RubyGems - swt3-ai - Versions diffs - 0.4.1 → 0.5.2 - Mend

swt3-ai 0.4.1 → 0.5.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3c33738eca6af0da5f3b341aca0c44f10d97f646a0aed85bd57901081c2bc6f9
-  data.tar.gz: 26e63c59eb176fc1d7cdfda26eed9841c1fa8e242a97915885a3396f26c43099
+  metadata.gz: fb901b26be47c81210c83fbf53748471246c6d515c1f4d7c62ccf7fedd2106ed
+  data.tar.gz: 5864cc0d9485c41cb07b3dec9311fc598087dbf51a29a4e9bc93cdbebe0c4e5e
 SHA512:
-  metadata.gz: c8472c6b851815fd18a8a0f8f1b896b4fd8e727b4a9d4fcc12629beca30294aba4f5b7c95b912d6c5274da0123777bab811fa6723b066b041d228caeae7b292c
-  data.tar.gz: f7eda3a4fbeea3e9c58f36cb298f65da87c37bc4798add45af5ac28a81f68776383ee97597a0efb2ed3880aa379976184c0e857dbdb30ccc468cff5897dd6b97
+  metadata.gz: ac1d6cb94dc33a7be3471433a17d09315e8c778347c2ebba17f78408898260ff11e65119a449f124e12fe6d837706681575992d7fa37151f822a027ce3738a35
+  data.tar.gz: 3243b1e0bbc3a8815fa1bd30461af74ffd002dc28c2759ccd0a37c364be1f622468f27038409d130bc27ce6b08fff07104baca81918ad54637d4e04c74c565be

data/README.md CHANGED Viewed

@@ -5,49 +5,40 @@ Witness your AI. Prove it followed the rules. Cryptographic accountability for e
 # swt3-ai
-**SWT3 AI Witness SDK for Ruby** (coming soon): tamper-proof evidence that your AI is doing what you say it does. Every inference hashed. Every tool call recorded. Every resource access checked against scope. No prompts or responses ever leave your infrastructure.
+**SWT3 AI Witness SDK for Ruby**: mint, verify, and sign SWT3 witness anchors with cross-language parity. Zero external dependencies -- uses only `openssl` from the standard library.
-The EU AI Act takes effect **August 2, 2026**. When regulators ask "prove your AI followed the rules," you need more than logs. You need cryptographic proof.
+GPAI transparency obligations are enforceable now. EU AI Act high-risk enforcement begins **December 2, 2027**. This SDK gives you the cryptographic primitives.
-## Status
+## What You Get
-This package reserves the `swt3-ai` namespace on RubyGems. The full Ruby SDK is under development.
+- **`Swt3Ai::Fingerprint.mint_fingerprint`** -- canonical SWT3 fingerprint from tenant, procedure, factors, and timestamp
+- **`Swt3Ai::Signing.sign_payload`** -- HMAC-SHA256 signing with optional agent identity binding
+- **`Swt3Ai::Fingerprint.sha256_truncated`** -- truncated SHA-256 hashing for prompts, responses, and model weights
+- **Types** -- `WitnessPayload`, `WitnessReceipt`, `WitnessConfig` structs and `REVOCATION_REASONS` constants
-Production SDKs are available today for Python and TypeScript:
+All output is byte-identical to the Python, TypeScript, Rust, and C# SDKs. Verified by shared test vectors.
-```bash
-# Python
-pip install swt3-ai
-python -m swt3_ai.demo
+## Quick Start
-# TypeScript
-npm install @tenova/swt3-ai
-npx swt3-demo
+```bash
+gem install swt3-ai
 ```
-Both run the full pipeline locally with no API keys: hash, extract, clear, anchor, verify.
