This folder contains runnable FIDES samples. Keep this README as the quick entry point for choosing and running a sample; use FIDES_DEVELOPER_GUIDE.md for the architecture, security model, middleware behavior, and API reference.
| Sample | Focus | Demonstrates |
|---|---|---|
email_security_example.py |
Prompt injection defense | SecureAgentConfig, Foundry-backed email handling, quarantined_llm, and approval on policy violations |
repo_confidentiality_example.py |
Data exfiltration prevention | Confidentiality labels, Foundry-backed repository access, max_allowed_confidentiality, and approval before leaking private data |
github_mcp_example.py |
Remote MCP URL with local FIDES enforcement | SecureMCPToolProxy(url=...), direct GitHub MCP access, tool auto-labeling, and post-tool-call policy enforcement |
Run these samples from the python/ directory with the repo development
environment available.
- Azure CLI authentication:
az login FOUNDRY_PROJECT_ENDPOINTset in your environmentFOUNDRY_MODELset in your environment for the main agent deployment- Local dev environment installed (for example,
uv sync --dev)
These samples use Foundry for the main agent and keep the quarantine
client pinned to gpt-4o-mini where applicable.
For github_mcp_example.py, set:
GITHUB_PAT(GitHub Personal Access Token)FOUNDRY_PROJECT_ENDPOINT(Foundry project endpoint)FOUNDRY_MODEL(optional model override)
The FIDES APIs in these samples are still experimental. Each sample includes a
short commented warnings.filterwarnings(...) snippet near the imports.
Uncomment it if you want to suppress the FIDES warning before using the
experimental APIs locally.
This sample simulates an inbox containing trusted and untrusted emails,
including prompt-injection attempts that try to force a privileged send_email
tool call.
Run it with:
uv run samples/02-agents/security/email_security_example.py --cli
uv run samples/02-agents/security/email_security_example.py --devui
uv run samples/02-agents/security/email_security_example.py --cli --debugWhen you run the DevUI variant, the sample prints the active DevUI bearer token before starting the server.
Add --debug to enable verbose tool and security middleware logging.
What to look for:
- Untrusted email bodies are handled through the FIDES security flow
quarantined_llmprocesses hidden content in isolation- DevUI requests approval if the agent tries a blocked privileged action
This sample simulates a public issue that tries to trick the agent into reading private repository secrets and posting them to a public channel.
Run it with:
uv run samples/02-agents/security/repo_confidentiality_example.py --cli
uv run samples/02-agents/security/repo_confidentiality_example.py --devuiWhen you run the DevUI variant, the sample prints the active DevUI bearer token before starting the server.
What to look for:
- Reading public content keeps the context public
- Reading private content taints the context as private
- Posting private data to a public destination triggers an approval request
This sample connects directly to https://api.githubcopilot.com/mcp/ through
MCPStreamableHTTPTool, then wraps the MCP client in SecureMCPToolProxy so
FIDES middleware can inspect tool results and enforce policy locally. The
X-MCP-Features: ifc_labels header is passed to opt in to server-side IFC label
emission in tool result _meta.
Run it with:
uv run samples/02-agents/security/github_mcp_example.py --cli
uv run samples/02-agents/security/github_mcp_example.py --cli --attack
uv run samples/02-agents/security/github_mcp_example.py --devui
uv run samples/02-agents/security/github_mcp_example.py --devui --debugWhat to look for:
- MCP tools are auto-labeled from remote annotations
- Untrusted tool output is tracked by FIDES label middleware
- Attack-mode write attempts can trigger policy enforcement or approval
For the full FIDES design and API details, see FIDES_DEVELOPER_GUIDE.md, which covers:
- integrity and confidentiality labels
- label propagation and auto-hiding behavior
- policy enforcement middleware
- security tools such as
quarantined_llmandinspect_variable SecureAgentConfigand manual integration patterns