Skip to content

agentguard-ai/haystack-tutorials

Β 
Β 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

446 Commits
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 

TealTiger

TealTiger Logo

AI Agent Security & Governance SDK

Deterministic governance, guardrails, cost tracking, and policy management for LLM applications. Open source. TypeScript + Python. Works with any provider.

npm version PyPI version License: Apache 2.0 Discord GitHub stars Governed by TealTiger OpenSSF Scorecard


NVIDIA Inception Program

Website Β· Documentation Β· Examples Β· Discord Β· Contributing


⚑ 60-second quickstart

Install: npm install tealtiger or pip install tealtiger, then wrap one existing OpenAI call:

import { TealOpenAI } from 'tealtiger';
const client = new TealOpenAI({ apiKey: process.env.OPENAI_API_KEY, guardrails: { promptInjection: true } });
const res = await client.chat.completions.create({ model: 'gpt-4o-mini', messages: [{ role: 'user', content: 'Hello!' }] });
console.log(res.security?.decision ?? 'ALLOW');
import os
from tealtiger import TealOpenAI
client = TealOpenAI(api_key=os.environ["OPENAI_API_KEY"], guardrails={"prompt_injection": True})
print(client.chat.completions.create(model="gpt-4o-mini", messages=[{"role": "user", "content": "Hello!"}]).security.decision)
ALLOW
Governance receipt emitted; cost and guardrails tracked.

Next: full Quick Start and examples.


πŸ”­ observe() β€” Zero-Config Instrumentation (v1.4)

One line adds cost tracking, audit logging, PII detection, and behavioral baselines to any LLM client. No config files, no policy definitions.

import { observe, freeze } from 'tealtiger';
const client = observe(new OpenAI());  // done β€” all calls are now instrumented
console.log(client.getCost());         // { totalCost: 0.0023, requestCount: 1, ... }
from tealtiger.observe import observe, freeze
client = observe(OpenAI())             # done β€” all calls are now instrumented
print(client.get_cost())               # ObserveCostSummary(total_cost=0.0023, ...)

What you get automatically: per-request cost tracking across 12 providers, structured audit log with correlation IDs, behavioral baseline (P50/P95/P99), PII detection in REPORT_ONLY mode, and an instant kill switch via freeze(). Under 5ms overhead per call.

See examples/observe-quickstart.ts and examples/observe_quickstart.py.


What is TealTiger?

TealTiger is an open-source SDK that provides deterministic governance for AI agents. It enforces security policies, tracks costs, and produces structured evidence β€” all at runtime, with no infrastructure required.

Looking for the source code? This is the hub repo. The SDK source lives in the language-specific repos:

Or clone this repo with submodules: git clone --recurse-submodules https://github.com/agentguard-ai/tealtiger.git

Unlike probabilistic safety filters, TealTiger uses deterministic policy evaluation: same input + same policy = same decision, every time. Every governance verdict is reconstructable, traceable to the human who authored the policy, and exportable as structured evidence (SARIF, JUnit XML, JSON).

Key principle: Governance should be an engineering property embedded in the runtime β€” not a document reviewed after the fact.


πŸš€ Quick Start

TypeScript

npm install tealtiger
import { TealOpenAI } from 'tealtiger';

const client = new TealOpenAI({
  apiKey: process.env.OPENAI_API_KEY,
  guardrails: {
    piiDetection: true,
    promptInjection: true,
    contentModeration: true,
  },
  budget: {
    maxCostPerRequest: 0.50,
    maxCostPerDay: 10.00,
  },
});

const response = await client.chat.completions.create({
  model: 'gpt-4',
  messages: [{ role: 'user', content: 'Hello!' }],
});
// Guardrails enforced. Cost tracked. Evidence produced.

