agentguardproxy 0.2.0__py3-none-any.whl

agentguard/__init__.py

@@ -0,0 +1,197 @@
+"""
+AgentGuard Python SDK
+
+Lightweight client for checking actions against AgentGuard policies.
+
+Usage:
+    from agentguard import Guard
+
+    guard = Guard("http://localhost:8080")
+    result = guard.check("shell", command="rm -rf ./data")
+
+    if result.allowed:
+        execute(command)
+    elif result.needs_approval:
+        print(f"Approve at: {result.approval_url}")
+    else:
+        print(f"Blocked: {result.reason}")
+"""
+
+import json
+import time
+from dataclasses import dataclass, field
+from typing import Optional
+from urllib import request, error
+
+
+@dataclass
+class CheckResult:
+    """Result of a policy check."""
+    decision: str
+    reason: str
+    matched_rule: str = ""
+    approval_id: str = ""
+    approval_url: str = ""
+
+    @property
+    def allowed(self) -> bool:
+        return self.decision == "ALLOW"
+
+    @property
+    def denied(self) -> bool:
+        return self.decision == "DENY"
+
+    @property
+    def needs_approval(self) -> bool:
+        return self.decision == "REQUIRE_APPROVAL"
+
+
+class Guard:
+    """Client for the AgentGuard proxy."""
+
+    def __init__(self, base_url: str = "http://localhost:8080", agent_id: str = ""):
+        self.base_url = base_url.rstrip("/")
+        self.agent_id = agent_id
+
+    def check(
+        self,
+        scope: str,
+        *,
+        action: str = "",
+        command: str = "",
+        path: str = "",
+        domain: str = "",
+        url: str = "",
+        meta: Optional[dict] = None,
+    ) -> CheckResult:
+        """Check an action against the policy.
+
+        Args:
+            scope: The rule scope (filesystem, shell, network, browser, cost, data)
+            action: Action type (read, write, delete) — used with filesystem scope
+            command: Shell command string — used with shell scope
+            path: File path — used with filesystem scope
+            domain: Target domain — used with network/browser scope
+            url: Full URL — used with network scope
+            meta: Additional metadata
+
+        Returns:
+            CheckResult with the policy decision
+        """
+        payload = {
+            "scope": scope,
+            "agent_id": self.agent_id,
+        }
+        if action:
+            payload["action"] = action
+        if command:
+            payload["command"] = command
+        if path:
+            payload["path"] = path
+        if domain:
+            payload["domain"] = domain
+        if url:
+            payload["url"] = url
+        if meta:
+            payload["meta"] = meta
+
+        data = json.dumps(payload).encode("utf-8")
+        req = request.Request(
+            f"{self.base_url}/v1/check",
+            data=data,
+            headers={"Content-Type": "application/json"},
+            method="POST",
+        )
+
+        try:
+            with request.urlopen(req, timeout=5) as resp:
+                body = json.loads(resp.read())
+                return CheckResult(
+                    decision=body.get("decision", "DENY"),
+                    reason=body.get("reason", ""),
+                    matched_rule=body.get("matched_rule", ""),
+                    approval_id=body.get("approval_id", ""),
+                    approval_url=body.get("approval_url", ""),
+                )
+        except error.URLError as e:
+            # If AgentGuard is unreachable, default to deny (fail closed)
+            return CheckResult(
+                decision="DENY",
+                reason=f"AgentGuard unreachable: {e}",
+            )
+
+    def approve(self, approval_id: str) -> bool:
+        """Approve a pending action."""
+        req = request.Request(
+            f"{self.base_url}/v1/approve/{approval_id}",
+            method="POST",
+        )
+        try:
+            with request.urlopen(req, timeout=5):
+                return True
+        except error.URLError:
+            return False
+
+    def deny(self, approval_id: str) -> bool:
+        """Deny a pending action."""
+        req = request.Request(
+            f"{self.base_url}/v1/deny/{approval_id}",
+            method="POST",
+        )
+        try:
+            with request.urlopen(req, timeout=5):
+                return True
+        except error.URLError:
+            return False
+
+    def wait_for_approval(self, approval_id: str, timeout: int = 300, poll_interval: int = 2) -> CheckResult:
+        """Block until a pending action is approved or denied (or timeout)."""
+        deadline = time.time() + timeout
+        while time.time() < deadline:
+            # Poll the status endpoint for resolution
+            req = request.Request(
+                f"{self.base_url}/v1/status/{approval_id}",
+                method="GET",
+            )
+            try:
+                with request.urlopen(req, timeout=5) as resp:
+                    body = json.loads(resp.read())
+                    if body.get("status") == "resolved" and body.get("decision") in ("ALLOW", "DENY"):
+                        return CheckResult(
+                            decision=body["decision"],
+                            reason=body.get("reason", "resolved"),
+                        )
+            except error.URLError:
+                pass
+            time.sleep(poll_interval)
+
+        return CheckResult(decision="DENY", reason="Approval timed out")
+
+
+# Convenience decorator for guarding functions
+def guarded(scope: str, guard: Optional[Guard] = None, **check_kwargs):
+    """Decorator that checks policy before executing a function.
+
+    Usage:
+        guard = Guard("http://localhost:8080")
+
+        @guarded("shell", guard=guard)
+        def run_command(cmd: str):
+            os.system(cmd)
+    """
+    def decorator(func):
+        def wrapper(*args, **kwargs):
+            g = guard or Guard()
+            # Try to extract meaningful info from args
+            cmd = args[0] if args else kwargs.get("command", kwargs.get("cmd", ""))
+            result = g.check(scope, command=str(cmd), **check_kwargs)
+            if result.allowed:
+                return func(*args, **kwargs)
+            elif result.needs_approval:
+                raise PermissionError(
+                    f"Action requires approval. Approve at: {result.approval_url}"
+                )
+            else:
+                raise PermissionError(f"Action denied by AgentGuard: {result.reason}")
+        return wrapper
+    return decorator

