skyrelis

🔒 Skyrelis: AI Agent Security Library

Enterprise-grade security for AI agents, starting with comprehensive observability.

🛡️ Why Agent Security Matters

As AI agents become more powerful and autonomous, they present new security challenges:

• Prompt Injection Attacks: Malicious inputs that hijack agent behavior
• Data Exposure: Agents accessing sensitive information inappropriately
• Uncontrolled Actions: Agents performing unintended or harmful operations
• Compliance Risks: Lack of audit trails for regulated industries

Skyrelis provides the security foundation your AI agents need.

✨ Current Security Features (v0.1.6)

🔍 Complete Observability - Full visibility into agent execution and decision-making
🎯 System Prompt Security - Monitor and protect agent instructions and behaviors
📊 Real-time Monitoring - Instant alerts for suspicious agent activities
🏷️ Agent Registry - Centralized inventory and security posture management
🔗 Zero-Config Integration - Add security with just a decorator
⚡ Production Ready - Built for enterprise scale and reliability
🌐 Standards Compliant - OpenTelemetry, audit logging, and compliance ready
🚀 Multi-Framework Support - LangChain (0.1-2.0), CrewAI (0.70+), and extensible architecture
✅ Modern LangChain Compatible - Full support for LangChain 1.0+ with inheritance-based monitoring

🚧 Coming Soon (Roadmap)

🛡️ Prompt Injection Detection - AI-powered input validation and threat detection
🏗️ Agent Sandboxing - Isolated execution environments with controlled permissions
👥 Access Control & RBAC - Role-based permissions for agent operations
🧠 Behavioral Analysis - ML-based anomaly detection for agent activities
📋 Compliance Frameworks - SOC2, GDPR, HIPAA compliance tools
🔐 Secret Management - Secure handling of API keys and sensitive data

🚀 Quick Start

Installation

# Basic installation
pip install skyrelis

# With CrewAI support
pip install skyrelis[crewai]

# With all features
pip install skyrelis[all]

🎯 Multi-Framework Support

Skyrelis supports multiple AI agent frameworks with unified security monitoring:

✅ LangChain (All Versions)

• Legacy LangChain (0.1.x - 0.9.x) ✅
• Modern LangChain (1.0.0+) ✅ NEW: Fixed compatibility issues
• LangChain Core (0.1.0+) ✅
• LangChain OpenAI (0.0.5+) ✅

✅ CrewAI

• CrewAI (0.70.0+) ✅
• OpenTelemetry Integration ✅
• Agent, Task, and Crew monitoring ✅

Secure Your Agent in 30 Seconds

Modern LangChain (1.0+) Example

from skyrelis import observe_langchain_agent
from langchain_core.runnables import Runnable
from langchain_openai import ChatOpenAI
from langchain_core.messages import HumanMessage, SystemMessage

# Modern LangChain agent with Skyrelis monitoring
@observe_langchain_agent(remote_observer_url="https://your-security-monitor.com")
class ModernSecureAgent(Runnable):
    def __init__(self, llm_model="gpt-4o-mini"):
        self.llm = ChatOpenAI(model=llm_model)
    
    def invoke(self, input_data, config=None, **kwargs):
        messages = [
            SystemMessage(content="You are a helpful AI assistant."),
            HumanMessage(content=input_data["query"])
        ]
        return self.llm.invoke(messages)

# Use your secure agent
agent = ModernSecureAgent()
result = agent.invoke({"query": "What's the weather like?"})

Legacy LangChain (0.x) Example

from skyrelis import observe_langchain_agent
from langchain.agents import AgentExecutor, create_openai_functions_agent
from langchain_openai import ChatOpenAI
from langchain.prompts import ChatPromptTemplate

# Legacy LangChain agent setup
prompt = ChatPromptTemplate.from_messages([
    ("system", "You are a helpful AI assistant. Use tools when needed."),
    ("human", "{input}"),
    ("placeholder", "{agent_scratchpad}")
])

llm = ChatOpenAI(model="gpt-4o-mini")
agent = create_openai_functions_agent(llm, tools, prompt)

