capfence 0.6.2__tar.gz

capfence-0.6.2/.gitignore

@@ -0,0 +1,84 @@
+# Strategy docs, build plans, PR descriptions — keep out of public repo
+# README.md is explicitly allowed (needed for PyPI/GitHub)
+*.md
+!README.md
+!CHANGELOG.md
+!CONTRIBUTING.md
+!CODE_OF_CONDUCT.md
+!SECURITY.md
+!docs/*.md
+!docs/**/*.md
+!docs-dev/*.md
+!docs-dev/**/*.md
+
+# Internal review artifacts (do not commit)
+docs/CODE_REVIEW_*.md
+docs/REVIEW_*.md
+docs/*_REVIEW.md
+docs/INTERNAL_*.md
+BUILDPLAN.md
+TRADE_SECRET*.md
+CHANGES_TO_APPLY_MANUALLY.md
+
+# Private Cloud repo — decoupled from OSS
+capfence-cloud/
+
+# Python
+__pycache__/
+*.py[cod]
+*$py.class
+*.so
+.Python
+*.egg-info/
+dist/
+build/
+.eggs/
+*.egg
+
+# Tool caches
+.mypy_cache/
+.pytest_cache/
+.ruff_cache/
+
+# Virtual environments
+venv/
+.venv/
+env/
+ENV/
+
+# IDE
+.vscode/
+.idea/
+*.swp
+*.swo
+
+# Environment secrets
+.env
+.env.local
+.env.production
+
+# Encrypted files
+*.age
+key.txt
+
+# Trade secrets (NEVER commit to git)
+TRADE_SECRET.md
+TRADE_SECRET*
+
+# Patent documents (NEVER commit)
+*patent*
+*Patent*
+*PROVISIONAL*
+
+# Init docs (patent documents, strategy HTMLs)
+.initdocs/
+
+# Archive (old build plans, deprecated docs, superseded specs)
+archive/
+
+# OS
+.DS_Store
+Thumbs.db
+site/
+capfence-demo/capfence-assessment-report.html
+capfence-demo/audit.db

capfence-0.6.2/CHANGELOG.md

@@ -0,0 +1,160 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [Unreleased]
+
+## [0.6.2] - 2026-05-15
+
+### Added
+- `capfence check-policy` command for validating YAML policy files.
+- Policy support for `contains`, `amount_gte`, `amount_lt`, `amount_lte`, `path_prefix`, caller-depth comparisons, and legacy `rules` starter-policy schemas.
+- Demo walkthrough, demo cast, and demo script covering scan, assess, gate enforcement, simulate, and verify workflows.
+- Recipes section with copy-paste policy patterns and integrations for PydanticAI, LlamaIndex, and AutoGen.
+- Compatibility matrix for supported framework adapters.
+
+### Changed
+- README and docs homepage now position CapFence around deterministic runtime authorization, rollout, limitations, and proof-oriented workflows.
+- Repository URLs now point to the `capfencelabs/capfence-python` namespace.
+- Local package metadata now matches the PyPI `0.6.2` release line.
+
+### Fixed
+- Policy load and validation failures now fail closed during gate evaluation.
+- Audit write failures now fail closed in enforce mode.
+- Policy schema documentation now matches implemented behavior.
+
+## [0.5.0] - 2026-05-11
+
+### Added
+- **Multi-agent flow tracer** (`capfence.flow.FlowTracer`). Records data flows between agents and propagates trust downward — UNTRUSTED data feeding a SYSTEM-trust agent contaminates that agent's effective trust. Reverse index keeps `annotate()` O(1) per source agent. Thread-safe via internal `RLock`. Configurable `max_edges` with FIFO eviction.
+- **Gate observe mode** (`Gate(mode="observe")`). Logs every decision without blocking. `result.metadata["would_have_blocked"]` reports what enforce mode would have done. Use for staged rollout before turning enforcement on.
+- **Gate bypass context manager** (`gate.bypass(agent_id, reason="...")`). Per-agent stack-based override with mandatory non-empty audit-trail reason. Thread-safe; reason is stored in the audit log.