agentguard/adapters/__init__.py

@@ -0,0 +1,8 @@
+"""AgentGuard framework adapters.
+
+Available adapters:
+    - langchain: Wraps LangChain tools with policy enforcement
+    - crewai: Wraps CrewAI tools with policy enforcement
+    - browseruse: Wraps browser-use actions with policy enforcement
+    - mcp: MCP-compatible server that enforces policies on tool calls
+"""

agentguard/adapters/browseruse.py

@@ -0,0 +1,128 @@
+"""
+AgentGuard browser-use Adapter
+
+Wraps browser-use actions so navigation, clicks, and form inputs pass through
+AgentGuard policy checks before execution.
+
+Usage:
+    from agentguard.adapters.browseruse import GuardedBrowser
+
+    browser = GuardedBrowser(
+        guard_url="http://localhost:8080",
+        agent_id="my-browser-agent",
+    )
+
+    # Check before navigating
+    result = browser.check_navigation("https://example.com")
+    if result.allowed:
+        await page.goto("https://example.com")
+"""
+
+from typing import Any, Optional
+from urllib.parse import urlparse
+from agentguard import Guard, CheckResult
+
+
+class GuardedBrowser:
+    """Policy-enforced wrapper for browser-use automation.
+
+    browser-use exposes a Browser/BrowserContext that agents drive. This class
+    provides guard methods that should be called before performing browser actions.
+    It can also wrap a browser-use Browser instance to intercept calls automatically.
+    """
+
+    def __init__(
+        self,
+        guard: Optional[Guard] = None,
+        guard_url: str = "http://localhost:8080",
+        agent_id: str = "",
+        browser: Any = None,
+    ):
+        self._guard = guard or Guard(guard_url, agent_id=agent_id)
+        self._browser = browser
+
+    def check_navigation(self, url: str) -> CheckResult:
+        """Check if navigation to a URL is allowed by policy."""
+        domain = ""
+        try:
+            parsed = urlparse(url)
+            domain = parsed.hostname or ""
+        except Exception:
+            pass
+
+        return self._guard.check("browser", url=url, domain=domain)
+
+    def check_action(self, action: str, target: str = "", meta: Optional[dict] = None) -> CheckResult:
+        """Check a browser action (click, type, etc.) against policy.
+
+        Args:
+            action: The action type (e.g., "click", "type", "screenshot")
+            target: The target selector or URL
+            meta: Additional context
+        """
+        return self._guard.check(
+            "browser",
+            command=f"{action} {target}".strip(),
+            meta=meta,
+        )
+
+    def check_form_input(self, url: str, field_name: str, value: str) -> CheckResult:
+        """Check if typing into a form field is allowed.
+
+        This is useful for preventing PII or credential leakage into web forms.
+        """
+        domain = ""
+        try:
+            parsed = urlparse(url)
+            domain = parsed.hostname or ""
+        except Exception:
+            pass
+
+        return self._guard.check(
+            "data",
+            domain=domain,
+            command=f"input:{field_name}",
+            meta={"field": field_name, "url": url},
+        )
+
+    def wrap_page(self, page: Any) -> "GuardedPage":
+        """Wrap a browser-use Page object with policy enforcement.
+
+        Returns a GuardedPage that intercepts goto() and other navigation methods.
+        """
+        return GuardedPage(page, self._guard)
+
+
+class GuardedPage:
+    """Wraps a browser-use Page to enforce policies on navigation."""
+
+    def __init__(self, page: Any, guard: Guard):
+        self._page = page
+        self._guard = guard
+
+    async def goto(self, url: str, **kwargs) -> Any:
+        """Navigate to a URL after policy check."""
+        domain = ""
+        try:
+            parsed = urlparse(url)
+            domain = parsed.hostname or ""
+        except Exception:
+            pass
+
+        result = self._guard.check("browser", url=url, domain=domain)
+
+        if result.allowed:
+            return await self._page.goto(url, **kwargs)
+        elif result.needs_approval:
+            raise PermissionError(
+                f"[AgentGuard] Navigation requires approval. "
+                f"Approve at: {result.approval_url}"
+            )
+        else:
+            raise PermissionError(
+                f"[AgentGuard] Navigation denied: {result.reason}"
+            )
+
+    def __getattr__(self, name: str) -> Any:
+        """Proxy all other attributes to the wrapped page."""
+        return getattr(self._page, name)

