Runtime safety guard for autonomous AI agents. Monitors process/file/network behavior, applies policy rules, terminates violations.
pip install -e ".[dev]"-- Install with dev depspytest-- Run all 15 testspytest tests/test_scope.py -v-- Single test moduleruff check suy_sideguy/-- Lintmypy suy_sideguy/-- Type checkpython -m build-- Build wheel + sdistsuy-warden --scope examples/scope.openclaw.yaml --agent-pid 12345 --poll 0.5-- Run wardensuy-forensic-report --last-hours 24-- Generate incident report
suy_sideguy/
warden.py # Main loop: observe → evaluate → enforce (entry point)
observer.py # Process/file/network monitoring via psutil
policy.py # Rule evaluation engine
scope.py # YAML scope parser (allowlists, blocklists, thresholds)
enforcement.py # SIGKILL dispatch
forensic_report.py # Evidence aggregation, incident report export
models.py # Shared dataclasses (Action, Observation, Verdict)
cli.py # Argument parsing
5-stage pipeline: Observer → Rule Engine (instant scope checks) → LLM Judge (Ollama, ambiguous cases) → Killswitch (SIGKILL) → Responder (forensic report).
- Python 3.9+ required (
from __future__ import annotationsin all modules) - Three runtime deps only:
psutil,PyYAML,httpx SIGKILLis irreversible — kill-path changes need tests + forensic validation- Fail-open on observer errors (log and continue, don't crash the warden)
- LLM judge calls Ollama
/api/chat— no abstraction layer yet - Scope files are YAML with OS-specific path comments
from __future__ import annotationsin every module- Dataclasses + Enum for structured data
logging.getLogger(__name__)per module- Type hints on all public functions
- Ruff line length: 100, target Python 3.9
psutil.open_files()visibility is OS-dependent and best-effort- Network checks match IP/port, not domain — DNS resolution is lossy
--agent-namecan over-match processes; prefer--agent-pidin production- Log/evidence paths default to
~/.local/share/sysmond/(legacy naming) - The scope YAML
flag_thresholdandflag_windowcontrol when flags escalate to kill