+- **`capfence tune` CLI command**. Reads recent gate decisions, groups by risk category, and suggests RAISE / LOWER / OK threshold adjustments based on block rate vs. average score.
+- **`evaluate_async()` on `Gate`**. Async wrapper that runs the synchronous scoring + SQLite I/O on the default thread-pool executor so an event loop is never blocked.
+- **`arun()` / `ainvoke()` on framework adapters**. `CapFenceTool` (LangChain), `CapFenceCrewAITool`, `CapFenceToolNode` (LangGraph) gained async variants that use `evaluate_async` and forward to the wrapped tool's async method when present. OpenAI Agents SDK and MCP adapters now use `evaluate_async` internally so the gate no longer blocks the event loop.
+- **Unified exception hierarchy** in `capfence.errors`. `CapFenceError` base class with `AgentActionBlocked`, `ConfigurationError`, `AuditError`, `TaxonomyError`, `GatewayError` subclasses. `AgentActionBlocked` is now a single class re-exported by every framework module, so `except capfence.AgentActionBlocked` catches blocks from any adapter.
+- **Expanded taxonomies**: `financial.json` grew from 14 to 32 categories (loan_origination, KYC, AML, sanctions, FX, card_control, open_banking_consent, etc.). New `financial_crypto.json` (18 categories) and `healthcare.json` (17 categories).
+- **Tamper-evidence demo** (`examples/tamper_demo.py`). Records 6 gate decisions, corrupts a row directly in SQLite, verifies the chain breaks, restores and re-verifies.
+- **Production-style fintech agent** (`examples/fintech_payment_agent.py`). 4 payment tools wrapped with the Gate; demonstrates idempotency keys, exponential backoff, and gate-driven early returns.
+- **Labelled test corpus** (`tests/corpus/`). 130 traces (50 benign / 50 risky / 30 edge cases) in JSONL with `evaluate.py` runner.
+- **Scorer benchmark** (`benchmarks/scorer_benchmark.py`). Compares KeywordScorer, RegexASTScorer, AdaptiveScorer on 10K synthetic traces with TPR/FPR/F1/latency. `benchmarks/README.md` documents how to read the results honestly.
+- **Threat model doc** (`docs/THREAT_MODEL.md`). Attack surface diagram, what CapFence catches, what it misses (G1–G9), recommended additional layers, false-positive runbook.
+- **Top-level `__version__`** exposed via `capfence.__version__`.
+- **`py.typed` marker**. Package now ships type information for mypy / pyright consumers.
+
+### Changed
+- **Package classifier bumped to `Development Status :: 4 - Beta`**; added `Topic :: Security` and `Typing :: Typed` classifiers.
+- **`Gate._bypass_stack` is now thread-safe** via an internal `threading.RLock`; concurrent agents can share one `Gate` instance.
+- **`FlowTracer` is now thread-safe**. Previous docstring claim "use one instance per thread" removed.
+- **`Gate.__init__` and `Gate.bypass`** now raise `ConfigurationError` instead of bare `ValueError` (subclass of `ValueError` for backward compatibility).
+- **MCP gateway** now raises `GatewayError` instead of bare `RuntimeError` (subclass of `RuntimeError` for backward compatibility).
+- README rewritten with new features section (observe mode, FlowTracer, expanded taxonomies, threat model link); test badge updated to 226 passing.
+- Tests: 205 → 226 passing.
+
+### Fixed
+- Deduplicated `would_have_blocked` metadata assignment in `Gate.evaluate()`.
+- Removed dead `payload` parameter from `FlowTracer.annotate()` signature.
+- Replaced custom `_hash_data()` in FlowTracer with `compute_payload_hash` for consistency.
+- Hoisted `import statistics` / `from collections import defaultdict` in `cli.py` from inside `tune()` to module level.
+
+## [0.4.1] - 2026-05-10
+
+### Changed
+- README overhaul: hero section with three AGT differentiators, collapsed feature list into 6 categories, honest positioning docs.
+- Added CHANGELOG.md, CONTRIBUTING.md, CODE_OF_CONDUCT.md, SECURITY.md, docs/CLI.md, docs/FEATURES.md, docs/POSITIONING.md.
