
+for chunk in stream:
+    if chunk.choices and chunk.choices[0].delta.content:
+        print(chunk.choices[0].delta.content, end="")
+print(stream._agentguard)  # available after iteration
+```
+
+### Azure OpenAI
+
+```bash
+pip install "agentguard-eu[openai]"
+```
+
+```python
+from agentguard import AgentGuard, wrap_azure_openai
+from openai import AzureOpenAI
+
+guard = AgentGuard(system_name="my-bot", provider_name="my-provider")
+client = wrap_azure_openai(
+    AzureOpenAI(
+        azure_endpoint="https://my-resource.openai.azure.com",
+        api_version="2024-02-01",
+        api_key="...",
+    ),
+    guard,
+)
+
+response = client.chat.completions.create(
+    model="my-deployment",
+    messages=[{"role": "user", "content": "Hello!"}],
+)
+```
+
+### Anthropic
+
+```bash
+pip install "agentguard-eu[anthropic]"
+```
+
+```python
+from agentguard import AgentGuard, wrap_anthropic
+from anthropic import Anthropic
+
+guard = AgentGuard(system_name="my-bot", provider_name="my-provider")
+client = wrap_anthropic(Anthropic(), guard)
+
+message = client.messages.create(
+    model="claude-sonnet-4-5-20250929",
+    max_tokens=1024,
+    messages=[{"role": "user", "content": "Hello!"}],
+)
+print(message.content[0].text)  # unchanged
+print(message._agentguard["interaction_id"])  # compliance metadata
+```
+
+### LangChain
+
+```bash
+pip install "agentguard-eu[langchain]"
+```
+
+```python
+from agentguard import AgentGuard, AgentGuardCallback
+from langchain_openai import ChatOpenAI  # or AzureChatOpenAI, ChatAnthropic, etc.
+
+guard = AgentGuard(system_name="my-bot", provider_name="my-provider")
+callback = AgentGuardCallback(guard, user_id="user-123")
+llm = ChatOpenAI(model="gpt-4", callbacks=[callback])
+
+response = llm.invoke("Hello!")
+print(response.content)
+print(callback.last_result)  # compliance metadata for most recent call
+print(callback.results)      # all runs keyed by run_id
+```
+
+Works with any LangChain LLM — ChatOpenAI, AzureChatOpenAI, ChatAnthropic, and more. Streaming is also supported automatically via the callback hooks.
+
+## Audit Backends (Article 12)
+
+AgentGuard supports multiple audit backends for logging all AI interactions:
+
+### File Backend (default)
+
+Writes one JSONL file per day to the audit directory. Simple, portable, and easy to ship to external systems:
+
+```python
+guard = AgentGuard(
+    system_name="my-bot",
+    provider_name="my-provider",
+    audit_backend="file",
+    audit_path="./agentguard_audit",
+)
+# Logs go to ./agentguard_audit/audit_2026-02-07.jsonl
+```
+
+### SQLite Backend
+
+Local SQLite database with built-in querying and statistics. Required for the dashboard and compliance report statistics:
+
+```python
+guard = AgentGuard(
+    system_name="my-bot",
+    provider_name="my-provider",
+    audit_backend="sqlite",
+    audit_path="./agentguard_audit",
+)
+
+# Query audit logs programmatically
+entries = guard.audit.query(
+    start_date="2026-01-01",
+    end_date="2026-02-07",
+    user_id="customer-42",
+    escalated_only=True,
+    limit=100,
+)
+
+# Get aggregate statistics
+stats = guard.audit.get_stats()
+print(stats)
+# {
+#     "total_interactions": 1234,
+#     "total_escalations": 56,
+#     "total_errors": 3,
+#     "disclosures_shown": 1231,
+#     "unique_users": 89,
+#     "avg_latency_ms": 245.3,
+# }
+```
+
+### Custom Backend
+
+Provide your own callback for integration with external logging systems (e.g., S3, BigQuery, Datadog):
+
+```python
+def my_log_handler(entry):
+    # Send to your logging infrastructure
+    requests.post("https://my-logging-api/ingest", json=entry.model_dump())
+
+guard = AgentGuard(
+    system_name="my-bot",
+    provider_name="my-provider",
+    audit_backend="custom",
+)
+# Pass custom_callback when constructing the AuditLogger directly
+```
+
+## Human Review Dashboard
+
+A Streamlit-based dashboard for Article 14 human oversight.
