Build & integrate
How Your Agent Calls IRIS
IRIS enforces Cedar policy before every LLM call executes. Replace one import — keep the rest of your code.
Drop-in LLM clients
IRIS ships governed wrappers for major SDKs. Cedar evaluates every request in-process.
Anthropic
# pip install iris-security-sdk[anthropic]
# client = anthropic.Anthropic()
from iris_anthropic import IrisAnthropic
client = IrisAnthropic(
passport=passport,
user_work_authorization="us-citizen", # for frontier-restricted models
)
response = client.messages.create(model="claude-sonnet-4-6", ...)
# client = anthropic.Anthropic()
from iris_anthropic import IrisAnthropic
client = IrisAnthropic(
passport=passport,
user_work_authorization="us-citizen", # for frontier-restricted models
)
response = client.messages.create(model="claude-sonnet-4-6", ...)
OpenAI
from iris_openai import IrisOpenAI
client = IrisOpenAI(passport=passport)
client = IrisOpenAI(passport=passport)
Gemini / Vertex AI
from iris_gemini import IrisGemini
from iris_vertexai import IrisVertexAI
from iris_vertexai import IrisVertexAI
LangChain & CrewAI
# pip install iris-security-sdk[langchain]
from iris_langchain import IrisCallbackHandler
# pip install iris-security-sdk[crewai]
# CrewAI agents use IrisAgent.guard on tool calls
from iris_langchain import IrisCallbackHandler
# pip install iris-security-sdk[crewai]
# CrewAI agents use IrisAgent.guard on tool calls
Verify enforcement is wired
iris enforce --agent support-agent --dir .
iris explain # how the proxy works
iris explain # how the proxy works
Use @agent.guard() to evaluate non-LLM API calls against Cedar policy.
from iris import IrisAgent
agent = IrisAgent(
name="support-agent",
owner="you@company.com",
compliance=["colorado-ai-act"],
is_high_risk_ai=True,
)
@agent.guard(tool="zendesk-api", action="read")
def fetch_ticket(ticket_id: str) -> dict:
return zendesk.get(ticket_id)
@agent.guard(tool="openai-api", action="call", data_classification="pii")
def generate_response(ticket: dict) -> str:
return client.complete(ticket)
agent = IrisAgent(
name="support-agent",
owner="you@company.com",
compliance=["colorado-ai-act"],
is_high_risk_ai=True,
)
@agent.guard(tool="zendesk-api", action="read")
def fetch_ticket(ticket_id: str) -> dict:
return zendesk.get(ticket_id)
@agent.guard(tool="openai-api", action="call", data_classification="pii")
def generate_response(ticket: dict) -> str:
return client.complete(ticket)
HITL and delegation
High-risk actions can require human approval. Pass hitl_approved=True after iris hitl approve. Cedar evaluates acting_for_user and consent fields for delegation. See HITL & Delegation.
What happens on violation
- The call is blocked before it executes (in production)
- A plain-English error explains the violation and remediation step
- The event is logged to the local Evidence Vault
Environment behavior
export IRIS_ENV=production # fail closed
export IRIS_ENV=dev # warn only
export IRIS_ENV=dev # warn only
Model suspensions
When a provider or government suspends a model, update governance/directives/active.yaml. IRIS hot-reloads and auto-routes to your fallback. See Model Governance.