NeuroAgent AI

Enterprise Security

RBAC, audit logging, secret masking, and sandboxed command execution as standalone primitives you can wire into your trust boundaries.

from neuroagent import RBAC, AuditLog, SecretStore, Sandbox

# Role-based access control (supports "*" and "ns:*" wildcards)
rbac = RBAC()
rbac.define_role("analyst", {"db:read", "api:get"})
rbac.assign("amit", "analyst")
rbac.require("amit", "db:read")          # raises SecurityError if not permitted

# Append-only audit log (optional JSONL file sink)
audit = AuditLog(sink_path="audit.jsonl")
audit.record("amit", "db:query", resource="customers", rows=42)

# Secret resolution + masking (encryption via the [security] extra)
secrets = SecretStore({"API_KEY": "sk-supersecret-1234"})
print(secrets.masked("API_KEY"))         # ***************1234

# Command policy guard for shell/code/SQL tools
sandbox = Sandbox(allow=["ls", "cat"])
sandbox.check("rm -rf /")                # raises SecurityError
Database and API agents are read-only by default; pair them with RBAC and AuditLog when exposing write access to an agent.