Metadata-Version: 2.4
Name: kaizen-security
Version: 0.1.2
Summary: Pluggable enforcement for AI agent actions. Inspect every tool call and block known-bad.
Author: Kaizen Security
License: Apache-2.0
Project-URL: Homepage, https://getkaizen.io
Project-URL: Documentation, https://docs.getkaizen.io
Keywords: ai,agents,security,mcp,guardrails
Classifier: Development Status :: 3 - Alpha
Classifier: Intended Audience :: Developers
Classifier: Topic :: Security
Classifier: License :: OSI Approved :: Apache Software License
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.9
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Requires-Python: >=3.9
Description-Content-Type: text/markdown
Provides-Extra: test
Requires-Dist: pytest<9.0,>=8.0; extra == "test"
Provides-Extra: openai-agents
Requires-Dist: openai-agents>=0.1; extra == "openai-agents"
Provides-Extra: langchain
Requires-Dist: langchain-core>=0.1; extra == "langchain"
Provides-Extra: crewai
Requires-Dist: crewai>=0.1; extra == "crewai"
Provides-Extra: semantic-kernel
Requires-Dist: semantic-kernel>=1.0; extra == "semantic-kernel"
Provides-Extra: llama-index
Requires-Dist: llama-index-core>=0.10; extra == "llama-index"
Provides-Extra: pydantic-ai
Requires-Dist: pydantic-ai>=0.0.1; extra == "pydantic-ai"
Provides-Extra: opentelemetry
Requires-Dist: opentelemetry-api>=1.20; extra == "opentelemetry"

# kaizen-security

Pluggable enforcement for AI agent actions. Inspect every tool call, skill load, or outbound connection, and block the known-bad before it reaches your data. Zero runtime dependencies.

## Install

```bash
pip install kaizen-security
```

## Quickstart

```python
from kaizen_security import Kaizen

kz = Kaizen(api_key="kz_live_...")          # syncs policy from the control plane

verdict = kz.inspect(tool="clawhub2", publisher="hightower6eu", target="91.92.242.30")
if verdict.blocked:
    print(verdict.reason)                    # blocked by policy: blacklisted publisher, ...
    for f in verdict.evidence:
        print(f.kind, f.value)
```

Raise on a block instead of branching:

```python
from kaizen_security import KaizenBlocked

try:
    kz.enforce(tool="clawhub2", publisher="hightower6eu")
except KaizenBlocked as e:
    handle(e.verdict)
```

Wrap a tool function:

```python
@kz.guard
def call_tool(name, **kwargs):
    ...
```

## Run it fully local, no account

```python
from kaizen_security import Kaizen, Policy

policy = Policy(mode="blocklist", rules={
    "publishers": ["hightower6eu"],
    "ips": ["91.92.242.30"],
    "skill_patterns": [r"^clawhub[0-9]*$"],
})
kz = Kaizen(policies=[policy], report=False)
```

## The contract

`inspect(action) -> Verdict(decision, reason, evidence)` where `decision` is `allow` or `block`. Enforcement runs locally for low latency. When an `api_key` is set, the client syncs policy from the control plane and reports verdicts back for the dashboard, fire and forget so it never adds latency.

## Modes

- `blocklist`: block on a match against blacklisted publishers, IPs, domains, skill patterns, or hashes.
- `allowlist`: allow only approved publishers or tools, block the rest.
- `correlation`: flag a risky session sequence, for example a sensitive read followed by an outbound connect.
