Sunglasses is a filter that sits ahead of your agent. Always ON. Every input your agent would read — emails, web pages, tool responses, RAG chunks, peer-agent messages — the filter scans first. If hostile, your agent never sees it.
The filter runs on every untrusted input. Each scan returns exactly one decision.
Hostile content detected. The agent never acts on it. Your agent sees a safe error instead of the attack.
Suspicious but not conclusive. Flagged and logged, passed through with a warning. Useful for fuzzy matches.
Clean input. Agent proceeds as normal. No overhead, no friction, no false positive.
Local. No cloud. No API key. No telemetry. Your agent talks to Sunglasses over local stdio or in-process Python calls.
One filter. Many wiring options. Pick the page that matches the agent you use.
One command. Claude gets the scan tool in its toolbox. The killer path for day-to-day protection.
Register via openclaw mcp set. Works across every OpenClaw channel.
Sandboxed OpenClaw with NVIDIA OpenShell. Sunglasses wires in at the OpenClaw layer.
Add Sunglasses as an MCP server in Cursor settings. Cascade gets the scan tool automatically.
Drop Sunglasses into Cline's MCP settings. Especially valuable in auto-approve mode.
Codeium's AI IDE supports MCP natively. One config entry wires the filter in.
Add sunglasses as a context_server in Zed's settings.json.
Terminal output is a top attack surface. Filter every command result before the agent acts.
5-line guard in your Hermes mission files. Protects unattended autonomous cycles.
Drop-in callback. Every input your LangChain agent sees — scanned first. 100% enforcement.
Filter between every agent in a CrewAI crew. Stops cross-agent injection at the handoff.
Subclass ConversableAgent with filter-first message handler.
3-line guard around Runner.run(). Works with the Agents SDK and Swarm.
Drop engine.scan() in front of any LLM call — Anthropic, OpenAI, Gemini.
Same filter underneath. Different wiring based on your stack.
Install Sunglasses and run the built-in demo. 10 real attack scenarios get blocked with category + severity reported for each.
python3 -m venv sunglasses-env source sunglasses-env/bin/activate pip install sunglasses sunglasses demo
Windows: replace source sunglasses-env/bin/activate with sunglasses-env\Scripts\activate.
A filter that sits ahead of your AI agent. Always ON. Every input your agent would read — emails, web pages, tool responses, RAG chunks, peer-agent messages — the filter scans first. If hostile, your agent never sees it. Open source, MIT licensed, runs locally.
Untrusted text passes through engine.scan() first. The scan returns one of three decisions — block, warn, or allow — based on 649 patterns across 55 categories. Average scan time is 0.26ms.
Prompt injection, credential exfiltration, memory poisoning, tool output poisoning, cross-agent injection, retrieval poisoning, social engineering, and encoded-attack evasions across 23 languages. 649 patterns across 55 categories. 17 normalization techniques to catch obfuscated attacks.
Claude Code, Claude Desktop, OpenClaw, NemoClaw, Cursor, Cline, Windsurf, Zed, Warp, Hermes-Agent, LangChain, CrewAI, Microsoft AutoGen, OpenAI Agents SDK, and any custom Python agent. See the wiring grid above — each option links to a full walkthrough.
No. Sunglasses runs entirely on your machine. No API key, no cloud service, no telemetry. Install from PyPI into a Python virtual environment.
Depends on the wiring. Framework callbacks (LangChain, CrewAI) enforce scanning on every input by design — 100% mandatory. MCP server registration (Claude Code, Cursor, OpenClaw, Cline, etc.) makes the scan tool available; the agent decides when to call it. Add a system prompt rule to make MCP scanning mandatory.
Average scan time is 0.26ms on M3 Max. Throughput is ~3,830 scans per second single-threaded. Invisible next to LLM call latency.