smolagents
Wrap any smolagents Tool so AxioRank scores every execution, with the schema untouched.
smolagents (Hugging Face) executes
tools through Tool.__call__, which funnels into the tool's forward method.
The AxioRank adapter shadows forward on the instance with a guarded version:
the tool's name, description, and input schema are untouched, so the guarded
tool is a drop-in replacement in any CodeAgent or ToolCallingAgent toolbox.
Install
pip install axiorank smolagentsThe adapter is framework-free (it only wraps the instance method), so it works
with any smolagents version that has Tool.forward.
Guard a toolbox
from smolagents import CodeAgent, InferenceClientModel, WebSearchTool
from axiorank import AxioRank
from axiorank.integrations.smolagents import guard_tools
axio = AxioRank(api_key="axr_live_...")
agent = CodeAgent(
tools=guard_tools([WebSearchTool()], axio, on_deny="return"),
model=InferenceClientModel(),
)
agent.run("Find the latest MCP security advisories.")Every tool execution is scored first. On a deny, on_deny="return" hands the
agent a short refusal string it can recover from; the default on_deny="raise"
raises AxioRankDeniedError and fails the step hard.
Positional arguments are bound to the tool's forward signature so the audit
log records named arguments ({"query": "..."}), not an opaque tuple.
Correlate a run
Pass a trace handle instead of the bare client so the gateway can correlate the whole run into a kill-chain trace:
with axio.trace() as t:
agent = CodeAgent(tools=guard_tools(tools, t), model=model)
agent.run(task)Output inspection
Pass inspect_results=True to also score each untrusted-source tool's output
(web results, fetched pages) for indirect prompt injection before the model
ingests it. See Tool-output inspection.