Welcome to MAAIS-Runtime! This guide will help you understand the core concepts and get your first AI agents secured in minutes.
MAAIS-Runtime is a security enforcement layer that sits between your AI agents and their actions. Think of it as a security bouncer that:
โโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโ
โ AI Agent โโโโโโถ ActionRequest โโโโโโถ MAAIS โ
โ โ โ โ โ Runtime โ
โโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโ โโโโโโโโฌโโโโโโโ
โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โผ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ Security Evaluation โ
โ โข Policy Engine (YAML rules) โ
โ โข CIAA Constraints โ
โ โข Accountability Resolution โ
โโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโ
โ
โโโโโโโโผโโโโโโโ โโโโโโโโโโโโโโโ
โ Decision โโโโโโถ Execute or โ
โ โ โ Block โ
โโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโ
Every agent action (tool calls, API calls, memory access) is converted into an ActionRequest object and passed through the security runtime.
Security policies are defined in YAML and evaluated deterministically:
- id: "deny_external_http"
applies_to: ["tool_call"]
condition:
target: "http_request"
parameters:
url:
pattern: "^(https?://)(?!localhost|127.0.0.1|internal\.).*"
decision: "DENY"
reason: "External HTTP requests forbidden"
Each action is evaluated against:
All decisions are logged in a hash-chained, tamper-evident audit trail.
# Basic
pip install maais-runtime
# From source
git clone https://github.com/MasterCaleb254/maais-runtime.git
cd maais-runtime
pip install -e .
from langgraph.graph import StateGraph
from core.adapters.langgraph_adapter import secure_tool
@secure_tool(agent_id="calculator", goal="Perform calculations")
def calculator_tool(operation: str, a: float, b: float) -> float:
if operation == "add":
return a + b
elif operation == "subtract":
return a - b
# All calls to calculator_tool go through the security runtime
Run the security demo to verify everything works:
python -m demo.scenarios.attack_scenarios