Metadata-Version: 2.4
Name: intercept-ai
Version: 0.3.0
Summary: Runtime enforcement layer for autonomous AI agents — intercepts tool calls, classifies risk, enforces policies, and controls execution.
Project-URL: Homepage, https://github.com/intercept-ai/intercept-ai
Project-URL: Repository, https://github.com/intercept-ai/intercept-ai
Author: interceptor contributors
License-Expression: MIT
License-File: LICENSE
Keywords: agents,ai,enforcement,policy,safety,tools
Classifier: Development Status :: 4 - Beta
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: MIT License
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Topic :: Security
Classifier: Topic :: Software Development :: Libraries
Classifier: Typing :: Typed
Requires-Python: >=3.10
Requires-Dist: pydantic>=2.0
Requires-Dist: pyyaml>=6.0
Requires-Dist: rich>=13.0
Provides-Extra: dev
Requires-Dist: build; extra == 'dev'
Requires-Dist: langchain-core; extra == 'dev'
Requires-Dist: pytest-asyncio; extra == 'dev'
Requires-Dist: pytest>=7.0; extra == 'dev'
Requires-Dist: twine; extra == 'dev'
Provides-Extra: langchain
Requires-Dist: langchain-core; extra == 'langchain'
Description-Content-Type: text/markdown

# Interceptor

> Runtime enforcement layer for autonomous AI agents.

Interceptor intercepts tool calls before execution and applies **policy enforcement**, **risk classification**, **role-based approval**, and **execution control** — so your AI agents never run unchecked.

## Installation

```bash
pip install intercept-ai
```

### Optional Integrations

```bash
# For LangChain support
pip install "intercept-ai[langchain]"
```

Or install from source:

```bash
git clone https://github.com/interceptor/interceptor.git
cd interceptor
pip install -e ".[dev]"
```

## Quick Start

```python
from interceptor import Interceptor

guard = Interceptor(mode="strict")

decision = guard.run(
    tool_name="delete_file",
    args={"path": "/tmp/data.csv"},
    user_role="user",
)

print(decision.allowed)       # False
print(decision.risk_level)    # HIGH
print(decision.decision)      # blocked
```

Console output:

```
┌──────────── INTERCEPTOR ────────────┐
│ Risk:     HIGH                      │
│ Mode:     strict                    │
│ Decision: blocked                   │
│ Intent:   Agent intends to call     │
│           delete_file with          │
│           path=/tmp/data.csv        │
│ Reason:   HIGH risk action requires │
│           admin approval.           │
└─────────────────────────────────────┘
```

## Strict Mode

```python
guard = Interceptor(mode="strict")

# HIGH  → blocked (unless admin)
# MEDIUM → confirmation required
# LOW   → allowed
```

## Balanced Mode

```python
guard = Interceptor(mode="balanced")

# HIGH   → confirmation required
# MEDIUM → allowed with warning
# LOW    → allowed
```

## Observe Mode

```python
guard = Interceptor(mode="observe")

# Never blocks — logs risk and intent only
```

## YAML Policy

Create a `policy.yaml`:

```yaml
tools:
  delete_file:
    risk: HIGH
  write_file:
    risk: MEDIUM

keywords:
  - drop
  - overwrite
```

Load it:

```python
guard = Interceptor(mode="strict", policy_path="policy.yaml")
```

## Role-Based Approval

```python
# Blocked for regular users
decision = guard.run("delete_file", {"path": "/data"}, user_role="user")
assert not decision.allowed

# Allowed for admins
decision = guard.run("delete_file", {"path": "/data"}, user_role="admin")
assert decision.allowed
```

## Override Tokens

```python
token = guard.generate_override_token()

decision = guard.run(
    "delete_file",
    {"path": "/data"},
    user_role="user",
    override_token=token,
)
assert decision.allowed  # one-time bypass
```

## LangChain Integration

Secure any LangChain tool in one line:

```python
from langchain_core.tools import tool
from interceptor import Interceptor
from interceptor.integrations.langchain import InterceptedTool

@tool
def delete_database(db_name: str):
    """Deletes a database."""
    return f"Deleted {db_name}"

guard = Interceptor(mode="strict")
safe_tool = InterceptedTool(tool=delete_database, guard=guard)

# If an agent tries to call this without admin role:
# result = "Error: This action was BLOCKED by security policy..."
```

## Async Support

Interceptor supports `async def` tool calls and asynchronous confirmation callbacks.

```python
@intercept(guard)
async def async_tool(data: str):
    await some_io_operation(data)

# Or manually
decision = await guard.arun("tool_name", {"arg": "val"})
```

## Session Reports

Get an intelligent summary of your agent's behavior at the end of a session:

```python
guard.print_report()
```

This generates a colorful terminal dashboard with an **Agent Score**, threats caught, and smart tips to save LLM tokens.

## License

MIT
