Entropy0 SDK

AI agents fetch URLs, follow links, and act on domains they've never seen before. Most of the time that's fine. Sometimes it isn't — phishing infrastructure, newly registered lookalike domains, brand impersonation sites, or plain malware hosting.

Entropy0 adds a trust gate between your agent and the external web. One API call returns a machine-readable recommended action your agent can reason about before it fetches, navigates, or transacts.

Try it without signing up →

POST /v1/decide
{ "domain": "secure-login-verify-account.xyz" }

→ recommended_action: "deny"
  confidence: 91%
  signals: [NEWLY_REGISTERED_DOMAIN, BRAND_MISMATCH, CERTIFICATE_ANOMALY]

---

Packages

| Package | Registry | Description | |---|---|---| | entropy0-langchain | PyPI | LangChain tool — trust-gate URLs before agents fetch from them | | @entropy0/express | npm | Express middleware — evaluate request targets through /v1/decide | | @entropy0/mcp | npm | MCP server — source trust and URL safety tools for Claude Desktop, Cursor, Cline |

---

Quick start

LangChain (Python) ``bash pip install entropy0-langchain ` ``python from entropy0_langchain import Entropy0Tool

tools = [Entropy0Tool(api_key="sk_ent0_xxxx")]

Agent will call entropy0_trust_check before fetching any external URL


**Express (Node.js)**

npm install @entropy0/express `` ``typescript import { entropy0Guard } from "@entropy0/express";

app.use(entropy0Guard({ apiKey: process.env.ENTROPY0_API_KEY! })); // Requests to flagged domains are blocked before your handlers run ```

Direct API ``bash curl -X POST https://entropy0.ai/v1/decide \ -H "X-API-Key: sk_ent0_xxxx" \ -H "Content-Type: application/json" \ -d '{"domain": "example.com"}' ``

---

How it works

Each decision runs a deterministic pipeline — same inputs always produce the same output:

Classifies the domain (Clear Threat → Safe Known) using WHOIS, DNS, SSL, and threat intel feeds
Maps classification to a base action under your chosen policy
Shifts strictness based on interaction risk (fetch vs transactional vs privileged)
Applies confidence clamps — low-confidence negatives never hard-deny
Returns recommended_action + reason codes + uncertainty + bounded validity window

No probabilistic black boxes. Auditable, explainable, overridable.

---

Examples

| Example | Description | |---|---| | examples/rag-agent | LangChain agent that trust-gates every URL before fetching content | | examples/langgraph-trust-gate | LangGraph pipeline with Entropy0 trust gate + evidence usability scoring |

LangGraph trust gate demo

This example shows a four-layer retrieval pipeline:

Search returns candidate sources
Entropy0 evaluates whether each source should enter the workflow
The extraction layer retrieves page content
The evidence usability layer determines whether the agent can safely cite the content

Example run:

[entropy0] 5 approved / 1 sandboxed / 0 denied / 0 unverified
  SANDBOX    outpost24.com
             trust signals: ['LONG_OPERATIONAL_HISTORY', 'STRONG_BRAND_ALIGNMENT']
             sandbox reason: ['ELEVATED_DEVIATION']

[evidence layer]
  ! microsoft.com/security/blog/...   boilerplate_dominant — usability=low
  ! genai.owasp.org/llmrisk/...       boilerplate_dominant — usability=low
  ✓ pmc.ncbi.nlm.nih.gov/...          body_text_captured   — usability=high
  ✓ securecodewarrior.com/...         body_text_captured   — usability=high

The agent answered only from high-usability evidence and refused to attribute claims to sources where article body text was not captured.

This prevents a common failure mode in AI search agents:

Treating a reputable URL as equivalent to usable evidence.

---

sdk