Python

pip install tealtiger
from tealtiger import TealOpenAI

client = TealOpenAI(
    api_key=os.getenv("OPENAI_API_KEY"),
    guardrails={
        "pii_detection": True,
        "prompt_injection": True,
        "content_moderation": True,
    },
    budget={
        "max_cost_per_request": 0.50,
        "max_cost_per_day": 10.00,
    },
)

response = client.chat.completions.create(
    model="gpt-4",
    messages=[{"role": "user", "content": "Hello!"}],
)
# Guardrails enforced. Cost tracked. Evidence produced.

✨ Features

πŸ›‘οΈ Security Guardrails

  • PII Detection β€” Detect and redact sensitive information automatically
  • Prompt Injection Prevention β€” Block malicious prompt injection attempts
  • Content Moderation β€” Filter toxic, harmful, or inappropriate content
  • Secret Detection β€” 500+ patterns across 9 categories with confidence scoring
  • Custom Rules β€” Define your own security policies

πŸ’° Cost Governance

  • Budget Enforcement β€” Hard limits per request, session, and day
  • Cost Tracking β€” Real-time monitoring across all providers
  • Cost Alerts β€” Notifications at configurable thresholds
  • Circuit Breakers β€” Prevent runaway cost loops automatically

πŸ”Œ 12 LLM Providers

  • OpenAI β€” GPT-4, GPT-4o, GPT-3.5
  • Anthropic β€” Claude 3.5, Claude 3
  • Google Gemini β€” Multimodal support
  • AWS Bedrock β€” Claude, Titan, Jurassic, Command, Llama
  • Azure OpenAI β€” Deployment-based routing
  • Cohere β€” Chat, RAG, embeddings
  • Mistral AI β€” European data residency
  • DeepSeek β€” Cost-efficient reasoning models
  • Groq β€” Ultra-low latency inference
  • Together AI β€” Open-source model hosting
  • HuggingFace TGI β€” Self-hosted inference
  • xAI (Grok) β€” Real-time knowledge

πŸ”Œ Platform Adapters

  • AWS Bedrock Agents β€” Native guardrail adapter
  • AWS AgentCore β€” Pre/post action governance plugin
  • Azure AI Agent Service β€” Tool-call pipeline middleware

πŸ—οΈ Governance Architecture

  • Deterministic Policy Evaluation β€” No LLM in the governance path
  • Structured Evidence β€” Every decision produces a reconstructable record
  • Cryptographic Proof β€” Merkle trees + RFC 3161 timestamping (TealProof)
  • Non-Human Identity (NHI) β€” Agent lifecycle, scope enforcement, Zero Standing Privilege
  • FREEZE Rules β€” Immutable emergency kill switches with tamper detection
  • Correlation IDs β€” End-to-end traceability across the decision chain
  • Policy Traceability β€” Every verdict traces to the human policy author
  • OWASP Agentic Top 10 β€” Zero-config policy pack covering all 10 ASI risks

πŸ—ΊοΈ Governance Coverage

Dimension What it does Module
πŸ›‘οΈ Security Secret detection (500+ patterns), prompt injection, PII, content moderation, Unicode normalization, encoded output detection TealSecrets TealGuard
πŸ”‘ Identity Non-Human Identity lifecycle, scope enforcement, Zero Standing Privilege, agent attestation TealEngine (NHI)
⚑ Reliability Circuit breakers, retry budgets, fallback chains, deterministic degradation TealCircuit TealReliability
🧠 Memory Write provenance, instruction injection detection, exfiltration prevention, scope enforcement TealMemory
πŸ’° Cost Governance-owned ceilings, anomaly detection, reasoning-token budgets, per-agent attribution TealMonitor
πŸ“‹ Evidence Cryptographic receipts (Merkle + RFC 3161), SARIF export, OTel spans, SIEM integration TealProof TealAudit
βš™οΈ Policy FREEZE rules, PLAN_ONLY mode, hot-swap bundles, anti-tamper, automation levels TealEngine
πŸ”„ Workflow Declarative YAML governance workflows, org-level inheritance, floor enforcement TealFlow
πŸ“Š Drift Behavioral drift detection, statistical baselines, model output regression TealDrift
⏱️ Temporal Session TTL, cooldown periods, time-of-day restrictions TealTemporal
πŸ” Registry MCP definition-drift monitoring, tool description scanning, adapter composition allowlist TealRegistry
🧠 Classification Local ONNX ML inference (≀20ms), ensemble modes, regex+ML combination TealClassifier

Design principle: No LLM in the governance path. Same input + same policy = same decision, every time.


