@axiastudio/aioc 0.2.2 → 0.2.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -1,14 +1,29 @@
1
1
  # @axiastudio/aioc
2
2
 
3
- AIOC is a governance-first SDK for LLM agents: models can propose actions, while deterministic policies and runtime controls enforce decisions.
4
- It provides default-deny gates for tools and handoffs, end-to-end auditability (run records, prompt snapshots, request fingerprints), and a foundation for verifiable iteration on prompts and policies.
5
- AIOC is designed for enterprise and public-sector contexts with privacy-by-design and high-accountability (AI Act-style) governance requirements.
3
+ AIOC is a deterministic governance kernel for LLM agents: models can propose actions, while application-owned policies and runtime controls decide what is actually allowed to happen.
4
+ It is built around default-deny gates for tools and handoffs, portable audit artifacts (`RunRecord`, prompt snapshots, request fingerprints), and replay/compare workflows for verifiable iteration on prompts and policies.
5
+ AIOC is designed for enterprise and public-sector contexts where governance cannot be outsourced to an observability dashboard, hosted trace store, or framework-owned approval workflow.
6
6
 
7
7
  Project home and documentation: [https://axiastudio.github.io/aioc](https://axiastudio.github.io/aioc)
8
8
 
9
+ ## Positioning
10
+
11
+ AIOC does not try to be a full agent platform, hosted tracing product, evaluation suite, or human-review workflow engine.
12
+ Those systems are useful, but they make governance-sensitive decisions about storage, retention, access, escalation, and audit semantics.
13
+
14
+ AIOC keeps the enforcement boundary inside the application instead:
15
+
16
+ - the model proposes; deterministic policy code authorizes or denies
17
+ - execution-impacting capabilities are deny-by-default
18
+ - audit evidence is emitted as portable records rather than owned by a required control plane
19
+ - persistence, approvals, retention, access control, monitoring, and deployment remain host-application responsibilities
20
+
21
+ In short: AIOC treats observability as evidence, not as governance itself.
22
+ Its core job is to make agent execution boundaries explicit, testable, auditable, and hard to bypass.
23
+
9
24
  ## Release Status
10
25
 
11
- Current stable release: `0.2.2`.
26
+ Current stable release: `0.2.4`.
12
27
  The stable line started with `0.1.0`.
13
28
  The core runtime surface is compatibility-managed. Breaking changes to the stable surface should ship only with explicit migration guidance and release notes.
14
29
 
@@ -21,6 +36,18 @@ AIOC `0.1.2` adds approval evidence helpers for application-owned approval workf
21
36
  AIOC `0.2.0` adds implemented runtime utilities and the Agent Harness Descriptor API. The core runtime remains compatibility-managed; descriptor shape and loader helpers are now part of the supported `0.2.x` surface and may evolve across `0.x` minor releases only with explicit migration guidance.
22
37
  AIOC `0.2.1` realigns the `0.2.x` package line with the current `main` history after `0.2.0` was published from the descriptor release branch.
23
38
  AIOC `0.2.2` completes the descriptor instruction-composition surface with reusable `instruction_parts`, ordered `instructions_sequence`, and boolean `where` gates.
39
+ AIOC `0.2.3` adds RFC-0010 policy composition helpers for exact-name tool and handoff policy dispatch without changing runtime enforcement semantics.
40
+ AIOC `0.2.4` adds experimental governance-event packages and an OpenTelemetry Logs exporter for reduced, operational observability events derived from `RunRecord` values.
41
+
42
+ ### Experimental Packages
43
+
44
+ `@axiastudio/aioc-governance-events` implements the RFC-0009 governance-event
45
+ mapper outside the core runtime package. It derives reduced, redacted,
46
+ event-shaped records from `RunRecord` values.
47
+
48
+ `@axiastudio/aioc-export-otel` maps those governance events to OpenTelemetry
49
+ Logs. Both packages remain experimental while real exporter usage validates the
50
+ schema and operational shape.
24
51
 
