Model-Agnostic Integration Guide

Because AgentSecurity is a declarative specification, it is inherently model-agnostic. Whether you use OpenAI, Anthropic, Google, Mistral, or an open-source model running locally, the principles and configuration remain exactly the same.

Provider Agnosticism

AgentSecurity focuses on the tools and environment boundaries rather than the underlying LLM's system prompt or vendor-specific API limitations.

In your AGENTSECURITY.md, specify the provider in the tool scope, so your validator knows what is allowed:

tools:
  - name: llm_api
    permission: read_only
    scope:
      provider: "anthropic" # Or "openai", "google", "local"
      model: "claude-3-5-sonnet"
      max_tokens_per_call: 8192

How to Enforce the Policy in Any Agent

Integration typically relies on reading properties from the policy at initialization time and wrapping your agent's tool invocations. The pattern looks like this in Python:

# 1. Load the policy
from agentsec.parser import parse_policy
policy = parse_policy("AGENTSECURITY.md")

# 2. Configure Model
# model = ChatOpenAI() or ChatAnthropic() or ChatGoogle()

# 3. Intercept and Validate
def execute_tool(tool_name, parameters):
    # Check if the tool is allowlisted in the loaded policy
    if not policy.allows(tool_name):
        return "Action denied: tool not in AGENTSECURITY.md"
        
    # Check if scopes are respected
    if tool_name == "web_search":
        if not policy.scope_allows("web_search", parameters['url']):
            return f"Action denied: domain {parameters['url']} not allowed."
            
    # Check HITL requirement
    if policy.requires_hitl(tool_name):
        approval = request_human_approval(tool_name, parameters)
        if not approval:
            return "Action denied by human orchestrator."

    # Proceed to execute tool
    return run_tool(tool_name, parameters)

Prompt Locking (System Prompt Injection)

To improve LLM alignment with the policy, inject the parsed policy directly into the agent's system prompt. The CLI can generate the prompt-friendly XML block for you:

$ agentsec to-prompt .

<agent_security_policy>
  <tier>standard</tier>
  <hard_constraints>
    <rule>Never execute dynamic Python code</rule>
    <rule>Never access paths outside ./output</rule>
  </hard_constraints>
</agent_security_policy>

Append this dynamically generated string to the end of any system prompt so the LLM is explicitly aware of its boundaries and doesn't hallucinate API access.