πŸ“¦ SDKs

Language Source Code Package Install
TypeScript tealtiger-typescript-prod npm npm install tealtiger
Python tealtiger-python-prod PyPI pip install tealtiger

πŸ”Œ Framework Adapters

Framework Package Install
LangChain langchain-tealtiger pip install langchain-tealtiger
Vercel AI SDK tealtiger-ai-sdk npm install tealtiger-ai-sdk
PydanticAI pydanticai-tealtiger pip install pydanticai-tealtiger
Haystack haystack-tealtiger pip install haystack-tealtiger
CAMEL-AI camelai-tealtiger pip install camelai-tealtiger

πŸ”— Infrastructure Integrations

Platform What it provides Install
Dakera Persistent governance state backend (cost storage, decision receipts, delegation chains via KG) pip install dakera[tealtiger]
AG2 Beta Governance middleware Extension for AG2 Beta agents pip install ag2-tealtiger
Portkey Gateway Webhook guardrail for Portkey AI Gateway Example
Daytona Pre-execution governance for sandboxed code execution Example

πŸ“š Documentation

Badge

Use the TealTiger badge to show that a project is governed by deterministic agent security and cost policies.

Light badge:

[![Governed by TealTiger](https://raw.githubusercontent.com/agentguard-ai/tealtiger/main/assets/badges/governed-by-tealtiger.svg)](https://github.com/agentguard-ai/tealtiger)

Dark badge:

[![Governed by TealTiger](https://raw.githubusercontent.com/agentguard-ai/tealtiger/main/assets/badges/governed-by-tealtiger-dark.svg)](https://github.com/agentguard-ai/tealtiger)

Python Hugging Face TGI Quickstart

Use examples/python/huggingface_tgi_quickstart.py to try the guarded Hugging Face Text Generation Inference provider from the Python SDK.

export HF_API_TOKEN="your-hugging-face-token"
export HF_TGI_ENDPOINT="https://your-endpoint.endpoints.huggingface.cloud"
export HF_TGI_MODEL="meta-llama/Meta-Llama-3.1-8B-Instruct"

python examples/python/huggingface_tgi_quickstart.py

The example enables guardrail and cost-tracking configuration, sends one sample chat request, then prints the response, token usage, estimated cost, provider, and correlation ID. Use placeholder values in docs and .env.example files; never commit a real HF_API_TOKEN.

TealEngine Policy Schema

Use schemas/tealtiger-policy.schema.json for editor autocomplete and validation when authoring TealEngine policy JSON or YAML files. JSON policy files can include:

{
  "$schema": "./schemas/tealtiger-policy.schema.json"
}

For YAML policies, configure your editor's YAML schema mapping to point policy files such as tealtiger-policy.yml at ./schemas/tealtiger-policy.schema.json.

Validate Policy Files

Use the policy validator script to check a TealTiger policy JSON file before using it in CI/CD or runtime governance:

npm install
npx ts-node scripts/validate-policy.ts ./my-policy.json

You can also run the npm script:

npm run validate:policy -- ./my-policy.json

The validator loads schemas/tealtiger-policy.schema.json, prints schema validation errors, exits 0 when the policy is valid, and exits 1 when the policy is invalid.


🐯 Build With Us β€” Early Contributor Program

TealTiger is open source and we're looking for early contributors to shape the future of AI agent governance.

