scandar-guard
v0.1.1
Published
Runtime security monitoring for AI agents. In-process. No data leaves your environment.
Maintainers
scandaraiReadme
@scandar/guard
Runtime security monitoring for AI agents. Drop-in wrapper for Anthropic, OpenAI, Vercel AI SDK, and MCP clients.
Zero data leaves your environment. All inspection runs in-process.
Install
npm install @scandar/guardQuick Start
import Anthropic from "@anthropic-ai/sdk";
import { guard } from "@scandar/guard";
const client = guard(new Anthropic(), {
agentId: "my-agent",
apiKey: "sk_your_key", // enables Scandar Overwatch
});
const response = await client.messages.create({
model: "claude-sonnet-4-20250514",
max_tokens: 1024,
messages: [{ role: "user", content: "Hello" }],
});OpenAI
import OpenAI from "openai";
import { guard } from "@scandar/guard";
const client = guard(new OpenAI(), { agentId: "my-agent", apiKey: "sk_your_key" });Vercel AI SDK
import { openai } from "@ai-sdk/openai";
import { withGuard } from "@scandar/guard/integrations/vercel-ai";
const model = withGuard(openai("gpt-4o"), { apiKey: "sk_xxx", agentId: "my-agent" });What it detects
- Prompt injection (direct, indirect, encoded, multi-turn)
- Tool argument injection and data exfiltration sequences
- Privilege escalation and anomalous tool call patterns
- Behavioral profile deviations
- 140+ detection rules mapped to OWASP LLM Top 10
Configuration
guard(client, {
mode: "observe", // or "block" to throw on critical findings
apiKey: "sk_xxx", // enables Scandar Overwatch telemetry
agentId: "my-agent", // agent identifier for fleet tracking
enforcement: true, // pre-execution gate (blocks before tool runs)
blockOn: ["critical"], // severities that trigger blocking
});Scandar Overwatch
When apiKey + agentId are set, Guard sends anonymized telemetry (tool names, finding categories, threat scores — never prompts or content) to the Scandar Overwatch for fleet-wide visibility.