agentguard/adapters/crewai.py

@@ -0,0 +1,134 @@
+"""
+AgentGuard CrewAI Adapter
+
+Wraps CrewAI tools so every invocation passes through AgentGuard policy checks.
+
+Usage:
+    from agentguard.adapters.crewai import GuardedCrewTool, guard_crew_tools
+
+    # Wrap a single tool
+    guarded = GuardedCrewTool(my_tool, guard_url="http://localhost:8080")
+
+    # Wrap all tools for a crew
+    tools = guard_crew_tools(
+        tools=[tool_a, tool_b],
+        guard_url="http://localhost:8080",
+        agent_id="my-crew-agent",
+    )
+"""
+
+from typing import Any, List, Optional
+from agentguard import Guard
+
+
+class GuardedCrewTool:
+    """Wraps a CrewAI BaseTool with AgentGuard policy enforcement.
+
+    CrewAI tools implement a `_run` method and expose `name` and `description`.
+    This wrapper intercepts `_run` and `run` to check the policy first.
+    """
+
+    def __init__(
+        self,
+        tool: Any,
+        guard: Optional[Guard] = None,
+        guard_url: str = "http://localhost:8080",
+        agent_id: str = "",
+        scope: str = "shell",
+    ):
+        self._tool = tool
+        self._guard = guard or Guard(guard_url, agent_id=agent_id)
+        self._scope = scope
+
+        # Preserve original tool metadata
+        self.name = getattr(tool, "name", type(tool).__name__)
+        self.description = getattr(tool, "description", "")
+        if hasattr(tool, "args_schema"):
+            self.args_schema = tool.args_schema
+
+    def _infer_scope(self, tool_input: Any) -> str:
+        """Infer scope from the tool input."""
+        combined = f"{self.name} {self.description}".lower()
+        if any(kw in combined for kw in ["http", "api", "fetch", "request", "url", "web"]):
+            return "network"
+        if any(kw in combined for kw in ["file", "read", "write", "directory", "path"]):
+            return "filesystem"
+        if any(kw in combined for kw in ["browser", "navigate", "click", "page"]):
+            return "browser"
+        return self._scope
+
+    def _extract_check_params(self, tool_input: Any) -> dict:
+        """Extract parameters for the policy check from tool input."""
+        params = {}
+        if isinstance(tool_input, str):
+            params["command"] = tool_input
+        elif isinstance(tool_input, dict):
+            if "command" in tool_input or "cmd" in tool_input:
+                params["command"] = tool_input.get("command", tool_input.get("cmd", ""))
+            if "url" in tool_input:
+                params["url"] = tool_input["url"]
+                try:
+                    from urllib.parse import urlparse
+                    parsed = urlparse(tool_input["url"])
+                    if parsed.hostname:
+                        params["domain"] = parsed.hostname
+                except Exception:
+                    pass
+            if "path" in tool_input or "file_path" in tool_input:
+                params["path"] = tool_input.get("path", tool_input.get("file_path", ""))
+        return params
+
+    def run(self, tool_input: Any = "", **kwargs) -> Any:
+        """Run the tool after checking with AgentGuard."""
+        params = self._extract_check_params(tool_input)
+        scope = self._infer_scope(tool_input)
+        result = self._guard.check(scope, **params)
+
+        if result.allowed:
+            # CrewAI tools use _run internally
+            if hasattr(self._tool, "_run"):
+                return self._tool._run(tool_input, **kwargs)
+            return self._tool.run(tool_input, **kwargs)
+        elif result.needs_approval:
+            return (
+                f"[AgentGuard] Action requires approval. "
+                f"Approve at: {result.approval_url}\n"
+                f"Reason: {result.reason}"
+            )
+        else:
+            return (
+                f"[AgentGuard] Action denied.\n"
+                f"Reason: {result.reason}"
+            )
+
+    def _run(self, *args, **kwargs) -> Any:
+        """CrewAI calls _run internally."""
+        return self.run(*args, **kwargs)
+
+    def __getattr__(self, name: str) -> Any:
+        """Proxy all other attributes to the wrapped tool."""
+        return getattr(self._tool, name)
+
+
+def guard_crew_tools(
+    tools: List[Any],
+    guard_url: str = "http://localhost:8080",
+    agent_id: str = "",
+    default_scope: str = "shell",
+) -> List[GuardedCrewTool]:
+    """Wrap a list of CrewAI tools with AgentGuard enforcement.
+
+    Args:
+        tools: List of CrewAI tools to guard
+        guard_url: URL of the AgentGuard proxy
+        agent_id: Identifier for this agent in audit logs
+        default_scope: Default policy scope
+
+    Returns:
+        List of GuardedCrewTool instances
+    """
+    guard = Guard(guard_url, agent_id=agent_id)
+    return [
+        GuardedCrewTool(tool, guard=guard, scope=default_scope)
+        for tool in tools
+    ]

