{ "name": "Ethicore Engine™ — Guardian SDK", "description": "Production-grade, real-time threat detection for Python LLM and agentic applications. Guardian SDK protects the full agentic loop — input to the model, output from the model, every tool call an agent makes, every value tools return into the agent's context, and the compiled/parallel execution plans agent runtimes dispatch — across text, images, audio, and video. 150+ threat categories, 1,500+ regex patterns, 2,500+ semantic fingerprints on the API tier. Listed in the NIST OLIR Catalog against NIST CSF 2.0 and NIST AI RMF 1.0.", "url": "https://oraclestechnologies.com/guardian", "provider": { "organization": "Oracles Technologies LLC", "url": "https://oraclestechnologies.com" }, "version": "2.6.5", "documentationUrl": "https://portal.oraclestechnologies.com/docs", "capabilities": { "streaming": false, "pushNotifications": false, "stateTransitionHistory": false }, "self_provision_endpoint": "POST https://api.oraclestechnologies.com/v1/agents/provision", "authentication": { "schemes": [ "Bearer" ], "signing": { "algorithm": "Ed25519", "public_key": "526e268b98783a7f98c5e1b32eacbc74a4fa7c974befb809ab1655cd9bf0d37d", "public_key_endpoint": "GET https://api.oraclestechnologies.com/v1/guardian/public-key", "header": "X-Ethicore-Signature", "header_format": "v1,ts={unix_timestamp},key={api_key_prefix},sig={128-char-hex}", "signed_message_format": "v1:{unix_timestamp}:{api_key_prefix}:{sha256_hex_of_response_body}", "signed_endpoints": [ "POST /v1/guardian/analyze", "POST /v1/guardian/analyze/response", "POST /v1/guardian/scan/tool-call", "POST /v1/guardian/scan/tool-output", "POST /v1/guardian/scan/execution-plan" ], "verification": "Fetch public_key once, cache it, then on each response: sha256(body) -> reconstruct message -> ed25519_verify(public_key, message, sig). Raises on tamper.", "replay_window_seconds": 300 }, "key_formats": { "human_key": "eg-sk-XXXXXXXX-{32hex}", "agent_key": "eg-sk-agent-XXXXXXXX-{32hex}" }, "credentials": "API key required for API tier. Obtain free at https://portal.oraclestechnologies.com or provision autonomously — no human sign-up required. See self_provision for the autonomous path.", "self_provision": { "endpoint": "POST https://api.oraclestechnologies.com/v1/agents/provision", "description": "Autonomous agent self-provisioning. No human account creation or portal signup required. Guardian scans agent_name and intended_use before any key is issued.", "request_body": { "agent_name": "string (required) — display name of this agent", "intended_use": "string (required, min 10 chars) — how this agent will use the API", "tier": "\"free\" (default) | \"pro\"", "wallet_address": "string (optional) — EVM wallet address for autonomous x402 Pro payment", "contact_email": "string (optional) — email for Stripe-supervised Pro payment or key delivery" }, "free_tier": { "response_code": 201, "immediate": true, "monthly_requests": 1000, "rate_limit_rpm": 60, "key_expires": null }, "pro_tier_x402": { "response_code_challenge": 402, "response_code_success": 201, "requires": "wallet_address in request body", "flow": "1. POST with wallet_address → 402 with USDC deposit address. 2. Send USDC to deposit address on Base Mainnet. 3. Re-POST with X-PAYMENT header → 201 with Pro key.", "payment": { "asset": "USDC", "network": "base", "amount_usdc": "59.99", "protocol": "https://x402.org" }, "monthly_requests": 100000, "rate_limit_rpm": 600, "key_expires_days": 30, "renewal": "Re-provision via the same endpoint with the same wallet_address before expiry. A 402 on any authenticated request means the key has expired and must be renewed." }, "pro_tier_stripe": { "response_code": 402, "requires": "contact_email in request body (no wallet_address)", "flow": "POST with contact_email → 402 with Stripe checkout URL. Human supervisor completes payment. Pro key emailed to contact_email.", "monthly_requests": 100000, "rate_limit_rpm": 600, "key_expires": null } } }, "defaultInputModes": [ "application/json" ], "defaultOutputModes": [ "application/json" ], "supported_providers": [ "OpenAI (GPT-5.5, o3, Codex)", "Anthropic (claude-opus-4-7, claude-sonnet-4-6, claude-haiku-4-5)", "xAI / Grok (grok-4.3, grok-build-0.1)", "DeepSeek (deepseek-v4-flash, deepseek-v4-pro)", "Mistral AI (mistral-large, codestral, devstral, magistral)", "Perplexity Sonar (sonar, sonar-pro, sonar-reasoning-pro, sonar-deep-research)", "Google Gemini (gemini-3.5-flash, gemini-3.1-pro-preview)", "Azure OpenAI", "AWS Bedrock", "LiteLLM (140+ backends)", "Ollama", "LM Studio", "llama.cpp", "LocalAI", "Jan.ai" ], "skills": [ { "id": "analyze-input", "name": "Pre-flight Input Analysis", "description": "Scan an incoming prompt or agentic input before it reaches the model. Runs multiple sequential detection layers: regex pattern matching with obfuscation normalization, ONNX MiniLM-L6-v2 semantic analysis, behavioral session heuristics, ML gradient-boosted inference, and visual/cross-modal analysis for image inputs. Returns ALLOW, CHALLENGE, or BLOCK with threat level, threat types, confidence, and reasoning. Covers 150+ threat categories on the API tier.", "tags": [ "safety", "pre-flight", "prompt-scanning", "threat-detection", "agentic-security", "llm-protection", "real-time" ], "examples": [ "Scan this user message before passing it to my LLM", "Validate this incoming agent instruction for adversarial content", "Check this image submission alongside the text input for embedded threats" ], "inputModes": [ "application/json" ], "outputModes": [ "application/json" ], "endpoint": "POST https://api.oraclestechnologies.com/v1/guardian/analyze" }, { "id": "analyze-response", "name": "Post-flight Response Analysis", "description": "Scan an LLM response before it reaches the user or downstream agents. Detects jailbreak compliance, constraint removal acknowledgments, system prompt revelation, role abandonment, credential/PHI leakage, and other signals that indicate the model was successfully manipulated. Returns suppressed (bool) and a safe replacement response when suppression is triggered. AdversarialLearner simultaneously updates the threat database for improved pre-flight detection.", "tags": [ "safety", "post-flight", "output-scanning", "response-filtering", "jailbreak-detection", "phi-protection", "agentic-security" ], "examples": [ "Scan this LLM response before showing it to the user", "Check this agent output before passing it to a downstream agent", "Validate this model response for jailbreak compliance or credential leakage" ], "inputModes": [ "application/json" ], "outputModes": [ "application/json" ], "endpoint": "POST https://api.oraclestechnologies.com/v1/guardian/analyze/response" }, { "id": "scan-tool-call", "name": "Agentic Tool Call Validation", "description": "Validate a tool call and its arguments before the agent executes it. Detects shell injection, path traversal, data exfiltration infrastructure, destructive operations (rm -rf, DROP TABLE), credential theft attempts, package installs from untrusted sources, and malicious flag combinations. Returns is_dangerous (bool), risk_score, and threat_categories. The same gate scales to compiled/parallel execution plans (DAGs): the AgenticExecutionMonitor decomposes a plan, validates each node, and flags dangerous calls hidden in 'atomic' no-inspect batches, guard-disable steps ordered before payloads, hidden nodes absent from the approval summary, and agent-swarm fan-out escalation.", "tags": [ "agentic-security", "tool-call-validation", "pre-execution", "shell-injection", "exfiltration-detection", "llm-agent" ], "examples": [ "Validate this bash() call before my agent executes it", "Check these tool arguments before calling file_write()", "Scan this API call the agent wants to make for exfiltration risk" ], "inputModes": [ "application/json" ], "outputModes": [ "application/json" ], "endpoint": "POST https://api.oraclestechnologies.com/v1/guardian/scan/tool-call" }, { "id": "scan-tool-output", "name": "Tool Output Injection Scan", "description": "Scan a tool return value before it re-enters the agent's context window. Detects indirect prompt injection payloads embedded in web pages, documents, API responses, database records, and any external content the agent retrieves. Returns is_injection (bool), injection_score, and matched patterns.", "tags": [ "agentic-security", "indirect-injection", "rag-protection", "tool-output-scanning", "context-poisoning", "llm-agent" ], "examples": [ "Scan this web page content before my agent reads it", "Check this database record before injecting it into the agent context", "Validate this API response before the agent processes it" ], "inputModes": [ "application/json" ], "outputModes": [ "application/json" ], "endpoint": "POST https://api.oraclestechnologies.com/v1/guardian/scan/tool-output" }, { "id": "scan-execution-plan", "name": "Agentic Execution Plan Validation", "description": "Validate a compiled/parallel agent execution plan (DAG) before the runtime dispatches it. Decomposes the plan, validates each node through the tool-call gate, and flags dangerous calls hidden in 'atomic'/parallel no-inspect batches, guard-disable steps ordered before payloads, hidden nodes absent from the approval summary, dependency cycles, and agent-swarm fan-out escalation across a session. Returns ALLOW/CHALLENGE/BLOCK with risk_score, node_count, dangerous_node_ids, and signals.", "tags": [ "agentic-security", "execution-plan", "pre-execution", "agent-swarm", "dag-validation", "llm-agent" ], "examples": [ "Validate this parallel tool-call plan before my agent runtime dispatches it", "Check this compiled DAG for a malicious node hidden in an atomic batch", "Scan this multi-step plan for guard-disable steps ordered before a payload" ], "inputModes": [ "application/json" ], "outputModes": [ "application/json" ], "endpoint": "POST https://api.oraclestechnologies.com/v1/guardian/scan/execution-plan" } ], "pricing": { "community": { "label": "Community", "price": "Free", "api_key_required": false, "rate_limits": "Unlimited (local inference — no network calls)", "threat_categories": 6, "install": "pip install ethicore-engine-guardian", "note": "Runs entirely on device. No account required." }, "api_free": { "label": "API — Free", "price": "Free", "api_key_required": true, "monthly_requests": 1000, "rate_limit_rpm": 60, "threat_categories": "150+", "features": [ "Full ONNX MiniLM-L6-v2 semantic analysis", "Managed threat fingerprint database (2,500+ fingerprints)", "Pre-flight and post-flight gates", "Agentic pipeline protection (tool call validation, tool output scanning, execution-plan monitoring)", "Visual, browser, voice/audio analysis", "Cross-modal threat fusion", "LangChain callback integration", "AdversarialLearner (embedding-based)" ], "signup": "https://portal.oraclestechnologies.com" }, "api_pro": { "label": "API — Pro", "price": "$59.99/month", "api_key_required": true, "monthly_requests": 100000, "rate_limit_rpm": 600, "threat_categories": "150+", "features": "All API Free features", "payment_methods": [ "x402 (USDC on Base Mainnet — autonomous)", "Stripe (human-supervised)" ], "autonomous_provision": "POST https://api.oraclestechnologies.com/v1/agents/provision", "x402_key_expires_days": 30, "signup": "https://portal.oraclestechnologies.com" }, "api_enterprise": { "label": "API — Enterprise", "price": "Contact us", "monthly_requests": "Custom", "rate_limit_rpm": "Custom", "threat_categories": "150+", "contact": "support@oraclestechnologies.com" } }, "compliance": { "nist_olir": [ { "framework": "NIST Cybersecurity Framework 2.0", "catalog_entry": "https://csrc.nist.gov/projects/olir/informative-reference-catalog/details?referenceId=209" }, { "framework": "NIST AI Risk Management Framework 1.0", "catalog_entry": "https://csrc.nist.gov/projects/olir/informative-reference-catalog/details?referenceId=210" } ] }, "links": { "product_page": "https://oraclestechnologies.com/guardian", "portal": "https://portal.oraclestechnologies.com", "docs": "https://portal.oraclestechnologies.com/docs", "api_base": "https://api.oraclestechnologies.com", "pypi": "https://pypi.org/project/ethicore-engine-guardian", "github": "https://github.com/OraclesTech/guardian-sdk", "company": "https://oraclestechnologies.com", "support": "support@oraclestechnologies.com", "llms_txt": "https://oraclestechnologies.com/llms.txt", "agent_json": "https://oraclestechnologies.com/.well-known/agent.json" }, "trademark": "Ethicore Engine™ is a trademark of Oracles Technologies LLC.", "tagline": "Intelligence With Integrity" }