# Add enterprise security monitoring with one decorator! 🔒
@observe_langchain_agent(remote_observer_url="https://your-security-monitor.com")
class SecureAgent(AgentExecutor):
    pass

# Initialize and use - now with full security monitoring
secure_agent = SecureAgent(agent=agent, tools=tools)
result = secure_agent.invoke({"input": "What's the weather like?"})

CrewAI Example

from skyrelis import observe_crewai_agent
from crewai import Agent, Task, Crew

@observe_crewai_agent(remote_observer_url="https://your-security-monitor.com")
class SecureCrewAgent(Agent):
    pass

# Your CrewAI agent now has complete security monitoring
agent = SecureCrewAgent(
    role="Security Analyst",
    goal="Analyze security threats",
    backstory="Expert in cybersecurity analysis"
)

🎉 What You Get

All supported frameworks automatically get:

• ✅ Complete execution tracing - Every agent call monitored
• ✅ System prompt monitoring - Security-critical prompt capture
• ✅ Real-time security alerts - Instant threat notifications
• ✅ Audit trail compliance - Full regulatory compliance logging
• ✅ Agent behavior analysis - ML-powered anomaly detection
• ✅ Zero code changes - Just add the decorator!

🔒 What Security Data Gets Captured

When you add the @observe decorator, Skyrelis automatically captures security-relevant data:

🤖 Agent Security Profile

• System Prompts: Complete instructions given to the agent
• Tool Access: What tools the agent can use and how
• LLM Configuration: Model settings, temperature, safety filters
• Permission Scope: What the agent is authorized to do

📊 Execution Security Logs

• Input Validation: All user inputs and their sources
• Tool Invocations: Every tool call with parameters and results
• LLM Interactions: Complete conversation logs with the language model
• Output Analysis: All agent responses and actions taken
• Error Tracking: Security-relevant errors and failures

🚨 Security Events

• Unusual Behavior: Deviations from expected agent patterns
• Failed Operations: Blocked or failed actions that might indicate attacks
• Access Attempts: Unauthorized access attempts to tools or data
• Performance Anomalies: Unusual response times or resource usage

📋 Compliance & Audit

• Complete Audit Trail: Every action with timestamps and context
• User Attribution: Who triggered each agent interaction
• Data Access Logs: What data was accessed or modified
• Retention Management: Automated log retention per compliance requirements

🎛️ Security Configuration

Basic Security Setup

@observe(
    monitor_url="https://your-security-monitor.com",
    agent_name="customer_service_agent",
    security_level="production",  # "development", "staging", "production"
)
class CustomerServiceAgent(AgentExecutor):
    pass

Advanced Security Configuration

@observe(
    monitor_url="https://your-security-monitor.com",
    agent_name="financial_advisor_agent",
    security_level="production",
    enable_audit_logging=True,      # Full audit trail
    enable_anomaly_detection=True,  # Behavioral analysis (coming soon)
    enable_input_validation=True,   # Prompt injection detection (coming soon)
    compliance_mode="SOC2",         # Compliance framework (coming soon)
    alert_thresholds={              # Security alerting
        "unusual_tool_usage": 0.8,
        "response_time_anomaly": 2.0,
        "error_rate_spike": 0.1
    }
)
class FinancialAdvisorAgent(AgentExecutor):
    pass

Environment-Based Security

# Security monitoring endpoints
export SKYRELIS_MONITOR_URL="https://your-security-monitor.com"
export SKYRELIS_SECURITY_LEVEL="production"

# Compliance and audit
export SKYRELIS_AUDIT_RETENTION_DAYS="2555"  # 7 years for financial compliance
export SKYRELIS_COMPLIANCE_MODE="SOC2"