agentguard/adapters/langchain.py

@@ -0,0 +1,167 @@
+"""
+AgentGuard LangChain Adapter
+
+Wraps LangChain tools so every invocation passes through AgentGuard policy checks.
+
+Usage:
+    from agentguard.adapters.langchain import GuardedToolkit
+
+    toolkit = GuardedToolkit(
+        tools=my_tools,
+        guard_url="http://localhost:8080",
+        agent_id="my-langchain-agent",
+    )
+
+    agent = create_react_agent(llm, toolkit.tools, prompt)
+"""
+
+from typing import Any, List, Optional
+from agentguard import Guard, CheckResult
+
+
+class GuardedTool:
+    """Wraps a LangChain tool with AgentGuard policy enforcement."""
+
+    def __init__(self, tool: Any, guard: Guard, scope: str = "shell"):
+        self._tool = tool
+        self._guard = guard
+        self._scope = scope
+
+        # Preserve the original tool's metadata
+        self.name = tool.name
+        self.description = tool.description
+        if hasattr(tool, "args_schema"):
+            self.args_schema = tool.args_schema
+
+    def _infer_check_params(self, tool_input: Any) -> dict:
+        """Extract meaningful parameters from tool input for policy checking."""
+        params = {}
+
+        if isinstance(tool_input, str):
+            params["command"] = tool_input
+        elif isinstance(tool_input, dict):
+            if "command" in tool_input or "cmd" in tool_input:
+                params["command"] = tool_input.get("command", tool_input.get("cmd", ""))
+            if "url" in tool_input:
+                params["url"] = tool_input["url"]
+                # Extract domain from URL
+                try:
+                    from urllib.parse import urlparse
+                    parsed = urlparse(tool_input["url"])
+                    if parsed.hostname:
+                        params["domain"] = parsed.hostname
+                except Exception:
+                    pass
+            if "path" in tool_input or "file_path" in tool_input:
+                params["path"] = tool_input.get("path", tool_input.get("file_path", ""))
+                # Infer action from tool name
+                name_lower = self.name.lower()
+                if "read" in name_lower or "get" in name_lower:
+                    params["action"] = "read"
+                elif "write" in name_lower or "save" in name_lower or "create" in name_lower:
+                    params["action"] = "write"
+                elif "delete" in name_lower or "remove" in name_lower:
+                    params["action"] = "delete"
+
+        return params
+
+    def _infer_scope(self, params: dict) -> str:
+        """Infer the appropriate policy scope from the parameters."""
+        if params.get("domain") or params.get("url"):
+            return "network"
+        if params.get("path"):
+            return "filesystem"
+        return self._scope
+
+    def run(self, tool_input: Any, **kwargs) -> Any:
+        """Run the tool after checking with AgentGuard."""
+        params = self._infer_check_params(tool_input)
+        scope = self._infer_scope(params)
+
+        result = self._guard.check(scope, **params)
+
+        if result.allowed:
+            return self._tool.run(tool_input, **kwargs)
+        elif result.needs_approval:
+            return (
+                f"[AgentGuard] Action requires approval. "
+                f"Approve at: {result.approval_url}\n"
+                f"Reason: {result.reason}"
+            )
+        else:
+            return (
+                f"[AgentGuard] Action denied.\n"
+                f"Reason: {result.reason}"
+            )
+
+    async def arun(self, tool_input: Any, **kwargs) -> Any:
+        """Async version — policy check is synchronous, tool execution is async."""
+        params = self._infer_check_params(tool_input)
+        scope = self._infer_scope(params)
+
+        result = self._guard.check(scope, **params)
+
+        if result.allowed:
+            return await self._tool.arun(tool_input, **kwargs)
+        elif result.needs_approval:
+            return (
+                f"[AgentGuard] Action requires approval. "
+                f"Approve at: {result.approval_url}\n"
+                f"Reason: {result.reason}"
+            )
+        else:
+            return (
+                f"[AgentGuard] Action denied.\n"
+                f"Reason: {result.reason}"
+            )
+
+    def __getattr__(self, name: str) -> Any:
+        """Proxy all other attributes to the wrapped tool."""
+        return getattr(self._tool, name)
+
+
+class GuardedToolkit:
+    """Wraps a list of LangChain tools with AgentGuard enforcement.
+
+    Args:
+        tools: List of LangChain tools to guard
+        guard_url: URL of the AgentGuard proxy
+        agent_id: Identifier for this agent in audit logs
+        default_scope: Default policy scope for tools that can't be auto-detected
+    """
+
+    def __init__(
+        self,
+        tools: List[Any],
+        guard_url: str = "http://localhost:8080",
+        agent_id: str = "",
+        default_scope: str = "shell",
+    ):
+        self._guard = Guard(guard_url, agent_id=agent_id)
+        self._default_scope = default_scope
+        self._tools = [
+            GuardedTool(tool, self._guard, scope=self._infer_scope(tool))
+            for tool in tools
+        ]
+
+    def _infer_scope(self, tool: Any) -> str:
+        """Try to infer the policy scope from the tool's name/description."""
+        name = getattr(tool, "name", "").lower()
+        desc = getattr(tool, "description", "").lower()
+        combined = f"{name} {desc}"
+
+        if any(kw in combined for kw in ["http", "api", "fetch", "request", "url", "web"]):
+            return "network"
+        if any(kw in combined for kw in ["file", "read", "write", "directory", "path"]):
+            return "filesystem"
+        if any(kw in combined for kw in ["browser", "navigate", "click", "page"]):
+            return "browser"
+        if any(kw in combined for kw in ["shell", "command", "exec", "terminal", "bash"]):
+            return "shell"
+
+        return self._default_scope
+
+    @property
+    def tools(self) -> List[GuardedTool]:
+        """The guarded tool list — drop-in replacement for unguarded tools."""
+        return self._tools

