Agentic Glass

Enterprise control plane for AI agents. Identity, security, and memory on one layer.

Quickstart Concepts SDK MCP Proxy API Dashboard Deploy

Quickstart

Connect your agents in under 5 minutes. For a guided product walkthrough, use the live demo (password required).

Install

pip install agentshield

Initialize

agentshield init --api https://your-server:8400

Creates .agentshield.json with your agent ID and credential.

Run your agent

agentshield run "python your_agent.py"

Your agent runs normally. Agentic Glass monitors every tool call transparently.

For Claude Code / Cursor, use the MCP proxy instead:

agentshield mcp-config --target "your-mcp-server" --api https://your-server:8400

Generates the config snippet to paste into your MCP settings.

Core Concepts

Three Pillars

Pillar	What it means
Prevent	Make dangerous outcomes architecturally impossible. Taint propagation, tool ordering, and mandates ensure agents can't do what they shouldn't — not by detecting after the fact, but by blocking before execution.
Developer Pods	Developers own their agent pods. They set the scope (tools, data, workflows). Security sets org-wide guardrails. The platform enforces both. No tickets, no bottlenecks.
Governed Memory	Agents share a knowledge brain, but each agent only sees what its data access tiers allow. Knowledge compounds over time. Data never leaks across permission boundaries.

How Prevention Works

Layer	What it prevents
Taint Propagation	Untrusted data (web scrapes, unknown sources) can never drive privileged actions — payments, DB writes, emails. Even after passing through multiple agents.
Agent Bus	No single agent gets ingress + sensitive data + egress. Blocks data exfiltration chains between agents.
Tool Ordering	Access private data then call the internet = exfiltration risk. Call internet then access data = fine. Same tools, different order, different policy.
Pre-Decision Safety	Three checks before every consequential action: Is the agent following its workflow? Is the data clean? Is session risk acceptable?
Scope Attenuation	Child agents always get fewer permissions than their parent. Permissions shrink at every delegation hop. Never widen.

Detection Pipeline

7 layers, each catching what the others miss:

Layer	Method	What it catches
1	Structural regex	Known injection patterns
2	Control flow integrity	Unauthorized tool sequences
3	Statistical anomaly	Unusual argument patterns per tool
4	VAE autoencoder	Out-of-distribution inputs
5	TF-IDF embeddings	Similarity to known attacks
6	JSON tree-trace	Structural anomalies in payloads
7	LLM reasoning judge	Nuanced intent analysis

F1 = 0.94 | 2,524 evals/sec | P50 = 0.39ms

Python SDK

Installation

pip install agentshield

Programmatic usage

import agentshield

# Standalone mode (calls remote API)
agentshield.init(api_url="https://your-server:8400", mode="monitor")

# Your agent code runs normally — frameworks are auto-detected and patched
# Supports: OpenAI, Anthropic, LangChain, CrewAI

CLI commands

Command	What it does
`agentshield init --api URL`	Register agent, create config file
`agentshield run "script.py"`	Run with monitoring
`agentshield mcp-config --target CMD`	Generate MCP proxy config
`agentshield status`	Show connection status
`agentshield version`	Print version

MCP Proxy

For Claude Code, Cursor, or any MCP-based tool. The proxy sits between the AI client and the MCP server, evaluating every tool call.

# Generate config for Claude Desktop
agentshield mcp-config --target "npx @modelcontextprotocol/server-filesystem /" --api https://your-server:8400

# Or run directly
agentshield-mcp-proxy --target "your-mcp-server" --api https://your-server:8400 --mode enforce

In monitor mode: logs all tool calls, doesn't block. In enforce mode: blocks dangerous tool calls, returns error to the AI client.

REST API

Core endpoints

Method	Path	Description
GET	`/health`	Health check
POST	`/evaluate/tool-call`	Evaluate a tool call (allow/deny/require_approval)
POST	`/agents/register`	Register a new agent
GET	`/agents`	List all agents
POST	`/credentials/issue`	Issue scoped credential for an agent
GET	`/policies`	List policy rules
POST	`/policies/add`	Add a policy rule
GET	`/recent-events`	Recent security events
GET	`/bus/stats`	Agent communication stats
GET	`/taint/stats`	Data trust tracking stats
GET	`/safety/history`	Safety gate decisions
GET	`/approvals/pending`	Pending human approvals
GET	`/onboarding/status`	Onboarding state for dashboard

Example: Evaluate a tool call

curl -X POST http://localhost:8400/evaluate/tool-call \
  -H "Content-Type: application/json" \
  -d '{
    "payload": {
      "method": "tools/call",
      "params": {
        "name": "search",
        "arguments": {"query": "quarterly revenue"}
      }
    },
    "credential_id": "cred_613a4455fdea"
  }'

# Response:
{
  "decision": "allow",
  "risk_score": 0.02,
  "run_id": "run_a1b2c3d4",
  "analysis": {
    "layers_invoked": ["structural", "anomaly", "cfi"],
    "composite_risk_score": 0.02
  },
  "policy": {
    "decision": "allow",
    "matched_rule": "allow-search"
  }
}

SIEM export

Method	Path	Description
POST	`/siem/add-splunk`	Add Splunk HEC destination
POST	`/siem/add-webhook`	Add generic webhook destination
POST	`/siem/export-now`	Export recent events to all destinations

Dashboard

5 views, each answering one question:

Tab	Question	Shows
Overview	"Are we safe?"	Posture score, blocks, compliance, detection breakdown
Agents	"What are my agents doing?"	Agent cards, communication, data flow, safety decisions
Policies	"What are the rules?"	Policy rules, workflow baselines, add/edit/delete
Memory	"What do our agents know?"	Brain query, privilege-based context reveal, tier badges
Investigate	"What happened?"	Session list, forensic detail, blast radius

Deployment

Docker Compose (self-hosted)

# Clone the repo
git clone https://github.com/your-org/agent-identity-fabric
cd agent-identity-fabric

# Start everything
docker compose -f deploy/docker-compose.yml up -d

# Dashboard at http://localhost:8443/app.html
# API at http://localhost:8400

Kubernetes (Helm)

helm install agentshield deploy/helm/agentshield/

TypeScript SDK

npm install @agentshield/sdk

import { AgentShield } from '@agentshield/sdk';

const shield = new AgentShield({ apiUrl: 'http://localhost:8400' });
const result = await shield.evaluate({
  tool: 'search',
  arguments: { query: 'quarterly revenue' },
});

if (result.decision === 'deny') {
  console.log('Blocked:', result.reason);
}

Agentic Glass — Runtime security for AI agents