25
52
  - Release notes: `CHANGELOG.md`
26
53
  - Historical beta contract snapshot: `docs/BETA-CONTRACT.md`
@@ -242,6 +269,7 @@ This repository also contains `aioc-inspect`, a private reference example UI for
242
269
  | `npm run example:approval-required` | Minimal approval-required tool + policy flow | Yes (`AIOC_EXAMPLE_PROVIDER` + matching provider API key) |
243
270
  | `npm run example:approval-evidence` | Approval evidence passed through context and reevaluated by policy | Yes (`AIOC_EXAMPLE_PROVIDER` + matching provider API key) |
244
271
  | `npm run example:tool-policy` | Straight tool + policy flow with allowed execution | Yes (`AIOC_EXAMPLE_PROVIDER` + matching provider API key) |
272
+ | `npm run example:policy-composition` | Exact-name tool policy dispatch with fallback deny | Yes (`AIOC_EXAMPLE_PROVIDER` + matching provider API key) |
245
273
  | `npm run example:run-record` | Run-record persistence with redaction + audit | Yes (`AIOC_EXAMPLE_PROVIDER` + matching provider API key) |
246
274
  | `npm run example:rru:01-extract` | Minimal `extractToolCalls(...)` | No |
247
275
  | `npm run example:rru:02-compare` | Minimal `compareRunRecords(...)` | No |
@@ -284,7 +312,7 @@ AIOC adopts the following non-negotiable principles:
284
312
  - `docs/RFC-0007-thread-state-utilities.md` (`Accepted`)
285
313
  - `docs/RFC-0008-run-stream-consumer-utilities.md` (`Accepted`)
286
314
  - `docs/RFC-0009-governance-events-and-exporters.md` (`Experimental`)
287
- - `docs/RFC-0010-policy-composition-helpers.md` (`Draft`)
315
+ - `docs/RFC-0010-policy-composition-helpers.md` (`Accepted`)
288
316
  - `docs/RFC-0011-agent-harness-descriptor.md` (`Accepted`)
289
317
  - `docs/PRIVACY-BASELINE.md`
290
318
 