agentguard/adapters/mcp.py

@@ -0,0 +1,299 @@
+"""
+AgentGuard MCP (Model Context Protocol) Adapter
+
+Provides an MCP-compatible tool server that wraps existing tools with AgentGuard
+policy enforcement. This allows any MCP-compatible client (Claude Desktop,
+Cursor, etc.) to have its tool calls guarded by policy.
+
+Usage as an MCP server (stdio transport):
+
+    python -m agentguard.adapters.mcp --policy configs/default.yaml
+
+Or programmatically:
+
+    from agentguard.adapters.mcp import GuardedMCPServer
+
+    server = GuardedMCPServer(
+        guard_url="http://localhost:8080",
+        agent_id="mcp-agent",
+    )
+    server.add_tool(my_tool_definition, my_tool_handler)
+    server.run()
+
+MCP config (claude_desktop_config.json / .cursor/mcp.json):
+
+    {
+      "mcpServers": {
+        "agentguard": {
+          "command": "python",
+          "args": ["-m", "agentguard.adapters.mcp", "--guard-url", "http://localhost:8080"]
+        }
+      }
+    }
+"""
+
+import json
+import sys
+from typing import Any, Callable, Dict, List, Optional
+from agentguard import Guard, CheckResult
+
+
+class ToolDefinition:
+    """Defines an MCP tool that can be guarded."""
+
+    def __init__(
+        self,
+        name: str,
+        description: str,
+        input_schema: Optional[dict] = None,
+        scope: str = "shell",
+    ):
+        self.name = name
+        self.description = description
+        self.input_schema = input_schema or {"type": "object", "properties": {}}
+        self.scope = scope
+
+
+class GuardedMCPServer:
+    """MCP server that enforces AgentGuard policies on tool calls.
+
+    This implements the MCP stdio transport protocol. Tool calls are checked
+    against the AgentGuard proxy before execution.
+    """
+
+    def __init__(
+        self,
+        guard: Optional[Guard] = None,
+        guard_url: str = "http://localhost:8080",
+        agent_id: str = "mcp-agent",
+        server_name: str = "agentguard",
+        server_version: str = "0.2.0",
+    ):
+        self._guard = guard or Guard(guard_url, agent_id=agent_id)
+        self._tools: Dict[str, ToolDefinition] = {}
+        self._handlers: Dict[str, Callable] = {}
+        self._server_name = server_name
+        self._server_version = server_version
+
+    def add_tool(
+        self,
+        name: str,
+        description: str,
+        handler: Callable,
+        input_schema: Optional[dict] = None,
+        scope: str = "shell",
+    ):
+        """Register a tool with the MCP server.
+
+        Args:
+            name: Tool name
+            description: Human-readable description
+            handler: Function to call when the tool is invoked
+            input_schema: JSON Schema for the tool's input
+            scope: AgentGuard policy scope for this tool
+        """
+        self._tools[name] = ToolDefinition(name, description, input_schema, scope)
+        self._handlers[name] = handler
+
+    def _infer_check_params(self, tool: ToolDefinition, arguments: dict) -> dict:
+        """Extract policy-relevant parameters from tool arguments."""
+        params = {}
+
+        if "command" in arguments or "cmd" in arguments:
+            params["command"] = arguments.get("command", arguments.get("cmd", ""))
+        elif tool.scope == "shell":
+            # Use the full arguments as the command representation
+            params["command"] = f"{tool.name} {json.dumps(arguments)}"
+
+        if "url" in arguments:
+            params["url"] = arguments["url"]
+            try:
+                from urllib.parse import urlparse
+                parsed = urlparse(arguments["url"])
+                if parsed.hostname:
+                    params["domain"] = parsed.hostname
+            except Exception:
+                pass
+
+        if "path" in arguments or "file_path" in arguments:
+            params["path"] = arguments.get("path", arguments.get("file_path", ""))
+            name_lower = tool.name.lower()
+            if "read" in name_lower or "get" in name_lower:
+                params["action"] = "read"
+            elif "write" in name_lower or "save" in name_lower:
+                params["action"] = "write"
+            elif "delete" in name_lower or "remove" in name_lower:
+                params["action"] = "delete"
+
+        if "domain" in arguments:
+            params["domain"] = arguments["domain"]
+
+        return params
+
+    def _handle_request(self, request: dict) -> dict:
+        """Handle a single JSON-RPC request."""
+        method = request.get("method", "")
+        req_id = request.get("id")
+        params = request.get("params", {})
+
+        if method == "initialize":
+            return {
+                "jsonrpc": "2.0",
+                "id": req_id,
+                "result": {
+                    "protocolVersion": "2024-11-05",
+                    "serverInfo": {
+                        "name": self._server_name,
+                        "version": self._server_version,
+                    },
+                    "capabilities": {
