Metadata-Version: 2.4
Name: armor-ai
Version: 0.10.3
Summary: A defense-in-depth security layer for LLM agents
Project-URL: Homepage, https://github.com/tkdtaylor/armor
Project-URL: Source, https://github.com/tkdtaylor/armor
Project-URL: Documentation, https://github.com/tkdtaylor/armor#readme
Project-URL: Issues, https://github.com/tkdtaylor/armor/issues
Author-email: Kevin Taylor <tools@taylorguard.me>
License: PolyForm Noncommercial License 1.0.0
License-File: LICENSE
Classifier: Development Status :: 4 - Beta
Classifier: Intended Audience :: Developers
Classifier: License :: Other/Proprietary License
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.12
Classifier: Programming Language :: Python :: 3.13
Classifier: Topic :: Security
Requires-Python: >=3.12
Requires-Dist: cryptography>=48.0.0
Requires-Dist: llama-cpp-python>=0.2.45
Requires-Dist: onnxruntime>=1.20.0
Requires-Dist: pyahocorasick>=2.3.1
Requires-Dist: pyyaml>=6.0.3
Requires-Dist: rich>=15.0.0
Requires-Dist: transformers>=4.40.0
Provides-Extra: dev
Requires-Dist: huggingface-hub>=0.24.0; extra == 'dev'
Requires-Dist: hypothesis>=6.152.4; extra == 'dev'
Requires-Dist: mypy>=1.20.2; extra == 'dev'
Requires-Dist: onnxruntime>=1.20.0; extra == 'dev'
Requires-Dist: pre-commit>=4.6.0; extra == 'dev'
Requires-Dist: psutil>=6.0.0; extra == 'dev'
Requires-Dist: pytest-asyncio>=0.23.0; extra == 'dev'
Requires-Dist: pytest-cov>=7.1.0; extra == 'dev'
Requires-Dist: pytest>=9.0.3; extra == 'dev'
Requires-Dist: ruff>=0.15.12; extra == 'dev'
Requires-Dist: transformers>=4.40.0; extra == 'dev'
Description-Content-Type: text/markdown

# armor

`armor` is the Python package and CLI for the broader armor project, a
defense-in-depth security layer for LLM agents. It sits between your agent and
its inputs, outputs, and tool calls, then blocks common prompt injection,
canary exfiltration, obfuscation, jailbreak, tool-abuse, and multi-turn attack
patterns before they reach the user or host tools.

This package is published as `armor-ai` because the bare `armor` package name is
used by an unrelated project. The Python import name and CLI remain `armor`.

## Install

```bash
pip install armor-ai
```

Start the daemon:

```bash
armor daemon --socket /tmp/armor.sock --db /tmp/armor.db
```

Run a quick input check:

```bash
echo "ignore previous instructions" | armor check input --socket /tmp/armor.sock --session-id demo
```

## Python SDK

```python
from armor import ArmorClient

client = ArmorClient(socket_path="/tmp/armor.sock")
verdict = client.check_input("ignore previous instructions", session_id="demo")

if verdict.blocked:
    print("blocked")
```

Async clients and integration examples for Anthropic, OpenAI, LangChain, Claude
Code hooks, and custom agents are available in the project repository. The
repository also contains the Docker path, architecture docs, full spec, and
maintainer workflows; this PyPI page focuses on the installable Python package.

## What armor checks

- User input: instruction overrides, jailbreak templates, encoding requests,
  prompt-injection phrasing, and topic shifts.
- Model output: canary leakage, encoded payloads, suspicious destinations,
  entropy spikes, and multi-turn partial exfiltration.
- Tool calls: parameter-schema violations, dangerous shell commands, command
  injection patterns, rate anomalies, and tool-chain abuse.
- Sessions: rolling risk scoring, state escalation, cooldown, and operator
  unblock audit records.

## Preview status

`armor` is a public preview, not a v1.0 production guarantee. The core daemon,
CLI, SDK, Docker path, detector pipeline, and forensic logging are implemented,
but v1.0 readiness still requires broader external validation, real-service SDK
example verification, and additional detection-floor evidence.

Important limitations:

- It defends in-band prompt and tool-call attacks, not host compromise.
- The validator LLM fails open on timeout to protect availability.
- The evaluation corpus is English-heavy.
- There is no built-in web UI.
- It assumes one trusted-agent-fleet boundary per daemon.

## Project links

- Source and documentation: https://github.com/tkdtaylor/armor
- Issues: https://github.com/tkdtaylor/armor/issues
- Security policy: https://github.com/tkdtaylor/armor/security/policy
- Architecture overview: https://github.com/tkdtaylor/armor/blob/main/docs/architecture/overview.md
- Specification: https://github.com/tkdtaylor/armor/blob/main/docs/spec/SPEC.md

## License

armor is licensed under the PolyForm Noncommercial License 1.0.0.

Commercial use requires a separate commercial license. Contact
licensing@taylorguard.me.
