curl --request POST \
--url https://api.promptguard.co/api/v1/proxy/agent/trace \
--header 'Content-Type: application/json' \
--header 'X-API-Key: <api-key>' \
--data '
{
"user_objective": "",
"events": [
{
"role": "",
"tool_name": "<string>",
"arguments": {},
"output": "<unknown>",
"content": "",
"thought": ""
}
],
"tool_labels": {}
}
'import requests
url = "https://api.promptguard.co/api/v1/proxy/agent/trace"
payload = {
"user_objective": "",
"events": [
{
"role": "",
"tool_name": "<string>",
"arguments": {},
"output": "<unknown>",
"content": "",
"thought": ""
}
],
"tool_labels": {}
}
headers = {
"X-API-Key": "<api-key>",
"Content-Type": "application/json"
}
response = requests.post(url, json=payload, headers=headers)
print(response.text)const options = {
method: 'POST',
headers: {'X-API-Key': '<api-key>', 'Content-Type': 'application/json'},
body: JSON.stringify({
user_objective: '',
events: [
{
role: '',
tool_name: '<string>',
arguments: {},
output: '<unknown>',
content: '',
thought: ''
}
],
tool_labels: {}
})
};
fetch('https://api.promptguard.co/api/v1/proxy/agent/trace', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));<?php
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://api.promptguard.co/api/v1/proxy/agent/trace",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => json_encode([
'user_objective' => '',
'events' => [
[
'role' => '',
'tool_name' => '<string>',
'arguments' => [
],
'output' => '<unknown>',
'content' => '',
'thought' => ''
]
],
'tool_labels' => [
]
]),
CURLOPT_HTTPHEADER => [
"Content-Type: application/json",
"X-API-Key: <api-key>"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}package main
import (
"fmt"
"strings"
"net/http"
"io"
)
func main() {
url := "https://api.promptguard.co/api/v1/proxy/agent/trace"
payload := strings.NewReader("{\n \"user_objective\": \"\",\n \"events\": [\n {\n \"role\": \"\",\n \"tool_name\": \"<string>\",\n \"arguments\": {},\n \"output\": \"<unknown>\",\n \"content\": \"\",\n \"thought\": \"\"\n }\n ],\n \"tool_labels\": {}\n}")
req, _ := http.NewRequest("POST", url, payload)
req.Header.Add("X-API-Key", "<api-key>")
req.Header.Add("Content-Type", "application/json")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := io.ReadAll(res.Body)
fmt.Println(string(body))
}HttpResponse<String> response = Unirest.post("https://api.promptguard.co/api/v1/proxy/agent/trace")
.header("X-API-Key", "<api-key>")
.header("Content-Type", "application/json")
.body("{\n \"user_objective\": \"\",\n \"events\": [\n {\n \"role\": \"\",\n \"tool_name\": \"<string>\",\n \"arguments\": {},\n \"output\": \"<unknown>\",\n \"content\": \"\",\n \"thought\": \"\"\n }\n ],\n \"tool_labels\": {}\n}")
.asString();require 'uri'
require 'net/http'
url = URI("https://api.promptguard.co/api/v1/proxy/agent/trace")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
request = Net::HTTP::Post.new(url)
request["X-API-Key"] = '<api-key>'
request["Content-Type"] = 'application/json'
request.body = "{\n \"user_objective\": \"\",\n \"events\": [\n {\n \"role\": \"\",\n \"tool_name\": \"<string>\",\n \"arguments\": {},\n \"output\": \"<unknown>\",\n \"content\": \"\",\n \"thought\": \"\"\n }\n ],\n \"tool_labels\": {}\n}"
response = http.request(request)
puts response.read_body{
"decision": "<string>",
"event_id": "<string>",
"findings": []
}{
"error": {
"message": "<string>",
"type": "<string>",
"code": "<string>"
}
}{
"detail": [
{
"loc": [
"<string>"
],
"msg": "<string>",
"type": "<string>",
"input": "<unknown>",
"ctx": {}
}
]
}{
"error": {
"message": "<string>",
"type": "<string>",
"code": "<string>",
"current_plan": "<string>",
"requests_used": 123,
"requests_limit": 123,
"upgrade_url": "<string>",
"retry_after": 123
}
}Ingest Agent Trace
Ingest a full agent execution trace and run the trace-level detectors.
