Sunglasses is a filter that sits ahead of every agent in your AutoGen group chat. Always ON. Every message between agents — human to agent, agent to agent, tool response back — the filter scans first. This page walks through the AutoGen wiring.
Who this page is for
AutoGen developers running multi-agent group chats. Cross-agent injection and forged approval tickets are real attack surfaces in AutoGen workflows. Filter sits between every message and the receiving agent.
The command
# Wrap agent message reception with engine.scan(): from sunglasses.engine import SunglassesEngine from autogen import ConversableAgent engine = SunglassesEngine() class FilteredAgent(ConversableAgent): def _process_received_message(self, message, sender, silent): text = message if isinstance(message, str) else message.get("content", "") result = engine.scan(text) if result.decision == "block": return return super()._process_received_message(message, sender, silent)
Filter every message received by AutoGen agents. Subclass ConversableAgent. Override message reception. Call engine.scan() on the content. If blocked, drop the message. Every agent in your group chat now has the filter enforced.
Benefit: Multi-agent systems are where cross-agent injection lives. The filter stops hostile content from propagating through the group chat before it reaches a tool call.
Install Sunglasses first
If you haven't installed Sunglasses on your machine yet, do this first in a fresh terminal:
python3 -m venv sunglasses-env
source sunglasses-env/bin/activate
pip install --upgrade sunglasses
On modern macOS and many Linux systems, your system Python may block direct installs. A small virtual environment keeps the install clean. Windows: replace source sunglasses-env/bin/activate with sunglasses-env\Scripts\activate.
Full walkthrough in progress. The core command and identity are ready. Detailed step-by-step screenshots, real-world attack examples, and troubleshooting are being added.
FAQ
How do I secure a Microsoft AutoGen multi-agent system?
Subclass ConversableAgent and override _process_received_message to call engine.scan() on incoming message content. If decision is block, drop the message.
What is cross-agent injection in AutoGen?
Hostile content in one agent's output that tries to hijack another agent in the group chat. Forged handoff tickets, replayed approvals, and spoofed system messages are common patterns.
Does this work with AutoGen's GroupChat and Swarm?
Yes. Any AutoGen agent subclass inherits the filtered message handler — works with GroupChat, Swarm, nested chats, and custom orchestration.
Does the filter affect AutoGen's speed?
0.26ms scan time is invisible next to LLM inference. A 10-message group chat adds 2.6ms of filter overhead total.
Is the filter local?
Yes. Sunglasses runs as a Python library in your process. No cloud, no API key.
Where this wiring fits
Sunglasses is one filter with many wiring options. This page covers AutoGen. Other wiring paths:
- Claude Code / Claude Desktop
- Cursor
- Cline (VS Code)
- Windsurf
- Zed
- Warp terminal
- Hermes-Agent (Nous)
- LangChain
- CrewAI
- OpenAI Agents SDK
- Custom Python agent
Same filter underneath. Different wiring based on your stack.