agentix.guards.base¶
base ¶
Guard primitives: the uniform checkpoint the loop runs around every tool call.
A :class:Guard exposes two optional hooks:
before_call— inspect a pending :class:~agentix.types.ToolCalland return a :class:Decision(allow / deny / confirm).after_output— transform a tool's output text before it re-enters the model's context (e.g. neutralize injection, mark as untrusted data).
A :class:GuardPipeline runs an ordered list of guards. before_call stops
at the first deny; any confirm along the way means the loop must get a
human "yes" before executing. This replaces the reference's hard-coded if
ladder with composable, swappable objects.
Decision
dataclass
¶
A guard's verdict on a pending tool call.
GuardContext
dataclass
¶
Read-only context handed to every guard for a given call.
Guard ¶
Base guard. Subclass and override the hooks you need; defaults are no-ops (allow / pass-through), so a guard only implements what it cares about.
Three checkpoints, covering both boundaries:
* before_call — a pending tool call (ingress to a tool).
* after_output — a tool's result re-entering context (egress from a tool).
* on_answer — the model's final answer leaving for the user (egress
to the user). Use it for redaction / DLP on what the user sees.
GuardPipeline ¶
Runs an ordered list of guards as a single checkpoint.