This folder contains two runnable FIDES samples that use
agent_framework.foundry.FoundryChatClient. Keep this README as the quick
entry point for choosing and running a sample; use
FIDES_DEVELOPER_GUIDE.md for the architecture,
security model, middleware behavior, and API reference.
| Sample | Focus | Demonstrates |
|---|---|---|
email_security_example.py |
Prompt injection defense | SecureAgentConfig, Foundry-backed email handling, quarantined_llm, and approval on policy violations |
repo_confidentiality_example.py |
Data exfiltration prevention | Confidentiality labels, Foundry-backed repository access, max_allowed_confidentiality, and approval before leaking private data |
Run these samples from the python/ directory with the repo development
environment available.
- Azure CLI authentication:
az login FOUNDRY_PROJECT_ENDPOINTset in your environmentFOUNDRY_MODELset in your environment for the main agent deployment- Local dev environment installed (for example,
uv sync --dev)
Both samples use FOUNDRY_MODEL for the main agent and keep the quarantine
client pinned to gpt-4o-mini.
The FIDES APIs in these samples are still experimental. Each sample includes a
short commented warnings.filterwarnings(...) snippet near the imports.
Uncomment it if you want to suppress the FIDES warning before using the
experimental APIs locally.
This sample simulates an inbox containing trusted and untrusted emails,
including prompt-injection attempts that try to force a privileged send_email
tool call.
Run it with:
uv run samples/02-agents/security/email_security_example.py --cli
uv run samples/02-agents/security/email_security_example.py --devuiWhat to look for:
- Untrusted email bodies are handled through the FIDES security flow
quarantined_llmprocesses hidden content in isolation- DevUI requests approval if the agent tries a blocked privileged action
This sample simulates a public issue that tries to trick the agent into reading private repository secrets and posting them to a public channel.
Run it with:
uv run samples/02-agents/security/repo_confidentiality_example.py --cli
uv run samples/02-agents/security/repo_confidentiality_example.py --devuiWhat to look for:
- Reading public content keeps the context public
- Reading private content taints the context as private
- Posting private data to a public destination triggers an approval request
For the full FIDES design and API details, see FIDES_DEVELOPER_GUIDE.md, which covers:
- integrity and confidentiality labels
- label propagation and auto-hiding behavior
- policy enforcement middleware
- security tools such as
quarantined_llmandinspect_variable SecureAgentConfigand manual integration patterns