+
+```bash
+pip install "agentguard-eu[dashboard]"
+agentguard-dashboard --audit-path ./agentguard_audit
+```
+
+Features:
+- Compliance statistics (total interactions, escalation rate, avg confidence, avg latency)
+- Pending escalation review queue with Approve/Reject buttons
+- Full audit log browser with filters (date range, user ID, escalated only)
+- CSV export of audit data
+- Live compliance report viewer
+
+Requires the `sqlite` audit backend (`audit_backend="sqlite"`) to be enabled in your AgentGuard configuration. The dashboard connects directly to the SQLite audit database.
+
+## FastAPI Integration
+
+See [examples/fastapi_example.py](examples/fastapi_example.py) for a complete API with:
+- Compliant `/chat` endpoint with automatic headers
+- `/compliance/report` endpoint
+- `/compliance/pending-reviews` for human oversight
+- Approve/reject endpoints for review queue
+
+## Configuration
+
+```python
+guard = AgentGuard(
+    # Identity (Article 16)
+    system_name="my-ai-system",
+    provider_name="My Company GmbH",
+    risk_level="limited",           # "minimal", "limited", or "high"
+    intended_purpose="Customer support chatbot",
+
+    # Transparency (Article 50)
+    disclosure_method="metadata",   # "prepend", "metadata", or "header"
+    label_content=True,             # Machine-readable content labels
+
+    # Audit (Article 12)
+    audit_backend="sqlite",         # "file", "sqlite", or "custom"
+    audit_path="./audit_logs",
+    log_inputs=True,
+    log_outputs=True,
+    retention_days=365,
+
+    # Human Oversight (Article 14)
+    human_escalation="low_confidence",  # "never", "low_confidence", "sensitive_topic", "always_review"
+    confidence_threshold=0.7,
+    sensitive_keywords=["legal", "medical", "financial"],
+    escalation_callback=my_slack_notifier,  # Optional: get notified
+    block_on_escalation=False,
+)
+```
+
+## What AgentGuard is NOT
+
+- ❌ Not a legal compliance guarantee (consult qualified legal professionals)
+- ❌ Not an AI agent framework (use LangGraph, CrewAI, etc. — then wrap with AgentGuard)
+- ❌ Not a replacement for a full conformity assessment (required for high-risk systems)
+- ✅ A practical engineering tool that covers the technical requirements
+
+## EU AI Act Timeline
+
+| Date | Milestone |
+|------|-----------|
+| Feb 2025 | Prohibited AI practices banned |
+| Aug 2025 | GPAI model rules in effect |
+| **Aug 2026** | **Full enforcement: transparency, high-risk obligations, Article 50** |
+| Aug 2027 | Remaining provisions for product-embedded AI |
+
+**AgentGuard targets the August 2026 deadline** — the biggest compliance milestone for most companies.
+
+## Contributing
+
+Contributions welcome! See [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines.
+
+Priority areas:
+- Cloud audit backends (S3, BigQuery)
+- C2PA standard implementation
+- Async support (ainvoke, async wrappers)
+- Webhook notifications for escalations
+
+## License
+
+Apache 2.0 — use it freely in commercial projects.
+
+---
+
+**Built by [Sagar](https://github.com/Sagar-Gogineni)** — AI Engineer based in Berlin, specializing in enterprise AI systems and compliance.
+
+*AgentGuard: Because shipping AI agents without compliance is like shipping code without tests. You can do it, but you probably shouldn't.*