-## What SWT3 Does
-When your AI makes a call, the SDK:
+Mint a fingerprint:
-1. **Hashes** the prompt and response locally using SHA-256 (raw text never leaves your machine)
-2. **Extracts** numeric factors: model version, latency, token count, guardrail status
-3. **Clears** sensitive metadata based on your clearing level (you control what goes on the wire)
-4. **Anchors** the factors into a cryptographic fingerprint anyone can independently verify
-5. **Returns** your original response completely untouched
+```ruby
+require "swt3_ai"
-The result: an immutable record that your AI ran the right model, with the right guardrails, within the right boundaries. Without the auditor ever seeing the data.
+# Hash prompt and response locally (raw text never leaves your machine)
+prompt_hash = Swt3Ai::Fingerprint.sha256_truncated("Summarize this contract...", 16)
+response_hash = Swt3Ai::Fingerprint.sha256_truncated("The contract states...", 16)
-## Regulatory Coverage
-The SWT3 AI Witnessing Profile maps to:
+# Mint a fingerprint from the canonical formula
+fp = Swt3Ai::Fingerprint.mint_fingerprint("MY_TENANT", "AI-INF.1", 1.0, 1.0, 0.0, 1774800000000)
-- **EU AI Act**: Articles 9, 10, 12, 13, 14, 53, 72
-- **NIST AI RMF**: GOVERN, MAP, MEASURE, MANAGE functions
-- **ISO 42001**: Annex A AI management controls
-- **NIST 800-53**: SI-7 (integrity), AU-2/AU-3 (audit), AC controls
-- **SR 11-7**: Model risk management (financial services)
+# Sign for non-repudiation (optional)
+sig = Swt3Ai::Signing.sign_payload("swt3_sk_my_key", fp, "fraud-detector-prod")
+```
 ## Verify Any Anchor From Your Terminal
@@ -62,23 +53,37 @@ No SDK needed. Works on any machine, any language.
 All SWT3 SDKs produce identical fingerprints from the same inputs. A unified audit trail across your entire stack, verified by shared test vectors at build time.
-| Layer | Language | Package |
-|-------|----------|---------|
-| Backend services | Python | [swt3-ai](https://pypi.org/project/swt3-ai/) |
-| API routes / Edge | TypeScript | [@tenova/swt3-ai](https://www.npmjs.com/package/@tenova/swt3-ai) |
-| Protocol reference | TypeScript | [@tenova/libswt3](https://www.npmjs.com/package/@tenova/libswt3) |
-| Web apps (Rails) | Ruby | swt3-ai (this package, coming soon) |
+| Language | Package | Registry |
+|----------|---------|----------|
+| Python | [swt3-ai](https://pypi.org/project/swt3-ai/) | PyPI |
+| TypeScript | [@tenova/swt3-ai](https://www.npmjs.com/package/@tenova/swt3-ai) | npm |
+| Rust | [swt3-ai](https://crates.io/crates/swt3-ai) | crates.io |
+| C# / .NET | [swt3-ai](https://www.nuget.org/packages/swt3-ai) | NuGet |
+| Ruby | swt3-ai (this package) | RubyGems |
+| MCP Server | [@tenova/swt3-mcp](https://www.npmjs.com/package/@tenova/swt3-mcp) | npm + MCP Registry |
-## Links
+The Python and TypeScript SDKs include the full witness pipeline: transparent client wrapping, buffer management, clearing engine, adapter support (OpenAI, Anthropic, Bedrock, vLLM, Ollama, LangChain), trust mesh, policy-as-code, and Merkle accumulator. Use them for production AI witnessing. Use this Ruby gem for embedding fingerprint verification into Rails apps, Sidekiq workers, or Ruby-based tooling.
