https://github.com/nishant6118/Polaxis-SDK-MCP
Python SDK and MCP server for Polaxis - AI agent governance platform. Evaluate every tool call against policies in real time: block dangerous actions, enforce budgets, route to human approvals. Under 5ms.
https://github.com/nishant6118/Polaxis-SDK-MCP
agent-governance agent-security agentic-ai ai-agents audit-log compliance crewai fastapi human-in-the-loop langchain llm-security llmops mcp openai prompt-injection pydanticai python sdk soc2 zero-trust
Last synced: about 13 hours ago
JSON representation
Python SDK and MCP server for Polaxis - AI agent governance platform. Evaluate every tool call against policies in real time: block dangerous actions, enforce budgets, route to human approvals. Under 5ms.
- Host: GitHub
- URL: https://github.com/nishant6118/Polaxis-SDK-MCP
- Owner: nishant6118
- License: mit
- Created: 2026-05-23T06:04:11.000Z (about 1 month ago)
- Default Branch: main
- Last Pushed: 2026-06-03T00:57:45.000Z (26 days ago)
- Last Synced: 2026-06-03T02:17:12.242Z (26 days ago)
- Topics: agent-governance, agent-security, agentic-ai, ai-agents, audit-log, compliance, crewai, fastapi, human-in-the-loop, langchain, llm-security, llmops, mcp, openai, prompt-injection, pydanticai, python, sdk, soc2, zero-trust
- Language: Python
- Homepage: https://polaxis.io
- Size: 72.3 KB
- Stars: 1
- Watchers: 0
- Forks: 2
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
Awesome Lists containing this project
- Awesome-AI-Security - Polaxis MCP Server - SDK-MCP?logo=github&label=&style=social)](https://github.com/nishant6118/Polaxis-SDK-MCP) - MCP server that wraps any Model Context Protocol agent with a 7-layer AI security firewall. Stops prompt injection, PII leakage, secret exfiltration, memory poisoning, and authority impersonation at the tool-call layer โ before tools run. 99.4% avg detection rate, 0% false-block rate. [[Benchmark](https://polaxis.io/benchmark)] [[polaxis.io](https://polaxis.io)] ([โ](#table-of-contents)Tools <a name="tools"></a> / Agent Tooling and MCP Security)
- awesome-ai-agents - Polaxis - SDK-MCP) | Pre-execution runtime firewall for AI agents - 7-layer threat detection and spend controls | (โ๏ธ Agent Operations / ๐ Security & Governance)
README

Polaxis Python SDK & MCP Server
The runtime control layer between your AI agents and the real world โ intercept every tool call, enforce policies, require human approval, audit everything. Before anything executes.
[](https://pypi.org/project/polaxis)
[](https://pypi.org/project/polaxis)
[](LICENSE)
[](#)
[](https://docs.polaxis.io)
[](https://polaxis.io)
[](https://polaxis.io/register)
[](https://polaxis.io/benchmark)
---
## What is Polaxis?
Polaxis is the **runtime control layer** between your AI agents and the tools they call.
You put an API gateway in front of your backend. Polaxis is that gateway for your agents โ every tool call intercepted before it executes, evaluated against your policies, and either allowed, blocked, or routed for human approval.
```
Your AI agent
โ
โ tool_call("delete_records", {"table": "users_prod"})
โผ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ Polaxis Control Layer โ
โ โ
โ L1 Regex scan โ 80+ patterns: injection, PII โ
โ L2 Risk scorer โ 15 signals, sub-millisecond โ
โ L3 LLM semantic gate โ fires on ~11% of calls only โ
โ L4 Behavioral baseline โ detects slow drift attacks โ
โ L5 Session graph โ recon โ exfil kill-chain โ
โ L6 Threat intel โ per-agent threat level 0โ4 โ
โ L7 Policy engine โ your rules, budgets, logic โ
โ โ
โ 0.15ms p50 (regex layers) ยท $0.00026 per call โ
โโโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโ
โ โ
ALLOW BLOCK / ESCALATE
โ โ
Your tools run Human approves via
(database, APIโฆ) Slack or dashboard
```
### Three outcomes for every call
| Decision | Meaning | What to do |
|----------|---------|------------|
| `approved` | Within policy. Proceed. | Execute the tool |
| `blocked` | Violates a rule or budget cap. | Abort โ reason logged |
| `escalated` | Human sign-off required. | Wait for approval via Slack or dashboard |
---
## Quickstart โ 3 lines
```bash
pip install polaxis
```
```python
from polaxis import Polaxis
guard = Polaxis(api_key="ag_prod_...", agent_id="my-agent")
# Wrap any tool call โ works with any framework
result = await guard.evaluate(
tool_name="delete_records",
tool_input={"table": "users_prod"}
)
# result.decision โ "approved" | "blocked" | "escalated"
# result.reason โ "rule: no-prod-delete ยท 0.15ms"
```
That's it. Works with LangChain, LangGraph, CrewAI, OpenAI Agents SDK, PydanticAI, AutoGen, or any custom agent โ anything that calls a tool.
