Metadata-Version: 2.4
Name: fortifyos-langchain
Version: 0.1.0
Summary: FortifyOS runtime protection for LangChain and LangGraph agents — zero code changes required.
Author-email: FortifyAI <support@fortifyai.co>
License: MIT
Project-URL: Homepage, https://fortifyai.co
Project-URL: Documentation, https://fortifyai.co/docs
Project-URL: Repository, https://github.com/fortifyai/fortifyos-langchain
Project-URL: Issues, https://github.com/fortifyai/fortifyos-langchain/issues
Keywords: fortifyos,langchain,langgraph,security,ai-agent,hooks,policy,guardrails
Classifier: Development Status :: 4 - Beta
Classifier: Intended Audience :: Developers
Classifier: Intended Audience :: System Administrators
Classifier: License :: OSI Approved :: MIT License
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.9
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Programming Language :: Python :: 3.13
Classifier: Topic :: Security
Classifier: Topic :: Software Development :: Libraries :: Python Modules
Requires-Python: >=3.9
Description-Content-Type: text/markdown
License-File: LICENSE
Requires-Dist: langchain-core>=0.3
Dynamic: license-file

# fortifyos-langchain

**Runtime security for LangChain and LangGraph agents — with zero code changes.**

`fortifyos-langchain` auto-attaches the [FortifyOS](https://fortifyai.co) policy engine to every LangChain agent running in your Python environment. It intercepts LLM calls and tool invocations, runs your security policies as plain shell scripts, and allows or blocks the action based on the result.

No imports. No callback wiring. No modifications to your agent code.

---

## How It Works

```
python my_agent.py
       │
       ▼
Python auto-loads the .pth file shipped by this package
       │
       ▼
FortifyHandler attaches globally to LangChain
       │
       ▼
On every LLM call / tool call →  run matching policy script
       │
       ▼
exit 0 = ALLOW    |    exit 1 = BLOCK
```

The trick is the same one used by Datadog, Sentry, and OpenTelemetry — a Python `.pth` file inside the installed package is auto-loaded by the interpreter on startup, before any user code runs.

---

## Installation

```bash
pip install fortifyos-langchain
```

Install it into the same Python environment (system Python or venv) that you use to run your agents. That's the only requirement.

After install, every LangChain agent run by that Python is automatically protected.

---

## Policy Setup

Policies live as plain shell scripts under `~/.fortifyos/hooks/langchain/` and are mapped to lifecycle events via `~/.fortifyos/langchain.json`.

Example `~/.fortifyos/langchain.json`:

```json
{
  "pre_tool":  "pre_tool.sh",
  "post_tool": "post_tool.sh",
  "pre_llm":   "pre_llm.sh",
  "post_llm":  "post_llm.sh"
}
```

Example `~/.fortifyos/hooks/langchain/pre_tool.sh`:

```bash
#!/bin/bash
# Block any tool call whose input mentions a forbidden keyword
payload="$(cat)"
if echo "$payload" | grep -q "rm -rf"; then
  echo "Blocked: dangerous shell input detected"
  exit 1
fi
exit 0
```

The script receives the event payload as JSON on stdin. Exit code 0 allows the action; any non-zero exit code blocks it.

---

## Supported Events

| Event name | Fires when |
|---|---|
| `pre_llm`   | Before an LLM / chat-model call |
| `post_llm`  | After an LLM responds |
| `pre_tool`  | Before a tool runs |
| `post_tool` | After a tool returns |

Additional lifecycle events (agent action, retriever calls, error hooks) are planned.

---

## Disabling Protection

Set `FORTIFYOS_DISABLE=1` in the environment to skip the auto-attach for a single run — useful for debugging.

```bash
FORTIFYOS_DISABLE=1 python my_agent.py
```

---

## Verifying The Install

```bash
FORTIFYOS_VERBOSE=1 python -c "print('ok')"
```

Expected output:
```
  [FortifyOS] handler auto-attached to LangChain
ok
```

If the `[FortifyOS]` line does not appear, the `.pth` file did not land in `site-packages`. See the troubleshooting section in the docs.

---

## Requirements

- Python 3.9 or newer
- `langchain-core >= 0.3`
- Bash (Git Bash on Windows) — required only to execute the shell-based policy scripts

---

## License

MIT — see [LICENSE](./LICENSE).

---

## Links

- Homepage: <https://fortifyai.co>
- Docs: <https://fortifyai.co/docs>
- Issues: <https://github.com/fortifyai/fortifyos-langchain/issues>