package/dist/index.d.ts CHANGED
@@ -9,6 +9,7 @@ export * from "./json";
9
9
  export * from "./logger";
10
10
  export * from "./messages";
11
11
  export * from "./policy";
12
+ export * from "./policy-composition";
12
13
  export * from "./proposal-hashing";
13
14
  export * from "./provider-setup";
14
15
  export * from "./providers/base";
@@ -1 +1 @@
1
- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,SAAS,CAAC;AACxB,cAAc,oBAAoB,CAAC;AACnC,cAAc,UAAU,CAAC;AACzB,cAAc,UAAU,CAAC;AACzB,cAAc,cAAc,CAAC;AAC7B,cAAc,sBAAsB,CAAC;AACrC,cAAc,6BAA6B,CAAC;AAC5C,cAAc,QAAQ,CAAC;AACvB,cAAc,UAAU,CAAC;AACzB,cAAc,YAAY,CAAC;AAC3B,cAAc,UAAU,CAAC;AACzB,cAAc,oBAAoB,CAAC;AACnC,cAAc,kBAAkB,CAAC;AACjC,cAAc,kBAAkB,CAAC;AACjC,cAAc,8BAA8B,CAAC;AAC7C,cAAc,qBAAqB,CAAC;AACpC,cAAc,oBAAoB,CAAC;AACnC,cAAc,OAAO,CAAC;AACtB,cAAc,qBAAqB,CAAC;AACpC,cAAc,cAAc,CAAC;AAC7B,cAAc,oBAAoB,CAAC;AACnC,cAAc,eAAe,CAAC;AAC9B,cAAc,kBAAkB,CAAC;AACjC,cAAc,QAAQ,CAAC;AACvB,cAAc,SAAS,CAAC"}
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,SAAS,CAAC;AACxB,cAAc,oBAAoB,CAAC;AACnC,cAAc,UAAU,CAAC;AACzB,cAAc,UAAU,CAAC;AACzB,cAAc,cAAc,CAAC;AAC7B,cAAc,sBAAsB,CAAC;AACrC,cAAc,6BAA6B,CAAC;AAC5C,cAAc,QAAQ,CAAC;AACvB,cAAc,UAAU,CAAC;AACzB,cAAc,YAAY,CAAC;AAC3B,cAAc,UAAU,CAAC;AACzB,cAAc,sBAAsB,CAAC;AACrC,cAAc,oBAAoB,CAAC;AACnC,cAAc,kBAAkB,CAAC;AACjC,cAAc,kBAAkB,CAAC;AACjC,cAAc,8BAA8B,CAAC;AAC7C,cAAc,qBAAqB,CAAC;AACpC,cAAc,oBAAoB,CAAC;AACnC,cAAc,OAAO,CAAC;AACtB,cAAc,qBAAqB,CAAC;AACpC,cAAc,cAAc,CAAC;AAC7B,cAAc,oBAAoB,CAAC;AACnC,cAAc,eAAe,CAAC;AAC9B,cAAc,kBAAkB,CAAC;AACjC,cAAc,QAAQ,CAAC;AACvB,cAAc,SAAS,CAAC"}
package/dist/index.js CHANGED
@@ -25,6 +25,7 @@ __exportStar(require("./json"), exports);
25
25
  __exportStar(require("./logger"), exports);
26
26
  __exportStar(require("./messages"), exports);
27
27
  __exportStar(require("./policy"), exports);
28
+ __exportStar(require("./policy-composition"), exports);
28
29
  __exportStar(require("./proposal-hashing"), exports);
29
30
  __exportStar(require("./provider-setup"), exports);
30
31
  __exportStar(require("./providers/base"), exports);
@@ -0,0 +1,6 @@
1
+ import { type HandoffPolicy, type ToolPolicy } from "./policy";
2
+ export type ToolPolicyMap<TContext = unknown> = Record<string, ToolPolicy<TContext>>;
3
+ export type HandoffPolicyMap<TContext = unknown> = Record<string, HandoffPolicy<TContext>>;
4
+ export declare function composeToolPolicies<TContext = unknown>(policies: ToolPolicyMap<TContext>): ToolPolicy<TContext>;
5
+ export declare function composeHandoffPolicies<TContext = unknown>(policies: HandoffPolicyMap<TContext>): HandoffPolicy<TContext>;
6
+ //# sourceMappingURL=policy-composition.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"policy-composition.d.ts","sourceRoot":"","sources":["../src/policy-composition.ts"],"names":[],"mappings":"AAAA,OAAO,EAAQ,KAAK,aAAa,EAAE,KAAK,UAAU,EAAE,MAAM,UAAU,CAAC;AAErE,MAAM,MAAM,aAAa,CAAC,QAAQ,GAAG,OAAO,IAAI,MAAM,CACpD,MAAM,EACN,UAAU,CAAC,QAAQ,CAAC,CACrB,CAAC;AAEF,MAAM,MAAM,gBAAgB,CAAC,QAAQ,GAAG,OAAO,IAAI,MAAM,CACvD,MAAM,EACN,aAAa,CAAC,QAAQ,CAAC,CACxB,CAAC;AAEF,wBAAgB,mBAAmB,CAAC,QAAQ,GAAG,OAAO,EACpD,QAAQ,EAAE,aAAa,CAAC,QAAQ,CAAC,GAChC,UAAU,CAAC,QAAQ,CAAC,CAUtB;AAED,wBAAgB,sBAAsB,CAAC,QAAQ,GAAG,OAAO,EACvD,QAAQ,EAAE,gBAAgB,CAAC,QAAQ,CAAC,GACnC,aAAa,CAAC,QAAQ,CAAC,CAUzB"}