---
## MCP Proxy โ zero code
For Claude Desktop, Cursor, or any MCP client: set three env vars and point your client at the proxy. No code changes.
```bash
export POLAXIS_API_KEY=ag_prod_...
export POLAXIS_AGENT_ID=claude-desktop
export TARGET_MCP_SERVER_URL=http://localhost:8080
# Start the proxy
python -m polaxis.mcp_proxy
```
Every MCP tool call now goes through Polaxis before it reaches your server.
---
## What it protects against
| Threat | What it catches |
|--------|-----------------|
| **Prompt injection** | Direct, indirect (RAG/email), encoded (Base64, Unicode, NATO phonetic), multilingual |
| **Credential leakage** | 25+ vendor key formats + high-entropy detection |
| **PII exfiltration** | SSN, passport, credit card, phone, email โ 10+ languages |
| **Memory poisoning** | MINJA-style latent trigger attacks on vector stores |
| **Authority claims** | Admin impersonation, sudo escalation, fake system overrides |
| **Policy Puppetry** | XML/INI/JSON structured prompts claiming to disable security |
| **Economic DoS** | Token amplification attacks โ hard session cap enforced |
---
## Detection accuracy
> Measured on **459 real-world adversarial payloads** โ hard tier includes Base64, ROT13, Unicode homoglyphs, zero-width chars, 10+ languages, MINJA memory poisoning, EchoLeak indirect injection.
| Threat Category | Detection Rate |
|---|:---:|
| Prompt Injection | **99.0%** |
| Credential / Secret | **100.0%** |
| PII Detection | **97.8%** |
| Memory Poisoning | **96.7%** |
| Authority Claims | **100.0%** |
| LLM false positive rate | **4.0%** |
| Regex false positive rate | **0.0%** |
**99.4% average detection across all threat categories.**
โ [Full benchmark methodology](https://polaxis.io/benchmark)
---
## Performance
| Layer | p50 latency | Notes |
|-------|-------------|-------|
| Regex + risk scorer | **0.15ms** | Pure Python, no I/O |
| Full 7-layer (no LLM) | **~0.5ms** | 89% of calls |
| With LLM semantic gate | **80โ200ms** | ~11% of calls |
| Cost per call | **$0.00026** | LLM layer only when needed |
---
## Framework examples
LangChain
```python
from langchain.tools import tool
from polaxis import Polaxis
guard = Polaxis(api_key="ag_prod_...", agent_id="langchain-agent")
@tool
async def delete_records(table: str) -> str:
"""Delete records from a table."""
result = await guard.evaluate(
tool_name="delete_records",
tool_input={"table": table}
)
if result.decision == "blocked":
return f"Blocked: {result.reason}"
# proceed with deletion
return f"Deleted records from {table}"
```
OpenAI Agents SDK
```python
from agents import Agent, function_tool
from polaxis import Polaxis
guard = Polaxis(api_key="ag_prod_...", agent_id="openai-agent")
@function_tool
async def send_email(to: str, body: str) -> str:
result = await guard.evaluate(
tool_name="send_email",
tool_input={"to": to, "body": body}
)
if result.decision != "approved":
return f"Action {result.decision}: {result.reason}"
# send email
```
CrewAI
```python
from crewai_tools import BaseTool
from polaxis import Polaxis
guard = Polaxis(api_key="ag_prod_...", agent_id="crewai-agent")
class SafeDatabaseTool(BaseTool):
async def _run(self, query: str) -> str:
result = await guard.evaluate(
tool_name="run_query",
tool_input={"query": query}
)
if result.decision == "blocked":
return f"Blocked by Polaxis: {result.reason}"
# execute query
```
---
## Policy rules
Define policies in the dashboard or via JSON:
```json
[
{
"rule": "no-prod-delete",
"tool": "delete_records",
"condition": "table LIKE '%prod%'",
"action": "block"
},
{
"rule": "large-charge-approval",
"tool": "charge_card",
"condition": "amount > 500",
"action": "escalate",
"notify": "#finance-alerts"
},
{
"rule": "daily-budget",
"agent": "*",
"budget_usd": 50,
"period": "day",
"action": "block"
}
]
```
---
## Links
| | |
|---|---|
| **Dashboard** | [polaxis.io](https://polaxis.io) |
| **Docs** | [docs.polaxis.io](https://docs.polaxis.io) |
| **Interactive demo** | [polaxis.io/demo](https://polaxis.io/demo) |
| **Benchmark** | [polaxis.io/benchmark](https://polaxis.io/benchmark) |
| **Free tier** | 1 agent ยท 10,000 calls/month ยท no card required |
| **PyPI** | `pip install polaxis` |
---
## License
MIT โ free to use, modify, and distribute.