agent-alignment-protocol 0.3.0__tar.gz → 0.4.0__tar.gz

{agent_alignment_protocol-0.3.0 → agent_alignment_protocol-0.4.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: agent-alignment-protocol
-Version: 0.3.0
+Version: 0.4.0
 Summary: Agent Alignment Protocol - The missing alignment layer for the agent protocol stack
 Project-URL: Homepage, https://github.com/mnemom/aap
 Project-URL: Documentation, https://github.com/mnemom/aap#readme
@@ -46,7 +46,7 @@ Description-Content-Type: text/markdown
 [![PyPI](https://img.shields.io/pypi/v/agent-alignment-protocol.svg)](https://pypi.org/project/agent-alignment-protocol/)
 [![npm](https://img.shields.io/npm/v/@mnemom/agent-alignment-protocol.svg)](https://www.npmjs.com/package/@mnemom/agent-alignment-protocol)
 [![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](LICENSE)
-[![Spec](https://img.shields.io/badge/spec-v0.1.0-green.svg)](https://docs.mnemom.ai/protocols/aap/specification)
+[![Spec](https://img.shields.io/badge/spec-v0.4.0-green.svg)](https://docs.mnemom.ai/protocols/aap/specification)
 
 **A transparency protocol for autonomous agents.**
 
@@ -334,7 +334,7 @@ No server required — runs entirely client-side via WebAssembly.
 
 ## Status
 
-**Current Version**: 0.1.8
+**Current Version**: 0.4.0
 
 | Component | Status |
 |-----------|--------|

{agent_alignment_protocol-0.3.0 → agent_alignment_protocol-0.4.0}/README.md

@@ -6,7 +6,7 @@
 [![PyPI](https://img.shields.io/pypi/v/agent-alignment-protocol.svg)](https://pypi.org/project/agent-alignment-protocol/)
 [![npm](https://img.shields.io/npm/v/@mnemom/agent-alignment-protocol.svg)](https://www.npmjs.com/package/@mnemom/agent-alignment-protocol)
 [![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](LICENSE)
-[![Spec](https://img.shields.io/badge/spec-v0.1.0-green.svg)](https://docs.mnemom.ai/protocols/aap/specification)
+[![Spec](https://img.shields.io/badge/spec-v0.4.0-green.svg)](https://docs.mnemom.ai/protocols/aap/specification)
 
 **A transparency protocol for autonomous agents.**
 
@@ -294,7 +294,7 @@ No server required — runs entirely client-side via WebAssembly.
 
 ## Status
 
-**Current Version**: 0.1.8
+**Current Version**: 0.4.0
 
 | Component | Status |
 |-----------|--------|

{agent_alignment_protocol-0.3.0 → agent_alignment_protocol-0.4.0}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "hatchling.build"
 
 [project]
 name = "agent-alignment-protocol"
-version = "0.3.0"
+version = "0.4.0"
 description = "Agent Alignment Protocol - The missing alignment layer for the agent protocol stack"
 readme = "README.md"
 license = "Apache-2.0"

{agent_alignment_protocol-0.3.0 → agent_alignment_protocol-0.4.0}/src/aap/__init__.py

@@ -36,7 +36,7 @@ Quick Start:
 See docs/SPEC.md for the full protocol specification.
 """
 
-__version__ = "0.3.0"
+__version__ = "0.4.0"
 
 # EU AI Act compliance presets
 from aap.compliance import (

{agent_alignment_protocol-0.3.0 → agent_alignment_protocol-0.4.0}/src/aap/tracing.py

@@ -142,8 +142,15 @@ class TraceConfig:
     session_id: str | None = None
     """Session ID to include in trace context."""
 
-    include_args: bool = True
-    """Include function arguments in action.parameters."""
+    include_args: bool = False
+    """Include function arguments in action.parameters.
+
+    WARNING: When set to True, all function arguments are serialized into the
+    trace output. This may inadvertently leak sensitive data (PII, credentials,
+    API keys, etc.) into trace files. Only enable this when you are certain that
+    function arguments do not contain sensitive information, or when traces are
+    stored in a secure, access-controlled location.
+    """
 
     include_return_repr: bool = False
     """Include repr of return value in trace (may leak data)."""
@@ -345,14 +352,19 @@ def _write_trace(trace: dict[str, Any], config: TraceConfig) -> Path | None:
         return None
 
