TealTiger

June 1, 2026 · View on GitHub

AI Agent Security & Governance SDK

Deterministic governance, guardrails, cost tracking, and policy management for LLM applications. Open source. TypeScript + Python. Works with any provider.

Website · Documentation · Examples · Discord · Contributing

What is TealTiger?

TealTiger is an open-source SDK that provides deterministic governance for AI agents. It enforces security policies, tracks costs, and produces structured evidence — all at runtime, with no infrastructure required.

Looking for the source code? This is the hub repo. The SDK source lives in the language-specific repos:

TypeScript SDK: tealtiger-typescript-prod

Python SDK: tealtiger-python-prod

Or clone this repo with submodules: git clone --recurse-submodules https://github.com/agentguard-ai/tealtiger.git

Unlike probabilistic safety filters, TealTiger uses deterministic policy evaluation: same input + same policy = same decision, every time. Every governance verdict is reconstructable, traceable to the human who authored the policy, and exportable as structured evidence (SARIF, JUnit XML, JSON).

Key principle: Governance should be an engineering property embedded in the runtime — not a document reviewed after the fact.

🚀 Quick Start

TypeScript

npm install tealtiger

import { TealOpenAI } from 'tealtiger';

const client = new TealOpenAI({
  apiKey: process.env.OPENAI_API_KEY,
  guardrails: {
    piiDetection: true,
    promptInjection: true,
    contentModeration: true,
  },
  budget: {
    maxCostPerRequest: 0.50,
    maxCostPerDay: 10.00,
  },
});

const response = await client.chat.completions.create({
  model: 'gpt-4',
  messages: [{ role: 'user', content: 'Hello!' }],
});
// Guardrails enforced. Cost tracked. Evidence produced.

Python

pip install tealtiger

from tealtiger import TealOpenAI

client = TealOpenAI(
    api_key=os.getenv("OPENAI_API_KEY"),
    guardrails={
        "pii_detection": True,
        "prompt_injection": True,
        "content_moderation": True,
    },
    budget={
        "max_cost_per_request": 0.50,
        "max_cost_per_day": 10.00,
    },
)

response = client.chat.completions.create(
    model="gpt-4",
    messages=[{"role": "user", "content": "Hello!"}],
)
# Guardrails enforced. Cost tracked. Evidence produced.

✨ Features

🛡️ Security Guardrails

PII Detection — Detect and redact sensitive information automatically
Prompt Injection Prevention — Block malicious prompt injection attempts
Content Moderation — Filter toxic, harmful, or inappropriate content
Secret Detection — 500+ patterns across 9 categories with confidence scoring
Custom Rules — Define your own security policies

💰 Cost Governance

Budget Enforcement — Hard limits per request, session, and day
Cost Tracking — Real-time monitoring across all providers
Cost Alerts — Notifications at configurable thresholds
Circuit Breakers — Prevent runaway cost loops automatically

🔌 12 LLM Providers

OpenAI — GPT-4, GPT-4o, GPT-3.5
Anthropic — Claude 3.5, Claude 3
Google Gemini — Multimodal support
AWS Bedrock — Claude, Titan, Jurassic, Command, Llama
Azure OpenAI — Deployment-based routing
Cohere — Chat, RAG, embeddings
Mistral AI — European data residency
DeepSeek — Cost-efficient reasoning models
Groq — Ultra-low latency inference
Together AI — Open-source model hosting
HuggingFace TGI — Self-hosted inference
xAI (Grok) — Real-time knowledge

🔌 Platform Adapters

AWS Bedrock Agents — Native guardrail adapter
AWS AgentCore — Pre/post action governance plugin
Azure AI Agent Service — Tool-call pipeline middleware

🏗️ Governance Architecture

Deterministic Policy Evaluation — No LLM in the governance path
Structured Evidence — Every decision produces a reconstructable record
Cryptographic Proof — Merkle trees + RFC 3161 timestamping (TealProof)
Non-Human Identity (NHI) — Agent lifecycle, scope enforcement, Zero Standing Privilege
FREEZE Rules — Immutable emergency kill switches with tamper detection
Correlation IDs — End-to-end traceability across the decision chain
Policy Traceability — Every verdict traces to the human policy author
OWASP Agentic Top 10 — Zero-config policy pack covering all 10 ASI risks

🗺️ Governance Coverage

Dimension	What it does	Module
🛡️ Security	Secret detection (500+ patterns), prompt injection, PII, content moderation, Unicode normalization, encoded output detection	`TealSecrets` `TealGuard`
🔑 Identity	Non-Human Identity lifecycle, scope enforcement, Zero Standing Privilege, agent attestation	`TealEngine (NHI)`
⚡ Reliability	Circuit breakers, retry budgets, fallback chains, deterministic degradation	`TealCircuit` `TealReliability`
🧠 Memory	Write provenance, instruction injection detection, exfiltration prevention, scope enforcement	`TealMemory`
💰 Cost	Governance-owned ceilings, anomaly detection, reasoning-token budgets, per-agent attribution	`TealMonitor`
📋 Evidence	Cryptographic receipts (Merkle + RFC 3161), SARIF export, OTel spans, SIEM integration	`TealProof` `TealAudit`
⚙️ Policy	FREEZE rules, PLAN_ONLY mode, hot-swap bundles, anti-tamper, automation levels	`TealEngine`
🔄 Workflow	Declarative YAML governance workflows, org-level inheritance, floor enforcement	`TealFlow`
📊 Drift	Behavioral drift detection, statistical baselines, model output regression	`TealDrift`
⏱️ Temporal	Session TTL, cooldown periods, time-of-day restrictions	`TealTemporal`
🔍 Registry	MCP definition-drift monitoring, tool description scanning, adapter composition allowlist	`TealRegistry`
🧠 Classification	Local ONNX ML inference (≤20ms), ensemble modes, regex+ML combination	`TealClassifier`

Design principle: No LLM in the governance path. Same input + same policy = same decision, every time.