Runs the value-level dataflow-taint analyzer (FLOW001, fail-open) and
the goal-alignment auditor (fail-closed by its own design, opt-in) over the
trace, aggregates their outputs into an allow / warn / block decision, and
persists a security_event. Fails open: a detector or DB hiccup never
500s the caller.
curl --request POST \
--url https://api.promptguard.co/api/v1/proxy/agent/trace \
--header 'Content-Type: application/json' \
--header 'X-API-Key: <api-key>' \
--data '
{
"user_objective": "",
"events": [
{
"role": "",
"tool_name": "<string>",
"arguments": {},
"output": "<unknown>",
"content": "",
"thought": ""
}
],
"tool_labels": {}
}
'import requests
url = "https://api.promptguard.co/api/v1/proxy/agent/trace"
payload = {
"user_objective": "",
"events": [
{
"role": "",
"tool_name": "<string>",
"arguments": {},
"output": "<unknown>",
"content": "",
"thought": ""
}
],
"tool_labels": {}
}
headers = {
"X-API-Key": "<api-key>",
"Content-Type": "application/json"
}
response = requests.post(url, json=payload, headers=headers)
print(response.text)const options = {
method: 'POST',
headers: {'X-API-Key': '<api-key>', 'Content-Type': 'application/json'},
body: JSON.stringify({
user_objective: '',
events: [
{
role: '',
tool_name: '<string>',
arguments: {},
output: '<unknown>',
content: '',
thought: ''
}
],
tool_labels: {}
})
};
fetch('https://api.promptguard.co/api/v1/proxy/agent/trace', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));<?php
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://api.promptguard.co/api/v1/proxy/agent/trace",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => json_encode([
'user_objective' => '',
'events' => [
[
'role' => '',
'tool_name' => '<string>',
'arguments' => [
],
'output' => '<unknown>',
'content' => '',
'thought' => ''
]
],
'tool_labels' => [
]
]),
CURLOPT_HTTPHEADER => [
"Content-Type: application/json",
"X-API-Key: <api-key>"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}package main
import (
"fmt"
"strings"
"net/http"
"io"
)
func main() {
url := "https://api.promptguard.co/api/v1/proxy/agent/trace"
payload := strings.NewReader("{\n \"user_objective\": \"\",\n \"events\": [\n {\n \"role\": \"\",\n \"tool_name\": \"<string>\",\n \"arguments\": {},\n \"output\": \"<unknown>\",\n \"content\": \"\",\n \"thought\": \"\"\n }\n ],\n \"tool_labels\": {}\n}")
req, _ := http.NewRequest("POST", url, payload)
req.Header.Add("X-API-Key", "<api-key>")
req.Header.Add("Content-Type", "application/json")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := io.ReadAll(res.Body)
fmt.Println(string(body))
}HttpResponse<String> response = Unirest.post("https://api.promptguard.co/api/v1/proxy/agent/trace")
.header("X-API-Key", "<api-key>")
.header("Content-Type", "application/json")
.body("{\n \"user_objective\": \"\",\n \"events\": [\n {\n \"role\": \"\",\n \"tool_name\": \"<string>\",\n \"arguments\": {},\n \"output\": \"<unknown>\",\n \"content\": \"\",\n \"thought\": \"\"\n }\n ],\n \"tool_labels\": {}\n}")
.asString();require 'uri'
require 'net/http'
url = URI("https://api.promptguard.co/api/v1/proxy/agent/trace")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
request = Net::HTTP::Post.new(url)
request["X-API-Key"] = '<api-key>'
request["Content-Type"] = 'application/json'
request.body = "{\n \"user_objective\": \"\",\n \"events\": [\n {\n \"role\": \"\",\n \"tool_name\": \"<string>\",\n \"arguments\": {},\n \"output\": \"<unknown>\",\n \"content\": \"\",\n \"thought\": \"\"\n }\n ],\n \"tool_labels\": {}\n}"
response = http.request(request)
puts response.read_body{
"decision": "<string>",
"event_id": "<string>",
"findings": []
}{
"error": {
"message": "<string>",
"type": "<string>",
"code": "<string>"
}
}{
"detail": [
{
"loc": [
"<string>"
],
"msg": "<string>",
"type": "<string>",
"input": "<unknown>",
"ctx": {}
}
]
}{
"error": {
"message": "<string>",
"type": "<string>",
"code": "<string>",
"current_plan": "<string>",
"requests_used": 123,
"requests_limit": 123,
"upgrade_url": "<string>",
"retry_after": 123
}
}Authorizations
PromptGuard API key for developer endpoints. Keys start with pg_live_ and are created in the dashboard.
Headers
Body
A full agent execution trace to audit post-hoc.
Unlike /validate-tool (a pre-execution check of a single tool name +
args), this carries the whole chronological trace with tool outputs plus
the user's original objective, so the value-level dataflow-taint and
goal-alignment detectors can fire.