Part of the AI agent security lifecycle

Inline compliance for agent I/O.

Every agent that calls a hosted LLM copies its content into a third party. aicomply checks that content first. It returns a verdict and structured findings, and you decide whether to block, redact, log, or pass.

$ npx @opena2a/aicomply scan

No integration code. Pipe in content or pass a file.

View on GitHub See all tools
terminal
$ echo "My SSN is 123-45-6789, please update the record." \
    | npx @opena2a/aicomply scan

  VIOLATION  (stdin)   1 finding
    SSN          123-•••89          confidence 0.95  layer regex

Verdict: VIOLATION  ·  block, redact, or log before this reaches an LLM.

Exit code is 0 for a clean verdict and 1 when anything is flagged, so it drops straight into CI.

Two detection layers

A deterministic regex layer that always runs, plus an optional NanoMind semantic layer for patterns regex cannot see.

No external calls of its own

The regex layer runs locally in roughly a millisecond. The semantic layer talks only to a daemon on localhost.

Masked by default

Detected values are masked in output, so the CLI never prints a full secret to a terminal or a CI log.

What it detects.

The regex layer handles the structured, deterministic cases. The semantic layer adds intent-level detection when the NanoMind daemon is running locally.

Regex layer

Always on. Sub-millisecond. Handles homoglyph folding, zero-width strip, and bounded Base64 or URL decode so evasion does not slip past.

  • PII
    SSN, passport numbers, medical record numbers, NPI
  • Financial
    PAN (Luhn-validated), IBAN (mod-97-validated)
  • Credentials
    AWS keys, GitHub tokens, Bearer tokens, generic api_key=
  • Government
    CUI, FOUO, CONTROLLED markings

Semantic layer

Opt-in through the NanoMind security classifier. Catches intent-level attacks the regex layer cannot see. Falls back to regex-only when the daemon is not running.

  • prompt_injection
    Ignore-previous-instructions, role-switching, override prompts
  • exfiltration_pattern
    Requests crafted to siphon data through tool outputs
  • tool_misuse
    Inputs that pressure the agent into unsanctioned tool calls
  • data_extraction
    Bulk-readout requests targeting sensitive fields

Two ways to run it.

Use it from the OpenA2A CLI in a TypeScript or Node stack, or install the Python package for a Python agent.

CLI and npm

@opena2a/aicomply 2.1.0

$ opena2a comply ./transcript.log

The OpenA2A CLI ships a comply command. The library exposes a stable comply() API for a tool-result handler or a message-egress wrapper. Both CommonJS and ESM ship in the package.

Explore the CLI

Python

aicomply 0.1.0

$ pip install aicomply

A faithful port of the deterministic layer with the same corpus baseline. It ships guard_output and guard_io decorators and a LangChain callback so a Python agent can wrap its I/O in a few lines.

View on PyPI

Check content before it leaves.

aicomply runs at the boundary between a tool result and the model. It is open source, has no external calls of its own, and gives you the verdict so the policy stays yours.

$ npx @opena2a/aicomply scan
View on GitHub See all tools