📦 SDKs

Language	Source Code	Package	Install
TypeScript	tealtiger-typescript-prod	npm	`npm install tealtiger`
Python	tealtiger-python-prod	PyPI	`pip install tealtiger`

📚 Documentation

Badge

Use the TealTiger badge to show that a project is governed by deterministic agent security and cost policies.

Light badge:

[![Governed by TealTiger](https://raw.githubusercontent.com/agentguard-ai/tealtiger/main/assets/badges/governed-by-tealtiger.svg)](https://github.com/agentguard-ai/tealtiger)

Dark badge:

[![Governed by TealTiger](https://raw.githubusercontent.com/agentguard-ai/tealtiger/main/assets/badges/governed-by-tealtiger-dark.svg)](https://github.com/agentguard-ai/tealtiger)

Python Hugging Face TGI Quickstart

Use examples/python/huggingface_tgi_quickstart.py to try the guarded Hugging Face Text Generation Inference provider from the Python SDK.

export HF_API_TOKEN="your-hugging-face-token"
export HF_TGI_ENDPOINT="https://your-endpoint.endpoints.huggingface.cloud"
export HF_TGI_MODEL="meta-llama/Meta-Llama-3.1-8B-Instruct"

python examples/python/huggingface_tgi_quickstart.py

The example enables guardrail and cost-tracking configuration, sends one sample chat request, then prints the response, token usage, estimated cost, provider, and correlation ID. Use placeholder values in docs and .env.example files; never commit a real HF_API_TOKEN.

TealEngine Policy Schema

Use schemas/tealtiger-policy.schema.json for editor autocomplete and validation when authoring TealEngine policy JSON or YAML files. JSON policy files can include:

{
  "$schema": "./schemas/tealtiger-policy.schema.json"
}

For YAML policies, configure your editor's YAML schema mapping to point policy files such as tealtiger-policy.yml at ./schemas/tealtiger-policy.schema.json.

Validate Policy Files

Use the policy validator script to check a TealTiger policy JSON file before using it in CI/CD or runtime governance:

npm install
npx ts-node scripts/validate-policy.ts ./my-policy.json

You can also run the npm script:

npm run validate:policy -- ./my-policy.json

The validator loads schemas/tealtiger-policy.schema.json, prints schema validation errors, exits 0 when the policy is valid, and exits 1 when the policy is invalid.

🐯 Build With Us — Early Contributor Program

TealTiger is open source and we're looking for early contributors to shape the future of AI agent governance.

What You Can Work On

Area	Examples	Difficulty
🔍 Secret Detection	New detection patterns, custom categories	🟢 Beginner
📝 Documentation	Guides, examples, API docs, typo fixes	🟢 Beginner
🧪 Tests	Unit tests, property-based tests, integration tests	🟡 Intermediate
🔌 Integrations	LangChain, CrewAI, AutoGen, LlamaIndex middleware	🟡 Intermediate
💾 Memory Adapters	Redis, Pinecone, Weaviate, ChromaDB adapters	🟡 Intermediate
🔄 CI/CD Templates	Jenkins, Azure Pipelines, Bitbucket Pipelines	🟡 Intermediate
🏗️ Core Modules	Governance engine, evidence export, policy evaluation	🔴 Advanced

What Early Contributors Get

🏆 Named in CONTRIBUTORS.md and release notes
🎖️ "Founding Contributor" badge — first 25 merged PRs get permanent recognition
📣 Shoutout on TealTiger social channels (LinkedIn, X, Dev.to)
🔑 Early access to upcoming governance features before public release
💬 Direct access to the core team via GitHub Discussions
📝 Co-authorship opportunity on technical blog posts

Get Started

# 1. Star this repo (it helps!)

# 2. Fork and clone the SDK you want to contribute to:
# TypeScript SDK:
git clone https://github.com/agentguard-ai/tealtiger-typescript-prod.git
# Python SDK:
git clone https://github.com/agentguard-ai/tealtiger-python-prod.git

# 3. Pick a "good first issue"
# https://github.com/agentguard-ai/tealtiger/issues?q=label%3A%22good+first+issue%22

# 4. Submit a PR
# 5. Join the team 🐯

See CONTRIBUTING.md for detailed guidelines.

🗺️ Roadmap

Current: v1.3.0 — Autonomous Agent Governance (Released May 18, 2026)

TealEngine v1.3 with pre/post evaluation pipeline, FREEZE rules, automation levels
Non-Human Identity (NHI) governance with Zero Standing Privilege
TealProof — cryptographic governance receipts (Merkle + RFC 3161)
TealFlow — declarative YAML governance workflows
TealClassifier — local ONNX ML inference (≤20ms)
TealDrift, TealState, TealTemporal — behavioral, context, and session governance
TealMonitor v2 — governance-owned cost ceilings, anomaly detection
OWASP Agentic Top 10 policy pack (zero-config)
12 LLM providers + 3 platform adapters (Bedrock, AgentCore, Azure)
Full Python SDK parity

Next: v1.4.0 — Zero-Config Adoption