-- **Website**: [tenova.io](https://tenova.io)
-- **Protocol Spec**: [SWT3-SPEC-v1.0](https://github.com/tenova-labs/swt3-ai)
-- **Live Demo**: [sovereign.tenova.io/audit/axm_audit_demo_eu_ai_act_public](https://sovereign.tenova.io/audit/axm_audit_demo_eu_ai_act_public)
+## Regulatory Coverage
+The SWT3 AI Witnessing Profile maps to:
+- **EU AI Act**: Articles 9, 10, 12, 13, 14, 53, 72
+- **NIST AI RMF**: GOVERN, MAP, MEASURE, MANAGE functions
+- **ISO 42001**: Annex A AI management controls
+- **NIST 800-53**: SI-7 (integrity), AU-2/AU-3 (audit), AC controls
+- **SR 11-7**: Model risk management (financial services)
 ## Privacy
 Your prompts and responses **never leave your infrastructure**. The SDK computes SHA-256 hashes locally and transmits only irreversible hashes and numeric factors. At Clearing Level 3, even the model name is hashed. The witness endpoint is a blind registrar: it stores cryptographic proofs, not your data.
+## Links
+- **Website**: [tenova.io](https://tenova.io)
+- **Protocol Spec**: [SWT3-SPEC-v1.0](https://github.com/tenova-labs/swt3-ai)
+- **Live Demo**: [sovereign.tenova.io/audit/axm_audit_demo_eu_ai_act_public](https://sovereign.tenova.io/audit/axm_audit_demo_eu_ai_act_public)
 ---
 *SWT3: Sovereign Witness Traceability. We don't run your models. We witness them.*

data/lib/swt3_ai/types.rb CHANGED Viewed

@@ -6,7 +6,10 @@ module Swt3Ai
     :fingerprint_timestamp_ms, :ai_model_id, :ai_prompt_hash,
     :ai_response_hash, :ai_latency_ms, :ai_input_tokens,
     :ai_output_tokens, :agent_id, :cycle_id,
-    :payload_signature, :policy_version_hash,
+    :payload_signature, :signing_key_id, :signing_key_version,
+    :policy_version_hash, :jurisdiction, :legal_basis,
+    :purpose_class, :authorization_id,
+    :revocation_target, :revocation_reason,
     keyword_init: true
   )
@@ -21,7 +24,20 @@ module Swt3Ai
   WitnessConfig = Struct.new(
     :endpoint, :api_key, :tenant_id, :clearing_level,
     :buffer_size, :flush_interval, :timeout, :max_retries,
-    :agent_id, :signing_key, :cycle_id, :policy_version,
+    :agent_id, :signing_key, :signing_key_id, :signing_key_version,
+    :cycle_id, :policy_version,
+    :jurisdiction, :legal_basis, :purpose_class,
     keyword_init: true
   )
+  # Revocation reason codes for AI-REV.1 anchors.
+  REVOCATION_REASONS = {
+    "unspecified" => 0,
+    "model_recall" => 1,
+    "policy_violation" => 2,
+    "data_contamination" => 3,
+    "consent_withdrawal" => 4,
+    "regulatory_order" => 5,
+    "error_correction" => 6,
+  }.freeze
 end

data/lib/swt3_ai.rb CHANGED Viewed

@@ -7,5 +7,5 @@ require_relative "swt3_ai/signing"
 require_relative "swt3_ai/types"
 module Swt3Ai
-  VERSION = "0.3.6"
+  VERSION = "0.5.2"
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: swt3-ai
 version: !ruby/object:Gem::Version
-  version: 0.4.1
+  version: 0.5.2
 platform: ruby
 authors:
 - TeNova Labs
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2026-04-28 00:00:00.000000000 Z
+date: 2026-05-19 00:00:00.000000000 Z
 dependencies: []
 description: Mint, verify, and sign SWT3 witness anchors for AI compliance. Cross-language
   parity with Python and TypeScript SDKs. Zero external dependencies.
@@ -29,6 +29,7 @@ licenses:
 metadata:
   source_code_uri: https://github.com/tenova-labs/swt3-ai
   homepage_uri: https://tenova.io
+  keywords: ai,compliance,witness,swt3,eu-ai-act,nist-ai-rmf,ai-governance,ai-audit,ai-safety,agentic-ai,guardrails,model-governance,cryptographic-attestation
 post_install_message:
 rdoc_options: []
 require_paths: