Agent Security (@veridex/agent-security)
A framework-agnostic security gateway that protects any AI agent — whether built with Veridex, LangChain, CrewAI, AutoGPT, or custom code — with pluggable security packs.
This package works standalone. It does not require @veridex/agents or any other Veridex package.
Installation
npm install @veridex/agent-securityQuick Start
In-Process Gateway
import { SecurityGateway, createDefaultPacks } from '@veridex/agent-security';
const gateway = new SecurityGateway({
packs: createDefaultPacks(),
defaultAction: 'block', // block | warn | allow
});
// Evaluate an agent action before execution
const result = await gateway.evaluate({
type: 'tool_call',
toolName: 'execute_sql',
arguments: { query: 'DROP TABLE users; --' },
agentId: 'data-agent',
turnIndex: 3,
});
if (result.verdict === 'block') {
console.log('Blocked:', result.reasons);
// → ['Injection detected: SQL injection pattern in tool arguments']
}Remote Gateway (HTTP)
Deploy as a standalone service:
// server.ts
import { createSecurityServer } from '@veridex/agent-security/server';
const server = createSecurityServer({
packs: createDefaultPacks(),
port: 4600,
authToken: process.env.SECURITY_GATEWAY_TOKEN,
});
await server.start();Connect from any agent:
import { SecurityClient } from '@veridex/agent-security';
const client = new SecurityClient({
baseUrl: 'https://security.example.com',
authToken: process.env.SECURITY_GATEWAY_TOKEN,
});
const result = await client.evaluate({
type: 'tool_call',
toolName: 'send_email',
arguments: { to: 'user@example.com', body: emailContent },
agentId: 'comms-agent',
});Built-in Security Packs
The @veridex/agent-security package exports 10 pack factories. createDefaultPacks() returns 9 of them — endpointAllowlistPack is excluded from the default set because it requires an explicit allowlist and must be constructed by the caller.
| Pack | In createDefaultPacks() | Detects |
|---|---|---|
injectionDetectionPack | ✓ | Prompt injection, SQL injection, command injection in tool arguments |
toolPoisoningPack | ✓ | Malicious tool chains, circular tool references, suspicious tool sequences |
secretDetectionPack | ✓ | Leaked API keys, passwords, JWTs, private keys in arguments or outputs |
budgetCeilingPack | ✓ | Spending exceeding configured limits per run or per day |
shellCommandSafetyPack | ✓ | Dangerous shell commands (rm -rf, chmod 777, privilege escalation) |
handoffSafetyPack | ✓ | Unsafe agent-to-agent handoffs (cycles, untrusted targets) |
financialSafetyPack | ✓ | Financial transactions exceeding limits or targeting suspicious addresses |
crossTurnAnomalyPack | ✓ | Behavioral anomalies across turns (goal drift, sudden capability escalation) |
llmResponseGuardPack | ✓ | Filtering model responses for harmful or policy-violating content |
endpointAllowlistPack | HTTP requests to non-allowlisted domains (opt-in — requires allowedEndpoints) |
Note on data sovereignty. A jurisdictional/PII enforcement pack is on the roadmap but is not yet shipped in
@veridex/agent-security. Track progress in the roadmap.
Framework Adapters
LangChain
import { SecurityGateway } from '@veridex/agent-security';
import { VeridexSecurityCallback } from '@veridex/agent-security/adapters/langchain';
const gateway = new SecurityGateway({ packs: createDefaultPacks() });
const callback = new VeridexSecurityCallback(gateway);
// Attach to any LangChain agent
const agent = new AgentExecutor({
agent: myAgent,
tools: myTools,
callbacks: [callback],
});CrewAI
import { VeridexCrewAIGuard } from '@veridex/agent-security/adapters/crewai';
const guard = new VeridexCrewAIGuard(gateway);
// Wrap crew execution with security evaluation
const result = await guard.evaluate(crewAction);Telemetry
import { TelemetryReporter } from '@veridex/agent-security';
const reporter = new TelemetryReporter({
endpoint: 'https://telemetry.example.com/events',
batchSize: 50,
flushIntervalMs: 10_000,
});
const gateway = new SecurityGateway({
packs: createDefaultPacks(),
telemetry: reporter,
});
// Every evaluation is automatically recorded for observabilityKey Types
interface SecurityVerdict {
verdict: 'allow' | 'block' | 'escalate' | 'flag';
reasons: string[];
packId: string;
confidence: number;
}
interface SecurityEvalResult {
overall: 'allow' | 'block' | 'escalate';
verdicts: SecurityVerdict[];
metadata: Record<string, unknown>;
}
interface JurisdictionConfig {
defaultJurisdiction: string;
piiCategories: string[];
jurisdictionRules: JurisdictionRule[];
toolJurisdictions: Record<string, string>;
}Related
- Security Guide: Agent Security Gateway — Deployment patterns and best practices
- Security Guide: Data Sovereignty — Jurisdictional compliance
- Governance: Sovereignty Compliance — Audit trail for violations
- API Reference — Full type signatures