agnes-security on PyPI.
It supports Python 3.10+ and ships sync (Agnes) and async
(AsyncAgnes) clients with full feature parity.
5-minute quickstart
decision.allowed, decision.blocked_by, decision.reasons, and
decision.request_id are the only fields you need for most
integrations. decision.raw exposes the full server response when you
need to drill down. See
Interpreting results.
Authenticate
Any of these works. The environment variable is the least invasive.Agnes-Version pinning.
Guard an LLM call
check_input uses the inbound policy; check_output automatically
flips "default-inbound" → "default-outbound". Pass any other
policy slug explicitly to override.
Build policies in code
No more hand-authoredMultiAnalyzerConfig JSON:
prompt_injection_jailbreak →
adversarial_detection_analyzer) at build() time. See
Combined analyzer for the underlying
policy schema.
Errors
.status, .code, .request_id, and .raw.
Specific classes add fields (retry_after, field_errors,
grace_period_end).
code is the canonical Agnes error code (e.g. rate_limit_exceeded,
analyzer_unavailable, validation_error); the full reference lives
under Errors. Quote request_id when filing a
support ticket so the team can correlate the exact failure on the
server side.
Service status
Real-time API health and incident history live at status.lasscyber.com. When the SDK starts seeing repeatedServerError or NetworkError exceptions,
that’s the place to check before opening a ticket. You can subscribe
to email or Slack notifications to be alerted automatically when an
incident opens or resolves.
Async
guard also has
AsyncGuard via agnes.guard(...).
Pagination
Escape hatch
If the ergonomic surface does not yet cover an endpoint you need, reach the generated low-level client directly:Sandbox mode (ak_test_* keys)
For tests and CI, mint a sandbox key. It is free, does not touch paid
upstream providers, and returns deterministic canned results keyed off
the prompt content.
OpenAI drop-in
agnes.Blocked.