@@ -0,0 +1,23 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
3
+ exports.composeToolPolicies = composeToolPolicies;
4
+ exports.composeHandoffPolicies = composeHandoffPolicies;
5
+ const policy_1 = require("./policy");
6
+ function composeToolPolicies(policies) {
7
+ return (input) => {
8
+ const policy = policies[input.toolName] ?? policies["*"];
9
+ if (policy) {
10
+ return policy(input);
11
+ }
12
+ return (0, policy_1.deny)(`deny_unconfigured_tool_${input.toolName}`);
13
+ };
14
+ }
15
+ function composeHandoffPolicies(policies) {
16
+ return (input) => {
17
+ const policy = policies[input.toAgentName] ?? policies["*"];
18
+ if (policy) {
19
+ return policy(input);
20
+ }
21
+ return (0, policy_1.deny)(`deny_unconfigured_handoff_${input.toAgentName}`);
22
+ };
23
+ }
package/package.json CHANGED
@@ -1,11 +1,14 @@
1
1
  {
2
2
  "name": "@axiastudio/aioc",
3
- "version": "0.2.2",
3
+ "version": "0.2.4",
4
4
  "main": "dist/index.js",
5
5
  "types": "dist/index.d.ts",
6
6
  "files": [
7
7
  "dist"
8
8
  ],
9
+ "workspaces": [
10
+ "packages/*"
11
+ ],
9
12
  "scripts": {
10
13
  "test": "npm run test:ci",
11
14
  "clean": "node -e \"require('fs').rmSync('dist',{recursive:true,force:true})\"",
@@ -22,6 +25,7 @@
22
25
  "example:approval-required": "tsx src/examples/basic/approval-required.ts",
23
26
  "example:approval-evidence": "tsx src/examples/basic/approval-evidence.ts",
24
27
  "example:tool-policy": "tsx src/examples/basic/tools.ts",
28
+ "example:policy-composition": "tsx src/examples/basic/policy-composition.ts",
25
29
  "example:harness": "tsx src/examples/harness-descriptor/customer-support.ts",
26
30
  "example:run-record": "tsx src/examples/basic/run-record-sink.ts",
27
31
  "example:rru:01-extract": "tsx src/examples/run-record-utils-minimal/01-extract-tool-calls.ts",
@@ -34,6 +38,14 @@
34
38
  "docs:dev": "npm run docs:sync && cd apps/aioc-docs && zsh -lc 'npm run dev'",
35
39
  "docs:build": "npm run docs:sync && cd apps/aioc-docs && zsh -lc 'npm run build'",
36
40
  "docs:preview": "cd apps/aioc-docs && zsh -lc 'npm run preview'",
41
+ "packages:build": "npm run governance-events:build && npm run build -w @axiastudio/aioc-export-otel && npm run build -w @axiastudio/aioc-inspect-ui",
42
+ "packages:test": "npm run governance-events:test && npm run export-otel:test",
43
+ "governance-events:build": "npm run build && npm run build -w @axiastudio/aioc-governance-events",
44
+ "governance-events:test": "npm run build && npm test -w @axiastudio/aioc-governance-events",
45
+ "export-otel:build": "npm run governance-events:build && npm run build -w @axiastudio/aioc-export-otel",
46
+ "export-otel:test": "npm run governance-events:build && npm test -w @axiastudio/aioc-export-otel",
47
+ "export-otel:console": "npm run governance-events:build && npm run console -w @axiastudio/aioc-export-otel",
48
+ "export-otel:signoz": "npm run governance-events:build && npm run signoz -w @axiastudio/aioc-export-otel",
37
49
  "test:mistral": "tsx src/examples/mistral-smoke.ts",
38
50
  "prepack": "npm run build:package"
39
51
  },