Warden Runtime (MVP)

Warden is a zero-trust runtime security firewall for agentic AI. This MVP implements:

• Perception gateway with taint tagging
• Memory write gate
• 3-phase tool firewall (registry, SBOM, invocation)
• Auditor-worker decision path (supervisor)
• Viral loop detection
• Append-only cryptographic provenance ledger
• FastAPI REST + WebSocket APIs
• SQL-backed persistence wiring (sessions, artifacts, tool registry, append-only ledger entries)
• Python + TypeScript SDKs
• Concrete LangChain and MCP integration adapters

Run

python -m venv .venv
source .venv/bin/activate
pip install -e .[dev]
uvicorn warden_api.main:app --reload

By default, persistence is file-backed SQLite at ./warden.db.

Persistence

• Runtime writes to both in-memory cache and SQL persistence adapter.
• Persisted entities: sessions, artifacts, tool registry, ledger entries.
• DB init is executed in API startup path (warden_api.main).

Integrations

Install integration deps:

pip install -e .[integrations]

LangChain

Use WardenLangChainCallbackHandler to pre-commit tool calls via Warden before execution.

MCP

Use WardenMCPGateway.call_tool(...) to gate MCP tool invocations and write_memory(...) for memory writes.

Demo Dashboard

• Dashboard page: http://127.0.0.1:8000/dashboard
• Static assets served from: /assets/*
• Browser-side quick seed endpoint: POST /v1/demo/seed

Generate richer mock data

python scripts/mock_data.py --base-url http://127.0.0.1:8000 --sessions 8

Workflow

Use the workflow file:

• /.windsurf/workflows/demo-dashboard.md

API

• POST /v1/sessions
• DELETE /v1/sessions/{id}
• POST /v1/ingest
• POST /v1/tool-calls/pre-commit
• POST /v1/memory/gate-write
• GET /v1/ledger/{session_id}
• GET /v1/ledger/{session_id}/verify
• GET /v1/alerts
• GET /v1/registry/tools
• POST /v1/registry/tools
• DELETE /v1/registry/tools/{id}
• GET /v1/compliance/eu-ai-act
• GET /v1/compliance/soc2
• WS /v1/stream/{session_id}