+- Added GitHub issue templates and pull request template.
+
+### Fixed
+- Removed unused `pytest` import in `tests/test_mcp.py` (CI ruff failure).
+- Added `mypy` `ignore_missing_imports` for `cryptography` and `capfence._native` (CI mypy failure).
+- Fixed README Python API example to match real `Gate.evaluate()` signature.
+- Fixed ASCII architecture diagram alignment.
+
+## [0.4.0] - 2026-05-08
+
+### Added
+- **Hash-chained, tamper-evident audit log** (`capfence/core/chain.py`). Every audit entry links to the previous via SHA-256. Modifying any row invalidates the chain. Verified via `capfence verify`.
+- **Optional Ed25519 signing of audit entries** (`capfence/core/keys.py`). Generate keypairs, sign each entry, and verify authenticity cryptographically. Falls back to HMAC-SHA256 when `cryptography` is not installed.
+- **Hardened Regex+AST scorer** (`capfence/core/scorer.py`). `RegexASTScorer` adds whole-word regex matching and Python AST analysis for dangerous constructs (`os.system`, `subprocess.call`, `eval`, `exec`).
+- **OWASP Agentic Top 10 coverage matrix** (`capfence/assessment/owasp.py`). Static mapping of CapFence controls to OWASP Agentic AI Top 10 risks. Generate HTML reports via `capfence owasp`.
+- **MCP gateway server** (`capfence/mcp/gateway.py`). Stdio proxy that intercepts MCP tool calls through the CapFence Gate. JSON-RPC parsing with Content-Length protocol.
+- **MCP in-process adapter** (`capfence/mcp/adapter.py`). `CapFenceMCPSession` wraps an existing MCP client session with CapFence gating for async tool calls.
+- **LangGraph integration** (`capfence/framework/langgraph.py`). `CapFenceToolNode` replaces LangGraph `ToolNode` with automatic gate enforcement on every tool invocation.
+- **OpenAI Agents SDK integration** (`capfence/framework/openai_agents.py`). `CapFenceOpenAITool` wraps OpenAI Agents SDK tools with deterministic gate evaluation.
+- **EU AI Act Annex IV evidence pack generator** (`capfence/assessment/eu_ai_act.py`). Generates structured JSON + HTML evidence packs for regulatory submission. Covers risk management, cybersecurity, data governance, and technical documentation.
+- **Plaid taxonomy pack** (`capfence/taxonomies/financial_plaid.json`). 10 Plaid-specific risk categories: auth, balance, transactions, identity, income, transfer, link token, item management, liabilities, investments.
+- **Opt-in telemetry client** (`capfence/telemetry/client.py`). Async fire-and-forget exporter for hashed metadata only. Disabled by default; enable via `CAPFENCE_TELEMETRY=1`.
+- **CLI commands**: `capfence verify` (audit log integrity), `capfence owasp` (coverage matrix), `capfence eu-ai-act` (evidence pack generation).
+- **9 new runnable examples** in `examples/` covering all v0.4.0 features, plus `examples/run_all_examples.py` test runner.
+- **11 new test files** bringing total to 205 tests (1 skipped for optional `pytest-asyncio`).
+- **Demo project** (`capfence-demo/`) — realistic fintech agent with 8 tools, 2 intentionally ungated, for end-to-end scanner validation.
+
+### Changed
+- **README overhaul**: collapsed 14-item feature list into 6 grouped categories; added Testing section; updated Examples table with all 12 examples.
+- **Architecture diagram**: updated audit-log box to "Hash-chained + Ed25519".
+- **Project Status**: trimmed from 14 bullets to 6 grouped categories.
+- **Cross-file wrapper detection**: two-pass scanner (`_collect_all_wrappers` then `scan_file`) correctly detects tools wrapped in a different file from their definition.
+- **Taxonomy cache safety**: `TaxonomyLoader.load()` now returns `copy.deepcopy(data)` to prevent shared mutable state poisoning.
+- **Scorer performance**: added `@functools.lru_cache` for regex pattern compilation in `RegexASTScorer`.
