Inspiration
Agentic applications gaining popularity and the introduction of MCP, the apps can now use a plethora of tools anywhere on the network. As the agents are graduating from lab to prod, the enterprises would want to access to unverified tools.
What it does
This project allows agents built with AWS Strand framework to be subject to an externally configured 'restrict-list' of tools. If the agent invoke any of these tools, it'll be blocked. This is a runtime configuration and doesn't require any design/coding changes in the agent.
How we built it
This project leverages Monocle, a community open source project under Linux Foundation. Monocles provides out of the box instrumentation of multiple GenAI SDKs and agent frameworks, as well as provides a test framework for agents and other GenAI apps. By extending Monocle's instrumentation capability to intercept a tool invocation, we can block a tool from being executed. Since the instrumentation happen at runtime, the list of such tools can be dynamic set and update, independently by security/admin folks.
Challenges we ran into
Monocle has not yet implemented support for AWS Strand. This project required first adding that support and then implementing the restrictions for tool invocation.
Accomplishments that we're proud of
This is a step towards extending the instrumentation/telemetry library to enable guardrails.
What we learned
What's next for Restrict unapproved tools in AWS Strands with Monocle
Contribute this work to open source monocle project.
Built With
- amazon-web-services
- bedrock
- monocle
- python
- strand
Log in or sign up for Devpost to join the conversation.