     # Write to file
+    import os
     output_dir = Path(config.output_dir)
     output_dir.mkdir(parents=True, exist_ok=True)
+    # Ensure restrictive directory permissions (umask may weaken mode= arg)
+    os.chmod(output_dir, 0o700)
 
     filename = f"{trace['trace_id']}.json"
     filepath = output_dir / filename
 
     with open(filepath, "w") as f:
         json.dump(trace, f, indent=2, default=str)
+    # Restrict file permissions to owner-only read/write
+    os.chmod(filepath, 0o600)
 
     return filepath
 
@@ -403,7 +415,7 @@ def trace_decision(
     default_values: list[str] | None = None,
     agent_id: str = "",
     session_id: str | None = None,
-    include_args: bool = True,
+    include_args: bool = False,
     include_return_repr: bool = False,
 ) -> Callable[[Callable[P, R]], Callable[P, R]]:
     ...
@@ -421,7 +433,7 @@ def trace_decision(
     default_values: list[str] | None = None,
     agent_id: str = "",
     session_id: str | None = None,
-    include_args: bool = True,
+    include_args: bool = False,
     include_return_repr: bool = False,
 ) -> Callable[P, R] | Callable[[Callable[P, R]], Callable[P, R]]:
     """Decorator that generates AP-Traces for function calls.
@@ -444,7 +456,9 @@ def trace_decision(
         default_values: Default values_applied if not provided by function.
         agent_id: Agent ID for traces (auto-generated if empty).
         session_id: Session ID to include in trace context.
-        include_args: Include function arguments in action.parameters (default: True).
+        include_args: Include function arguments in action.parameters (default: False).
+            WARNING: When True, all function arguments are serialized into trace
+            output, which may leak sensitive data (PII, credentials, API keys).
         include_return_repr: Include repr of return value (default: False).
 
     Returns:

{agent_alignment_protocol-0.3.0 → agent_alignment_protocol-0.4.0}/src/aap/verification/api.py

@@ -90,6 +90,13 @@ def verify_trace(
 ) -> VerificationResult:
     """Verify a single AP-Trace against an Alignment Card.
 
+    IMPORTANT: This function provides STRUCTURAL verification only — it checks that
+    a trace conforms to the declarations in an alignment card. It does NOT provide
+    cryptographic integrity verification. Traces are not signed or hash-chained in
+    the current version. A malicious agent can produce structurally valid traces for
+    arbitrary behavior. For integrity guarantees, use AIP (Agent Integrity Protocol)
+    in conjunction with AAP.
+
     Performs the verification algorithm specified in SPEC Section 7.3:
     1. Autonomy compliance - action category matches autonomy envelope
     2. Escalation compliance - required escalations were performed
@@ -103,6 +110,26 @@ def verify_trace(
     Returns:
         VerificationResult with violations and warnings
     """
+    # Validate required fields
+    if not isinstance(trace, dict):
+        raise TypeError("trace must be a dictionary")
+    if not isinstance(card, dict):
+        raise TypeError("card must be a dictionary")
+    if "action" not in trace:
+        raise ValueError("trace must contain 'action' field")
+    if "decision" not in trace or "values_applied" not in trace.get("decision", {}):
+        raise ValueError("trace must contain 'decision.values_applied' field")
+
+    # Warn if tamper_evidence is declared but not cryptographically enforced
+    tamper_evidence = (card.get("audit") or {}).get("commitment", {}).get("tamper_evidence")
+    if tamper_evidence in ("signed", "merkle"):
+        import warnings as _warnings
+        _warnings.warn(
+            f'[AAP] Warning: tamper_evidence mode "{tamper_evidence}" is declared '
+            "but NOT cryptographically enforced in this version.",
+            stacklevel=2,
+        )
+
     start_time = time.time()
     violations: list[Violation] = []
     warnings: list[Warning] = []
@@ -271,6 +298,12 @@ def check_coherence(
     Returns:
         CoherenceResult with compatibility assessment
     """
+    # Validate required fields
+    if not isinstance(my_card, dict):
+        raise TypeError("my_card must be a dictionary")
+    if not isinstance(their_card, dict):
+        raise TypeError("their_card must be a dictionary")
+
     my_values = set(my_card.get("values", {}).get("declared", []))
     their_values = set(their_card.get("values", {}).get("declared", []))
 
@@ -590,6 +623,12 @@ def detect_drift(
     Returns:
         List of DriftAlert objects for detected drift events
     """
+    # Validate required fields
+    if not isinstance(card, dict):
+        raise TypeError("card must be a dictionary")
+    if not isinstance(traces, list):
+        raise TypeError("traces must be a list")
+
     # Delegate to DivergenceDetector (Braid-extracted implementation)
     from aap.verification.divergence import DivergenceDetector
 
@@ -643,6 +682,11 @@ def _evaluate_condition(condition: str, trace: dict[str, Any]) -> bool:
 
         # Look for field in trace context (handle explicit None)
         actual = (trace.get("context") or {}).get(field)
+        # Check context.metadata (match TypeScript behavior)
+        if actual is None:
+            metadata = (trace.get("context") or {}).get("metadata", {})
+            if isinstance(metadata, dict):
+                actual = metadata.get(field)
         if actual is None:
             actual = (trace.get("action") or {}).get("parameters", {}).get(field)
         if actual is None:
@@ -670,6 +714,13 @@ def _evaluate_condition(condition: str, trace: dict[str, Any]) -> bool:
     if re.match(r'^\w+$', condition):
         return bool((trace.get("context") or {}).get(condition))
 
+    import logging
+    logging.getLogger("aap").warning(
+        '[AAP] Condition could not be parsed: "%s". Supported patterns: '
+        '"field == value", "field > number", "field_name" (boolean). '
+        "This trigger will not fire.",
+        condition,
+    )
     return False