+
+### Fixed
+- **Timing attack vulnerability** in fallback signature verification: replaced `==` with `hmac.compare_digest` in `capfence/core/keys.py`.
+- **Private key race condition**: `generate_keypair()` now uses atomic `os.open()` with mode `0o600` instead of `write_text()` + `os.chmod()`.
+- **Taxonomy cache poisoning**: `Gate.evaluate()` now deep-copies taxonomy entries before mutation.
+- **MCP unbounded Content-Length**: enforced `MAX_MESSAGE_SIZE` (10MB) to prevent memory exhaustion.
+- **MCP stderr thread race**: `_drain_stderr` now acquires `self._lock` when accessing `self._proc`.
+- **Telemetry worker race**: `TelemetryClient.start()` now guarded by `asyncio.Lock` to prevent duplicate worker tasks.
+- **EU AI Act path traversal**: `write_html()` and `write_json()` now reject paths containing `..` components.
+- **CLI version consistency**: extracted `__version__` constant; fixed hardcoded `0.3.0` in assessment context.
+- **Hash chain missing-key validation**: `verify_chain_from_rows()` now gracefully handles malformed DB rows instead of raising `KeyError`.
+
+### Security
+- See Fixed section above for security-related fixes.
+
+## [0.3.3] - 2026-05-07
+
+### Added
+- `default="."` on `capfence check` path argument so `capfence check` works without explicit path.
+
+### Fixed
+- Cross-file wrapper detection: tools defined in one file and wrapped in another are now correctly detected as gated (two-pass scanning).
+
+## [0.3.2] - 2026-05-07
+
+### Fixed
+- README version badge and PyPI description sync.
+- CI workflow with release assets.
+
+## [0.3.1] - 2026-05-07
+
+### Added
+- `capfence check --output report.html` for HTML report generation from static scan.
+- `--fail-on-ungated` flag for CI/CD integration.
+
+### Fixed
+- Scanner false positives on non-tool classes.
+
+## [0.3.0] - 2026-05-07
+
+### Added
+- Initial PyPI release.
+- Core Gate with keyword-based scoring and configurable thresholds.
+- SQLite-backed audit log (append-only).
+- LangChain and CrewAI adapters.
+- Static scanner (`capfence check`) for detecting ungated tool classes.
+- Assessment reporter with Jinja2 HTML reports.
+- Trace simulator (`capfence simulate`) for replaying agent execution traces.
+- Interactive taxonomy builder (`capfence build-taxonomy`).
+- Three starter taxonomies: general, financial, legal.
+- Cloud client hook (legacy, not used in OSS path).
+
+[Unreleased]: https://github.com/capfencelabs/capfence-python/compare/v0.6.2...HEAD
+[0.6.2]: https://github.com/capfencelabs/capfence-python/compare/v0.5.0...v0.6.2
+[0.4.0]: https://github.com/capfencelabs/capfence-python/compare/v0.3.3...v0.4.0
+[0.3.3]: https://github.com/capfencelabs/capfence-python/compare/v0.3.2...v0.3.3
+[0.3.2]: https://github.com/capfencelabs/capfence-python/compare/v0.3.1...v0.3.2
+[0.3.1]: https://github.com/capfencelabs/capfence-python/compare/v0.3.0...v0.3.1
+[0.3.0]: https://github.com/capfencelabs/capfence-python/releases/tag/v0.3.0

capfence-0.6.2/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 Anshuman Kumar
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

capfence-0.6.2/PKG-INFO

@@ -0,0 +1,267 @@
+Metadata-Version: 2.4
+Name: capfence
+Version: 0.6.2
+Summary: Runtime governance for AI agents — deterministic fail-closed enforcement. Wraps any agent tool and blocks dangerous calls before execution. Zero LLM calls, zero cloud dependencies, works offline.
