agent-airlock

agent-airlock provides an open-source firewall for AI agents. It acts as a protective wrapper around agent function calls, stripping ghost/unauthorized arguments, enforcing strict type validation, and offering self-healing error feedback to keep interactions safe. The library exposes a decorator that can be applied to functions to guard their execution, ensuring that only approved parameters are passed and that any LLM-invented or unsafe inputs are either blocked or sanitized. Use cases include safeguarding tool calls, API interactions, or critical operations within an agent's decision loop. The quickstart shows how to install the package and decorate a function to demonstrate argument validation and safe execution. In practice, you can integrate Airlock into your agent framework to enforce RBAC, PII masking, and sandboxed execution, while benefiting from its wired-in open telemetry and observability hooks for monitoring safety compliance.

Prerequisites:

• Python 3.10+ (as indicated by the project badges) or a compatible Python runtime
• Internet access to install via pip/pipx

Installation steps:

1. Install the package (recommended via pipx to isolate the CLI and runtime):

pipx install agent-airlock

2. Alternatively, install with pip for direct use in a virtual environment:

pip install agent-airlock

3. (Optional) Verify installation and run a quick sanity check in Python:

python -c "from agent_airlock import Airlock; @Airlock()\ndef test(x: int) -> int: return x+1\nprint(test(1))" 

4. If you need to integrate with your existing tooling, review the docs for configuring the Airlock decorator, scaffolding an E2B sandbox, and enabling observability via OpenTelemetry.

Prerequisites recap:

• A Python 3.10+ environment
• Access to install packages from PyPI or via pipx
• Basic familiarity with Python decorators and function annotations

Tips and common considerations:

• Env vars: AIRLOCK_DEBUG can enable verbose logging; AIRLOCK_POLICY can point to a policy profile to customize allowed patterns and behaviors.
• If you encounter issues with argument stripping, ensure your function signatures have proper type annotations, as Airlock relies on type information for validation.
• When integrating into larger agents, consider wrapping only the sensitive calls (e.g., file operations, network requests) rather than entire decision functions to minimize performance impact.
• For production, enable OpenTelemetry observability to monitor safety events, blocked calls, and policy breaches.
• RBAC and PII masking features help tailor access controls and secret handling according to your environment. Review and adjust as needed for your use-case.
• If you see self-healing errors, these are designed to guide corrective action in prompts and calls; adjust prompts or policies to balance safety and UX.