Big News: Socket raises $60M Series C at a $1B valuation to secure software supply chains for AI-driven development.Announcement
Sign In

@agentick/guardrails

Package Overview
Dependencies
Maintainers
2
Versions
96
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@agentick/guardrails

Guardrail middleware for Agentick — gate tool execution with rules and classifiers

latest
Source
npmnpm
Version
0.14.68
Version published
Maintainers
2
Created
Source

@agentick/guardrails

Guardrail middleware for Agentick — gate tool execution with rules and classifiers.

Install

pnpm add @agentick/guardrails

Quick Start

import { toolGuardrail, deny, allow } from "@agentick/guardrails";

const guardrail = toolGuardrail({
  rules: [deny("file_delete", "exec_*"), allow("file_read", "file_write")],
});

app.use(guardrail);

API

toolGuardrail(config)

Create middleware that gates tool execution.

toolGuardrail({
  rules?: GuardrailRule[],
  classify?: GuardrailClassifier,
  onDeny?: (toolName: string, reason: string) => void,
})

Only intercepts procedures with operationName === "tool:run". Other procedures pass through.

deny(...patterns)

Create a deny rule.

deny("file_delete", "exec_*");
// { patterns: ["file_delete", "exec_*"], action: "deny" }

allow(...patterns)

Create an allow rule.

allow("file_read", "search");
// { patterns: ["file_read", "search"], action: "allow" }

Rule Patterns

Patterns support * wildcard matching:

PatternMatches
"search"Exact match only
"file_*"file_read, file_write, ...
"*_admin"read_admin, write_admin, ...
"*"Everything

Evaluation Order

  • Static rules — first-match-wins
    • deny → throw GuardrailDenied
    • allow → skip classifier, proceed
  • Classifier — only runs if no rule matched
    • Return { action: "deny", reason } to block
    • Return null / undefined / { action: "allow" } to proceed
  • Default — allow

Classifier

const guardrail = toolGuardrail({
  classify: async (call, envelope) => {
    if (call.input?.dangerous) {
      return { action: "deny", reason: "Dangerous input detected" };
    }
    return null; // allow
  },
});

Error Handling

Denied tools throw GuardrailDenied (extends GuardError):

import { isGuardError } from "@agentick/shared";

try {
  await tool.run(input);
} catch (error) {
  if (isGuardError(error)) {
    // Access denied — error.code === "GUARD_DENIED"
  }
}

The model sees a tool error result with the denial reason, allowing it to try a different approach.

Future

  • inputGuardrail — gate based on user input content
  • outputGuardrail — gate based on model output content

FAQs

Package last updated on 19 May 2026

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Malicious NuGet Package Impersonates Sicoob SDK to Exfiltrate Banking Certificates and Passwords

Research

/

Security News

Malicious NuGet Package Impersonates Sicoob SDK to Exfiltrate Banking Certificates and Passwords

A malicious NuGet package impersonating Sicoob exfiltrated client IDs, PFX passwords, and banking certificates through Sentry telemetry.

By Kirill Boychenko  -  May 28, 2026