# Alert destinations
export SKYRELIS_SLACK_WEBHOOK="https://hooks.slack.com/..."
export SKYRELIS_SECURITY_EMAIL="security-team@company.com"

🔧 Security Integration Examples

High-Security Financial Agent

from skyrelis import observe
from langchain.agents import create_openai_functions_agent
from langchain_openai import ChatOpenAI
from langchain.tools import StructuredTool

def get_account_balance(account_id: str) -> str:
    # This tool access is now fully monitored and audited
    return f"Account {account_id}: $10,000"

@observe(
    monitor_url="https://security.bank.com/monitor",
    security_level="production",
    compliance_mode="SOX",
    enable_audit_logging=True
)
class BankingAgent(AgentExecutor):
    pass

# Every interaction is now compliance-ready and security-monitored

Customer Service with Threat Detection

@observe(
    monitor_url="https://security.company.com/monitor",
    enable_anomaly_detection=True,      # Detect unusual customer behavior
    enable_input_validation=True,       # Block prompt injection attempts  
    alert_on_threats=True              # Real-time security alerts
)
class CustomerServiceAgent(AgentExecutor):
    pass

# Agent automatically detects and blocks security threats

Research Agent with Data Protection

@observe(
    monitor_url="https://security.research.com/monitor",
    data_classification="confidential",
    enable_data_loss_prevention=True,  # Prevent sensitive data exposure
    audit_data_access=True            # Log all data access events
)
class ResearchAgent(AgentExecutor):
    pass

# Complete data protection and access monitoring

📊 Security Monitoring Dashboard

The Skyrelis Security Monitor provides:

🚨 Real-time Security Alerts

• Threat Detection: Immediate alerts for security events
• Anomaly Notifications: Unusual agent behavior alerts
• Compliance Violations: Regulatory compliance failures
• Performance Issues: Security-impacting performance problems

📈 Security Analytics

• Agent Risk Scores: Security posture assessment for each agent
• Threat Landscape: Attack patterns and security trends
• Compliance Reporting: Automated compliance status reports
• Incident Response: Security event investigation tools

🔍 Agent Security Inventory

• Security Profiles: All agents with their security configurations
• Permission Mapping: What each agent can access and do
• Vulnerability Assessment: Security weaknesses and recommendations
• Policy Compliance: Adherence to security policies

📋 Audit & Compliance

• Complete Audit Trail: Every action logged for compliance
• Regulatory Reports: SOC2, GDPR, HIPAA compliance reporting
• Data Lineage: Track data flow through agent operations
• Retention Management: Automated compliance-based data retention

🏗️ Security Architecture

Skyrelis Security Architecture:

• Security Decorator: Wraps agents with security monitoring
• Agent Registry: Centralizes agent security profiles and policies
• Real-time Monitoring: Captures all security-relevant events
• Threat Detection: AI-powered security analysis (coming soon)
• Compliance Engine: Automated compliance and audit reporting
• Alert System: Real-time security notifications and incident response

All security monitoring happens transparently - your agent code remains unchanged while gaining enterprise-grade security!

🔧 LangChain >1.0.0 Compatibility Fix

✅ RESOLVED: 'method' object attribute '__init__' is read-only Error

Previous versions of Skyrelis had compatibility issues with LangChain 1.0+ due to class protection mechanisms. This is now fixed!

What We Fixed

• Problem: Direct __init__ method assignment failed in modern LangChain
• Solution: Inheritance-based approach that creates ObservedAgent classes
• Result: Full compatibility with both legacy and modern LangChain versions

Technical Details

# OLD APPROACH (Failed in LangChain 1.0+)
cls.__init__ = new_init  # ❌ Read-only error

# NEW APPROACH (Works with all LangChain versions)
class ObservedAgent(cls):  # ✅ Inheritance-based
    def __init__(self, *args, **kwargs):
        super().__init__(*args, **kwargs)
        # Add Skyrelis monitoring