+                        "tools": {"listChanged": False},
+                    },
+                },
+            }
+
+        if method == "tools/list":
+            tools_list = []
+            for tool in self._tools.values():
+                tools_list.append({
+                    "name": tool.name,
+                    "description": tool.description,
+                    "inputSchema": tool.input_schema,
+                })
+            return {
+                "jsonrpc": "2.0",
+                "id": req_id,
+                "result": {"tools": tools_list},
+            }
+
+        if method == "tools/call":
+            tool_name = params.get("name", "")
+            arguments = params.get("arguments", {})
+            return self._call_tool(req_id, tool_name, arguments)
+
+        if method == "notifications/initialized":
+            # Notification, no response needed
+            return None
+
+        # Unknown method
+        return {
+            "jsonrpc": "2.0",
+            "id": req_id,
+            "error": {"code": -32601, "message": f"Unknown method: {method}"},
+        }
+
+    def _call_tool(self, req_id: Any, tool_name: str, arguments: dict) -> dict:
+        """Execute a tool call with policy enforcement."""
+        if tool_name not in self._tools:
+            return {
+                "jsonrpc": "2.0",
+                "id": req_id,
+                "error": {"code": -32602, "message": f"Unknown tool: {tool_name}"},
+            }
+
+        tool = self._tools[tool_name]
+        handler = self._handlers[tool_name]
+
+        # Policy check
+        check_params = self._infer_check_params(tool, arguments)
+        scope = tool.scope
+        if check_params.get("domain") or check_params.get("url"):
+            scope = "network"
+        if check_params.get("path"):
+            scope = "filesystem"
+
+        result = self._guard.check(scope, **check_params)
+
+        if result.denied:
+            return {
+                "jsonrpc": "2.0",
+                "id": req_id,
+                "result": {
+                    "content": [
+                        {
+                            "type": "text",
+                            "text": f"[AgentGuard] Action denied: {result.reason}",
+                        }
+                    ],
+                    "isError": True,
+                },
+            }
+
+        if result.needs_approval:
+            return {
+                "jsonrpc": "2.0",
+                "id": req_id,
+                "result": {
+                    "content": [
+                        {
+                            "type": "text",
+                            "text": (
+                                f"[AgentGuard] Action requires approval.\n"
+                                f"Reason: {result.reason}\n"
+                                f"Approve at: {result.approval_url}"
+                            ),
+                        }
+                    ],
+                    "isError": True,
+                },
+            }
+
+        # Action allowed — execute the handler
+        try:
+            output = handler(**arguments) if isinstance(arguments, dict) else handler(arguments)
+            if not isinstance(output, str):
+                output = json.dumps(output, default=str)
+
+            return {
+                "jsonrpc": "2.0",
+                "id": req_id,
+                "result": {
+                    "content": [{"type": "text", "text": output}],
+                },
+            }
+        except Exception as e:
+            return {
+                "jsonrpc": "2.0",
+                "id": req_id,
+                "result": {
+                    "content": [{"type": "text", "text": f"Error: {e}"}],
+                    "isError": True,
+                },
+            }
+
+    def run(self):
+        """Run the MCP server on stdio (blocking)."""
+        for line in sys.stdin:
+            line = line.strip()
+            if not line:
+                continue
+            try:
+                request = json.loads(line)
+            except json.JSONDecodeError:
+                continue
+
+            response = self._handle_request(request)
+            if response is not None:
+                sys.stdout.write(json.dumps(response) + "\n")
+                sys.stdout.flush()
+
+
+def main():
+    """Entry point for running as `python -m agentguard.adapters.mcp`."""
+    import argparse
+
+    parser = argparse.ArgumentParser(description="AgentGuard MCP Server")
+    parser.add_argument("--guard-url", default="http://localhost:8080", help="AgentGuard proxy URL")
+    parser.add_argument("--agent-id", default="mcp-agent", help="Agent identifier")
+    args = parser.parse_args()
+
+    server = GuardedMCPServer(guard_url=args.guard_url, agent_id=args.agent_id)
+
+    # The MCP server starts with no tools — downstream MCP proxies or
+    # configurations add tools dynamically via the protocol. For standalone
+    # usage, users import GuardedMCPServer and call add_tool().
+    server.run()
+
+
+if __name__ == "__main__":
+    main()