What You Can Work On

Area Examples Difficulty
πŸ” Secret Detection New detection patterns, custom categories 🟒 Beginner
πŸ“ Documentation Guides, examples, API docs, typo fixes 🟒 Beginner
πŸ§ͺ Tests Unit tests, property-based tests, integration tests 🟑 Intermediate
πŸ”Œ Integrations LangChain, CrewAI, AG2, LlamaIndex middleware 🟑 Intermediate
πŸ’Ύ Memory Adapters Redis, Pinecone, Weaviate, ChromaDB adapters 🟑 Intermediate
πŸ”„ CI/CD Templates Jenkins, Azure Pipelines, Bitbucket Pipelines 🟑 Intermediate
πŸ—οΈ Core Modules Governance engine, evidence export, policy evaluation πŸ”΄ Advanced

What Early Contributors Get

  • πŸ† Named in CONTRIBUTORS.md and release notes
  • πŸŽ–οΈ "Founding Contributor" badge β€” first 25 merged PRs get permanent recognition
  • πŸ“£ Shoutout on TealTiger social channels (LinkedIn, X, Dev.to)
  • πŸ”‘ Early access to upcoming governance features before public release
  • πŸ’¬ Direct access to the core team via GitHub Discussions
  • πŸ“ Co-authorship opportunity on technical blog posts

Get Started

# 1. Star this repo (it helps!)

# 2. Fork and clone the SDK you want to contribute to:
# TypeScript SDK:
git clone https://github.com/agentguard-ai/tealtiger-typescript-prod.git
# Python SDK:
git clone https://github.com/agentguard-ai/tealtiger-python-prod.git

# 3. Pick a "good first issue"
# https://github.com/agentguard-ai/tealtiger/issues?q=label%3A%22good+first+issue%22

# 4. Submit a PR
# 5. Join the team 🐯

See CONTRIBUTING.md for detailed guidelines.


πŸ—ΊοΈ Roadmap

Current: v1.3.0 β€” Autonomous Agent Governance (Released May 18, 2026)

  • TealEngine v1.3 with pre/post evaluation pipeline, FREEZE rules, automation levels
  • Non-Human Identity (NHI) governance with Zero Standing Privilege
  • TealProof β€” cryptographic governance receipts (Merkle + RFC 3161)
  • TealFlow β€” declarative YAML governance workflows
  • TealClassifier β€” local ONNX ML inference (≀20ms)
  • TealDrift, TealState, TealTemporal β€” behavioral, context, and session governance
  • TealMonitor v2 β€” governance-owned cost ceilings, anomaly detection
  • OWASP Agentic Top 10 policy pack (zero-config)
  • 12 LLM providers + 3 platform adapters (Bedrock, AgentCore, Azure)
  • Full Python SDK parity

Next: v1.4.0 β€” Zero-Config Adoption & MCP Governance (July 2026)

  • observe(client) β€” 1-line auto-instrumentation, zero config, instant visibility
  • Local CLI dashboard (npx tealtiger dashboard)
  • Progressive disclosure: observe β†’ suggest β†’ enforce β†’ govern
  • 8 framework adapters: LangChain, LangGraph, CrewAI, AG2, LlamaIndex, CAMEL-AI, Haystack, Vercel AI SDK
  • MCP governance: tool validation, per-identity grants, argument-level policies
  • Tool poisoning & rug pull defense
  • Runaway loop detection & per-trace token budgets
  • TEEC v2.1 Execution Receipts (cryptographic evidence)
  • EU AI Act, NIST AI RMF, ISO 42001 compliance mappings
  • Universal Adapter Governance Contract β€” enforced across all framework adapters:
    • Every proposed tool call, budget change, freeze/unfreeze, and delegated handoff creates a decision record before execution
    • Decision binds: agent_id, turn_id, parent_turn_id, action kind, tool name, canonical args digest, policy digest, decision source, expiry, delegation scope
    • Execution outcome backlinks to decision_id and effective args digest that actually ran
    • Denial, timeout, and require-approval become visible terminal or pending states (no silent transcript gaps)
    • Per-actor enforcement: channel/hub approval does not become ambient authority for every agent
    • Delegation creates scope-bound authorization: delegatee emits its own decision and outcome record
    • Invariant tests: same payload in two turns produces two decision IDs; approval for one agent does not authorize another; revised args create a new pending decision; timeout produces durable terminal result; retry returns prior terminal state instead of re-running side effect
  • Supply Chain Integrity Verification β€” validate AI dependency hashes before agent execution (response to LiteLLM supply chain attack, March 2026)
  • A2A Protocol Governance β€” per-task access scoping, token lifetime enforcement, consent flow governance for Agent2Agent interactions (A2A GA under Linux Foundation, 150+ orgs)
  • MCP Tool Integrity Monitoring β€” definition-drift detection, tool description scanning, adapter composition allowlist, rug-pull defense with cryptographic pinning
  • Kill Switch Latency SLA β€” guaranteed <5ms FREEZE propagation with published benchmarks, quantified time-to-halt for compliance
  • Shadow Agent Detection β€” discover ungoverned agents in the environment, surface unmonitored tool calls and untracked cost
  • AI Dependency SBOM β€” generate Software Bill of Materials for agent dependencies, model provenance, and MCP server inventory
  • Dakera Integration (shipped) β€” persistent governance state backend for distributed deployments (pip install dakera[tealtiger]). Cost records, decision receipts, and delegation chains survive restarts via agent-scoped memory with importance-weighted retention.
  • Pack Hunt Defense β€” multi-agent coordinated attack detection:
    • Cross-session intent correlation: link related sessions via session_group_id, query receipts across sessions by agent + time window
    • Reassembly detection: flag when N individually-benign requests from different agents/sessions converge on the same output scope within a time window (deterministic, no LLM)
    • Multi-model coordination detection: track which model produced which output, flag when output from model A becomes input to model B without governance evaluation in between

Planned: v1.5.0 β€” Enterprise Platform (Q3 2026)

  • Multi-tenancy with complete data isolation
  • RBAC (Owner, Admin, Policy Author, Viewer, Auditor)
  • SSO via SAML 2.0 / OIDC (Okta, Azure AD, Google)
  • SIEM export (Splunk, Elastic, Sentinel, Datadog)
  • Policy staging, dry-run mode, canary deployments
  • Scheduled compliance reports & executive dashboard

Future: v2.0.0 β€” SaaS Security Platform (Q1 2027)

  • Full SaaS control plane (CSPM/CWPP model for AI agents)
  • CISO executive console with governance health scoring
  • TealTiger Operator & Agent for Kubernetes
  • Shadow AI detection (discover ungoverned agents)
  • Remote kill switch from SaaS console
  • CloudEvents, OpenTelemetry, Backstage plugin

All features maintain: in-process <5ms, zero-config entry, no LLM in governance path, offline-capable.


🌟 Community


πŸ”’ Security

TealTiger is committed to responsible open-source security practices.

OpenSSF Scorecard OpenSSF Best Practices Dependabot CodeQL

For vulnerability reports, see our Security Policy.


πŸ“„ License

TealTiger is Apache 2.0 licensed.


πŸ™ Acknowledgments

Built with ❀️ by the TealTiger team and contributors.


πŸ‘₯ Contributors

Contributors

Want to contribute? Check out our CONTRIBUTING.md guide!


⭐ Star this repo if you believe AI agents need governance, not just guardrails.

Report Bug Β· Request Feature Β· Ask Question

About

Here you can find all the Tutorials for Haystack πŸ““

Resources

License

Code of conduct

Contributing

Security policy

Stars

1 star

Watchers

0 watching

Forks

Packages

 
 
 

Contributors

Languages

  • Python 51.8%
  • TypeScript 37.5%
  • CSS 4.9%
  • HTML 1.9%
  • JavaScript 1.9%
  • Jupyter Notebook 0.9%
  • Other 1.1%