Migration

No code changes needed! Your existing Skyrelis decorators work with both:

• ✅ Legacy LangChain (0.1.x - 0.9.x)
• ✅ Modern LangChain (1.0.0+)
• ✅ All LangChain Core versions
• ✅ CrewAI (0.70.0+)

📦 Installation Options

# Basic security monitoring (supports all LangChain versions)
pip install skyrelis

# With CrewAI support
pip install skyrelis[crewai]

# With OpenTelemetry integration
pip install skyrelis[opentelemetry]

# With advanced security features (coming soon)
pip install skyrelis[security]

# With compliance reporting
pip install skyrelis[compliance]

# With threat detection (coming soon)  
pip install skyrelis[threat-detection]

# Everything
pip install skyrelis[all]

Supported Versions

• Python: 3.8+
• LangChain: 0.1.0 - 2.0.0 (all versions supported)
• LangChain Core: 0.1.0 - 1.0.0
• CrewAI: 0.70.0+
• Pydantic: 1.8.0 - 3.0.0 (compatible with both v1 and v2)

📝 Recent Updates

v0.1.6 - LangChain 1.0+ Compatibility 🚀

• ✅ FIXED: 'method' object attribute '__init__' is read-only error in LangChain 1.0+
• ✅ NEW: Inheritance-based monitoring approach for modern LangChain
• ✅ IMPROVED: Full compatibility with LangChain 0.1.0 - 2.0.0
• ✅ ENHANCED: Better error handling and graceful fallbacks
• ✅ MAINTAINED: Backward compatibility with existing code

Previous Releases

• v0.1.3: Multi-framework support (LangChain + CrewAI)
• v0.1.2: Enhanced observability and system prompt capture
• v0.1.1: Core security monitoring features
• v0.1.0: Initial release with LangChain support

🎯 Why Choose Skyrelis?

For Security Teams

• Zero Agent Code Changes: Add security without disrupting development
• Complete Visibility: See everything your agents are doing
• Multi-Framework Support: Monitor LangChain, CrewAI, and more from one platform
• Compliance Ready: Built-in support for major compliance frameworks
• Threat Detection: AI-powered security monitoring

For Development Teams

• One-Line Integration: Just add a decorator
• Universal Compatibility: Works with LangChain 0.1-2.0, CrewAI 0.70+
• No Performance Impact: Lightweight, async monitoring
• Development Friendly: Rich debugging and troubleshooting tools
• Production Ready: Battle-tested at enterprise scale
• Future-Proof: Inheritance-based approach compatible with framework updates

For Compliance Officers

• Automated Audit Trails: Complete logging without manual work
• Regulatory Support: SOC2, GDPR, HIPAA, SOX compliance
• Risk Assessment: Continuous security posture monitoring
• Incident Response: Complete investigation capabilities

🤝 Contributing

We welcome contributions to make AI agents more secure! Please see our Contributing Guide for details.

📄 License & Commercial Use

Skyrelis is proprietary software - see the LICENSE file for details.

🏢 Commercial Licensing

• Evaluation & Development: Free for non-commercial evaluation and development
• Commercial Use: Requires a separate commercial license agreement
• Enterprise: Contact us for enterprise licensing and support

📧 Licensing Inquiries: security@skyrelis.com

🔒 Why Proprietary?

As an AI agent security platform, Skyrelis requires:

• Enterprise Support: Dedicated support for mission-critical security
• Compliance Guarantees: Legal assurances for regulated industries
• Advanced Features: Continuous development of cutting-edge security capabilities
• Professional Services: Security consulting and custom implementations

🆘 Support

• 📚 Documentation: skyrelis.readthedocs.io
• 🔒 Security Issues: security@skyrelis.com
• 🐛 Bug Reports: GitHub Issues
• 💬 Discussions: GitHub Discussions

Made with 🔒 by the Skyrelis Security Team

Skyrelis: Securing AI agents for the enterprise.