Quickstart

EnforceCore v1.0.15

Get up and running with EnforceCore in under 5 minutes.

Info

Info: EnforceCore is designed for Python 3.10+. We strongly recommend using a virtual environment.

1. Installation

Install the core library:

pip install enforcecore

For full features including OpenTelemetry support and all framework adapters:

pip install "enforcecore[all]"

2. Define a Policy

EnforceCore uses declarative YAML policies to define what an agent is allowed to do. Create a file named strict.yaml:

name: "strict-policy"
version: "1.0"
description: "A strict policy for web-search agents"

rules:
  # Allow specific tools
  allowed_tools:
    - search_web
    - calculator
  
  # Explicitly deny dangerous tools
  denied_tools:
    - execute_shell
    - delete_file
  
  # Redact PII from inputs and outputs
  pii_redaction:
    enabled: true
    categories: [email, phone, ssn, credit_card]
    strategy: placeholder

# Action to take on violation (block, log_only, redact)
on_violation: block

Warning

Warning: Policies are strict by default. Any tool not explicitly allowed or denied falls back to the default behavior configured in your global settings (usually deny).

3. Enforce Your Code

Wrap your agent's functions with the @enforce decorator.

import asyncio
from enforcecore import enforce, EnforcementViolation

# 1. Apply the policy
@enforce(policy="strict.yaml")
async def search_web(query: str) -> str:
    # Simulating a tool call
    return f"Results for: {query}"

@enforce(policy="strict.yaml")
async def execute_shell(cmd: str) -> str:
    # This should be blocked
    return f"Executed: {cmd}"

async def main():
    try:
        # Allowed Action
        print("🤖 Agent: Searching web...")
        result = await search_web("Python security best practices")
        print(f"✅ Success: {result}")
        
        # Blocked Action
        print("\n🤖 Agent: Attempting shell execution...")
        await execute_shell("rm -rf /")
        
    except EnforcementViolation as e:
        print(f"⛔ BLOCKED: {e}")

if __name__ == "__main__":
    asyncio.run(main())

4. Verify the Audit Trail

EnforceCore automatically logs all actions to a tamper-proof Merkle chain.

from enforcecore import verify_trail

# Verify the integrity of the audit log
result = verify_trail("audit_logs/trail.jsonl")

print(f"Valid: {result.is_valid}")
print(f"Entries: {result.total_entries}")
print(f"Chain Intact: {result.chain_intact}")

Info

Note: Audit logs are stored locally by default but can be configured to stream to S3, GCS, or a remote transparency log.

5. Using the CLI

You can also validate policies and trails directly from the command line:

# Validate policy syntax
enforcecore validate strict.yaml

# Verify audit logs
enforcecore verify audit_logs/trail.jsonl

# Dry-run a policy against a tool
enforcecore dry-run strict.yaml search_web --args '{"query": "test"}'

Next Steps

Now that you have the basics, explore the core concepts:

Architecture - How the enforcement engine works.
Policy Engine - Deep dive into YAML policy syntax.
Integrations - Use with LangGraph, CrewAI, and AutoGen.