AI agents are being deployed to take real-world actions — file operations,
API calls, database writes. There's no standard safety layer between the
LLM's decision and execution.
plyra-guard is that layer. It intercepts every tool call before it runs,
evaluates it against a policy, and blocks, logs, or escalates.
@guard.wrap
def delete_file(path: str) -> str:
os.remove(path)
delete_file("/tmp/report.txt") # ALLOW — 0.3ms
delete_file("/etc/passwd") # BLOCK — "System config is off-limits"
Key things:
Policy engine (YAML or Python rules: allow / block / escalate) Works with LangGraph, AutoGen, CrewAI, LangChain, plain Python Sub-2ms in-process evaluation, no network hop Every action logged, ships to OTEL or Datadog Built-in dashboard at localhost:8765
The LangGraph integration has a non-obvious wrinkle: ToolNode uses internal state tracking that breaks transparent tool wrapping. We ended up building a custom guarded_tool_node pattern — cleaner anyway. 217 tests. Python 3.11–3.13. Apache 2.0. Docs: https://plyraai.github.io/plyra-guard ───── HN TIPS:
Reply to every comment within 1 hour If someone critiques: "Good point — here's how we handle X" beats defending One genuine thread > ten upvotes for front page velocity