agentguardproxy-0.2.0.dist-info/METADATA

@@ -0,0 +1,142 @@
+Metadata-Version: 2.4
+Name: agentguardproxy
+Version: 0.2.0
+Summary: Python SDK for AgentGuard — the firewall for AI agents
+Author: AgentGuard Contributors
+License-Expression: Apache-2.0
+Project-URL: Homepage, https://github.com/Caua-ferraz/AgentGuard
+Project-URL: Repository, https://github.com/Caua-ferraz/AgentGuard
+Project-URL: Documentation, https://github.com/Caua-ferraz/AgentGuard/blob/master/docs/SETUP.md
+Project-URL: Issues, https://github.com/Caua-ferraz/AgentGuard/issues
+Keywords: ai,agents,firewall,policy,guardrails,safety
+Classifier: Development Status :: 3 - Alpha
+Classifier: Intended Audience :: Developers
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.8
+Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
+Classifier: Topic :: Security
+Classifier: Topic :: Software Development :: Libraries
+Requires-Python: >=3.8
+Description-Content-Type: text/markdown
+Provides-Extra: langchain
+Requires-Dist: langchain>=0.1.0; extra == "langchain"
+Provides-Extra: crewai
+Requires-Dist: crewai>=0.1.0; extra == "crewai"
+Provides-Extra: browser-use
+Requires-Dist: browser-use>=0.1.0; extra == "browser-use"
+Provides-Extra: mcp
+Provides-Extra: all
+Requires-Dist: langchain>=0.1.0; extra == "all"
+Requires-Dist: crewai>=0.1.0; extra == "all"
+Requires-Dist: browser-use>=0.1.0; extra == "all"
+
+# AgentGuard Python SDK
+
+Lightweight Python client for [AgentGuard](https://github.com/Caua-ferraz/AgentGuard) — the firewall for AI agents.
+
+## Install
+
+```bash
+pip install agentguard
+
+# With framework adapters
+pip install agentguard[langchain]
+pip install agentguard[crewai]
+pip install agentguard[browser-use]
+pip install agentguard[all]
+```
+
+## Quick Start
+
+```python
+from agentguard import Guard
+
+guard = Guard("http://localhost:8080", agent_id="my-agent")
+
+# Check before executing
+result = guard.check("shell", command="rm -rf ./old_data")
+
+if result.allowed:
+    execute(command)
+elif result.needs_approval:
+    print(f"Approve at: {result.approval_url}")
+else:
+    print(f"Blocked: {result.reason}")
+```
+
+## Framework Adapters
+
+### LangChain
+
+```python
+from agentguard.adapters.langchain import GuardedToolkit
+
+toolkit = GuardedToolkit(
+    tools=my_tools,
+    guard_url="http://localhost:8080",
+    agent_id="langchain-agent",
+)
+
+agent = create_react_agent(llm, toolkit.tools, prompt)
+```
+
+### CrewAI
+
+```python
+from agentguard.adapters.crewai import guard_crew_tools
+
+guarded_tools = guard_crew_tools(
+    tools=my_crew_tools,
+    guard_url="http://localhost:8080",
+    agent_id="crew-agent",
+)
+```
+
+### browser-use
+
+```python
+from agentguard.adapters.browseruse import GuardedBrowser
+
+browser = GuardedBrowser(guard_url="http://localhost:8080")
+
+result = browser.check_navigation("https://example.com")
+if result.allowed:
+    await page.goto("https://example.com")
+```
+
+### MCP
+
+```python
+from agentguard.adapters.mcp import GuardedMCPServer
+
+server = GuardedMCPServer(guard_url="http://localhost:8080")
+server.add_tool("my_tool", "Description", handler=my_handler)
+server.run()  # Starts stdio MCP server
+```
+
+## API Reference
+
+### `Guard(base_url, agent_id="")`
+- `check(scope, *, action, command, path, domain, url, meta)` — Check an action against policy
+- `approve(approval_id)` — Approve a pending action
+- `deny(approval_id)` — Deny a pending action
+- `wait_for_approval(approval_id, timeout=300)` — Block until resolved
+
+### `CheckResult`
+- `.allowed` — True if action is permitted
+- `.denied` — True if action is blocked
+- `.needs_approval` — True if human approval required
+- `.decision` — Raw decision string
+- `.reason` — Explanation
+- `.approval_url` — URL to approve (when applicable)
+
+### `@guarded(scope, guard=None)` decorator
+Wraps a function so it's checked before execution.
+
+## License
+
+Apache 2.0

agentguardproxy-0.2.0.dist-info/RECORD

@@ -0,0 +1,10 @@
+agentguard/__init__.py,sha256=if1mgAiWmE9conpqQymOVRYSWk8EDCeZBfRhJAgrBpg,6299
+agentguard/adapters/__init__.py,sha256=skMoDik_MG99VgzU_rprUlqMWPY6wbD6xENTE47PNaY,317
+agentguard/adapters/browseruse.py,sha256=7BLdvVWzyNDUTHU8viV3Z9uh2UtnxCB9SJ3xToOJIds,4022
+agentguard/adapters/crewai.py,sha256=5uxp1mP39JxVhbDj1td6dPgUKFdJU100L1xgpti70QQ,4733
+agentguard/adapters/langchain.py,sha256=YFSWeQtdevBx4Nmed1l1W7vL7AytbbylIst34yvBX5g,6052
+agentguard/adapters/mcp.py,sha256=j0ZGFXioMQ3pou5vijaBxkI-ZuWYtwzdAeD4rEXXqSQ,9856
+agentguardproxy-0.2.0.dist-info/METADATA,sha256=ba2uyeMjHKZTV-6FZl7_8Okb8yNI3_kRuIP6QaCKow0,4144
+agentguardproxy-0.2.0.dist-info/WHEEL,sha256=aeYiig01lYGDzBgS8HxWXOg3uV61G9ijOsup-k9o1sk,91
+agentguardproxy-0.2.0.dist-info/top_level.txt,sha256=rEW5sAnjxXRs63ja2psmsMRMJJfi_3EAxf7crl1nHyw,11
+agentguardproxy-0.2.0.dist-info/RECORD,,

agentguardproxy-0.2.0.dist-info/WHEEL

@@ -0,0 +1,5 @@
+Wheel-Version: 1.0
+Generator: setuptools (82.0.1)
+Root-Is-Purelib: true
+Tag: py3-none-any
+

agentguardproxy-0.2.0.dist-info/top_level.txt

@@ -0,0 +1 @@
+agentguard