+Project-URL: Homepage, https://capfence.dev/
+Project-URL: Repository, https://github.com/capfencelabs/capfence-python
+Project-URL: Issues, https://github.com/capfencelabs/capfence-python/issues
+Author: Anshuman Kumar
+License: MIT
+License-File: LICENSE
+Keywords: agents,ai,audit,compliance,crewai,enforcement,governance,guardrails,langchain,llm,runtime,safety,security,tool-calling
+Classifier: Development Status :: 4 - Beta
+Classifier: Intended Audience :: Developers
+Classifier: Intended Audience :: Information Technology
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
+Classifier: Programming Language :: Python :: Implementation :: CPython
+Classifier: Topic :: Scientific/Engineering :: Artificial Intelligence
+Classifier: Topic :: Security
+Classifier: Typing :: Typed
+Requires-Python: >=3.10
+Requires-Dist: click>=8.0
+Requires-Dist: jinja2>=3.1
+Requires-Dist: pyyaml>=6.0
+Provides-Extra: crewai
+Requires-Dist: crewai>=0.30; extra == 'crewai'
+Provides-Extra: dev
+Requires-Dist: mypy>=1.8; extra == 'dev'
+Requires-Dist: pytest-cov>=4.0; extra == 'dev'
+Requires-Dist: pytest>=8.0; extra == 'dev'
+Requires-Dist: ruff>=0.3; extra == 'dev'
+Provides-Extra: langchain
+Requires-Dist: langchain-core>=0.1; extra == 'langchain'
+Description-Content-Type: text/markdown
+
+# CapFence
+
+<p align="center">
+  <strong>Deterministic runtime authorization for AI agent tool calls.</strong>
+</p>
+
+<p align="center">
+  <a href="https://pypi.org/project/capfence/"><img src="https://img.shields.io/pypi/v/capfence?color=blue" alt="PyPI version"></a>
+  <a href="https://pypi.org/project/capfence/"><img src="https://img.shields.io/pypi/pyversions/capfence" alt="Python versions"></a>
+  <a href="LICENSE"><img src="https://img.shields.io/badge/license-MIT-green" alt="License: MIT"></a>
+  <img src="https://img.shields.io/badge/tests-passing-brightgreen" alt="Tests: passing">
+</p>
+
+CapFence sits between AI agents and their tools. It evaluates every tool call against deterministic policy before execution, then allows it, blocks it, or requires approval.
+
+It is closer to IAM, Open Policy Agent, API gateways, and admission controllers than prompt guardrails or moderation.
+
+```text
+Agent -> CapFence -> Tool
+          |
+          +-- allow
+          +-- deny
+          +-- require approval
+```
+
+<p align="center">
+  <img src="docs/assets/demo.gif" alt="CapFence terminal demo" width="720">
+</p>
+
+## Why This Exists
+
+Agents increasingly call tools that can move money, edit databases, run shell commands, read files, modify permissions, and operate SaaS admin APIs.
+
+Prompt instructions are not an execution boundary. CapFence gives those tool calls an explicit runtime authorization layer:
+
+- No LLM call in the gate path.
+- Policy-as-code decisions.
+- Default-deny behavior when policy does not match.
+- Fail-closed handling for policy and audit failures.
+- Local audit logs with hash-chain verification.
+- Observe mode for safe rollout before enforcement.
+
+## Install
+
+```bash
+pip install capfence
+```
+
+## 60-Second Example
+
+Create a policy:
+
+```yaml
+deny:
+  - capability: shell.execute
+    contains: "rm -rf"
+
+require_approval:
+  - capability: payments.transfer
+    amount_gt: 1000
+
+allow:
+  - capability: shell.execute
+  - capability: payments.transfer
+    amount_lte: 1000
+```
+
+Evaluate a tool call before execution:
+
+```python
+from capfence.core.gate import Gate
+
+gate = Gate()
+
+result = gate.evaluate(
+    agent_id="ops-agent",
+    task_context="shell",
+    risk_category="shell_execution",
+    capability="shell.execute",
+    policy_path="policies/shell_agent.yaml",
+    payload={"command": "rm -rf /var/lib/postgresql"},
+)
+
+if not result.passed:
+    raise PermissionError(f"Blocked: {result.reason}")
+```
+
+The dangerous command never reaches the tool.
+
+## Framework Integrations
+
+CapFence can wrap tools in:
+
+- LangChain
+- LangGraph
+- CrewAI
+- OpenAI Agents SDK
+- MCP
+- PydanticAI
+- LlamaIndex
+- AutoGen
+- Direct Python runtimes
+
+LangChain example:
+
+```python
+from capfence import CapFenceTool
+from langchain.tools import ShellTool
+
+safe_shell = CapFenceTool(
+    tool=ShellTool(),
+    agent_id="ops-agent",
+    capability="shell.execute",
+    policy_path="policies/shell_agent.yaml",
+)
+```
+
+## CLI Workflows
+
+Scan for ungated tools:
+
+```bash
+capfence check ./src --fail-on-ungated
+```
+
+Validate a policy:
+
+```bash
+capfence check-policy policies/shell_agent.yaml
+```
+
+Replay a trace through policy:
+
+```bash
+capfence simulate --trace-file traces/agent_trace.jsonl --compare
+```
+
+Verify audit-log integrity:
+
+```bash
+capfence verify --audit-log audit.db
+```
+
+## Rollout Path
+
+1. Start in observe mode and log decisions without blocking.
+2. Review audit logs and tune policies.
+3. Enforce policy for high-risk tools.
+4. Add CI checks so new ungated tools cannot quietly ship.
+5. Replay incidents and policy changes against saved traces.
+
+## What CapFence Is Not
+
+CapFence is a runtime authorization and audit layer. It does not replace:
+
+- sandboxing for shell/code execution
+- least-privilege credentials
+- network egress controls
+- prompt-injection defenses
+- human review for genuinely ambiguous high-risk actions
+
+Use it as the deterministic control point before tool execution.
+
+## Why Not Prompt Guardrails?
+
+Prompt guardrails are useful, but they do not enforce execution. A prompt can be bypassed, misinterpreted, or ignored under pressure. CapFence adds a deterministic enforcement boundary that blocks tool calls before they execute and records a tamper-evident audit trail.
+
+## Where It Sits In Your Stack
+
+```
+Agent framework -> CapFence gate -> Tool/API/DB/Shell
+```
+
+CapFence does not replace sandboxing, network egress controls, or least-privilege credentials. It complements them by enforcing runtime policy at the tool boundary.
+
+## Project Status
+
+CapFence is beta infrastructure for agent tool governance. The repo includes:
+
+- deterministic gate and policy engine
+- local audit log with hash-chain verification
+- approval workflows
+- observe mode and bypass audit trails
+- framework adapters
+- MCP gateway and adapter
+- static scanner and CI mode
+- OWASP Agentic Top 10 and EU AI Act evidence reports
+- typed Python package with ruff, mypy, and pytest coverage
+
+Current local verification: run `pytest -q`.
+
+## Documentation
+
+- Docs: https://capfence.dev/
+- PyPI: https://pypi.org/project/capfence/
+- Repository: https://github.com/capfencelabs/capfence-python
+
+Useful starting points:
+
+- [Quickstart](docs/getting-started/quickstart.md)
+- [First policy](docs/getting-started/first-policy.md)
+- [Recipes](docs/recipes/index.md)
+- [Compatibility matrix](docs/integrations/compatibility.md)
+- [Protect shell tools](docs/guides/protect-shell-tools.md)
+- [Protect payment agents](docs/guides/protect-payment-agents.md)
+- [Secure MCP servers](docs/guides/secure-mcp-servers.md)
+- [Demo walkthrough](docs/examples/demo-walkthrough.md)
+- [Demo cast](docs/examples/demo-cast.md)
+- [Policy schema](docs/reference/policy-schema.md)
+
+## Contributing
+
+```bash
+git clone https://github.com/capfencelabs/capfence-python.git
+cd capfence-python
+pip install -e ".[dev]"
+pytest tests/ -q
+```
+
+Policy recipes, framework adapters, taxonomies, docs, and focused bug reports are welcome.
+
+## License
+
+MIT License
+
+<p align="center">
+  <sub>Built by <a href="https://github.com/capfencelabs">CapFence Labs</a></sub>
+</p>