comply54 0.1.0__tar.gz

comply54-0.1.0/PKG-INFO

@@ -0,0 +1,233 @@
+Metadata-Version: 2.4
+Name: comply54
+Version: 0.1.0
+Summary: African AI governance compliance — enforcement engine and sector packs for NDPA, CBN, KDPA, POPIA and 15+ African regulatory frameworks.
+Author-email: Oluwajuwon Omotayo <oluwajuwon.falore@sagegreytech.com>
+License: Apache-2.0
+Project-URL: Homepage, https://comply54.io
+Project-URL: Repository, https://github.com/comply54/comply54
+Project-URL: Issues, https://github.com/comply54/comply54/issues
+Keywords: comply54,africa,compliance,ai-governance,ndpa,cbn,kdpa,popia,rego,opa,fintech,data-protection,nigeria,kenya
+Classifier: Development Status :: 4 - Beta
+Classifier: Intended Audience :: Developers
+Classifier: Topic :: Security
+Classifier: Topic :: Office/Business :: Financial
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Requires-Python: >=3.9
+Description-Content-Type: text/markdown
+Requires-Dist: regopy>=1.4.0
+Requires-Dist: pydantic>=2.0.0
+Provides-Extra: langchain
+Requires-Dist: langchain-core>=0.1.0; extra == "langchain"
+Provides-Extra: crewai
+Requires-Dist: crewai>=0.28.0; extra == "crewai"
+Provides-Extra: autogen
+Requires-Dist: pyautogen>=0.2.0; extra == "autogen"
+Provides-Extra: all
+Requires-Dist: langchain-core>=0.1.0; extra == "all"
+Requires-Dist: crewai>=0.28.0; extra == "all"
+Requires-Dist: pyautogen>=0.2.0; extra == "all"
+Provides-Extra: dev
+Requires-Dist: pytest>=8.0; extra == "dev"
+Requires-Dist: pytest-cov; extra == "dev"
+Requires-Dist: ruff; extra == "dev"
+Requires-Dist: pyright; extra == "dev"
+
+# Comply54
+
+**Open-source AI governance registry and tooling for African regulatory compliance.**
+
+[![CI](https://github.com/comply54/comply54/actions/workflows/ci.yml/badge.svg)](https://github.com/comply54/comply54/actions/workflows/ci.yml)
+[![codecov](https://codecov.io/gh/comply54/comply54/branch/main/graph/badge.svg)](https://codecov.io/gh/comply54/comply54)
+[![PyPI](https://img.shields.io/pypi/v/comply54.svg)](https://pypi.org/project/comply54)
+[![npm](https://img.shields.io/npm/v/@comply54/core.svg)](https://www.npmjs.com/package/@comply54/core)
+[![Python](https://img.shields.io/pypi/pyversions/comply54.svg)](https://pypi.org/project/comply54)
+[![License](https://img.shields.io/badge/license-Apache%202.0-blue.svg)](LICENSE)
+
+---
+
+## How it relates to agt-policies-nigeria
+
+```
+kingztech2019/agt-policies-nigeria          comply54
+──────────────────────────────────          ────────────────────────────────────
+The policy SOURCE.                          The registry and tooling LAYER.
+
+• 12 policy packs (YAML + Rego)    ──▶     • registry.json indexes them by URL
+• Cited in Microsoft AGT main      ──▶     • adapters load them into any framework
+• OPA tests (306 passing)          ──▶     • schema validates them on every PR
+• Stays at kingztech2019 forever   ──▶     • comply54 never duplicates them
+```
+
+`agt-policies-nigeria` is where the policy files live — it is permanently cited in
+[Microsoft Agent-OS](https://github.com/microsoft/agent-governance-toolkit). That repo
+will never move.
+
+`comply54` is where the ecosystem lives — the registry, framework adapters, JSON Schema
+validator, and CI tooling that makes those policies consumable from LangChain, CrewAI,
+AutoGen, and any OPA pipeline. When new packs are contributed (Ghana DPA, Rwanda DPA,
+ECOWAS), their policy files will live under `packages/` in this repo.
+
+---
+
+## Policy Packs (current)
+
+All 12 current packs are sourced from `kingztech2019/agt-policies-nigeria`.
+`registry.json` has the direct raw GitHub URLs for each.
+
+### Universal Agent Safety Controls
+
+| Pack | Regulation | OWASP Ref |
+|------|-----------|-----------|
+| prompt-injection | OWASP Agentic AI — LLM01/ASI01 | LLM01 |
+| pii-leakage | OWASP LLM06 | LLM06 |
+| tool-permissions | OWASP LLM08 | LLM08 |
+| human-approval | OWASP LLM09 | LLM09 |
+| model-routing | OWASP LLM03/LLM05 | LLM03/LLM05 |
+
+### Nigerian Regulatory Packs
+
+| Pack | Regulation | Authority |
+|------|-----------|----------|
+| nigeria/ndpa | Nigeria Data Protection Act 2023 | NDPC |
+| nigeria/cbn | CBN Transaction Limits & Tiered KYC | CBN |
+| nigeria/bvn-nin | CBN BVN Framework; NIBSS Rules | CBN / NIBSS |
+| nigeria/nfiu-aml | MLPPA 2022 / NFIU AML Guidelines | NFIU |
+| nigeria/pos-geofencing | CBN Agent Banking Guidelines 2020 | CBN |
+
+### East Africa
+
+| Pack | Regulation | Authority |
+|------|-----------|----------|
+| kenya/kdpa | Kenya Data Protection Act 2019 | ODPC |
+
+### Southern Africa
+
+| Pack | Regulation | Authority |
+|------|-----------|----------|
+| south-africa/popia | POPIA Act 4 of 2013 | Information Regulator ZA |
+
+---
+
+## Quick Start
+
+### With Microsoft Agent-OS (AGT)
+
+```python
+from adapters.agt import load_jurisdiction
+
+# Loads all packs for Nigeria + universal from agt-policies-nigeria (via raw GitHub URL)
+policies = load_jurisdiction("NG")
+
+for policy in policies:
+    result = policy.evaluate({"action": "export_data", "output": ""})
+```
+
+### With LangChain / LangGraph
+
+```python
+from adapters.langchain import compliance_node
+
+# Pack source URL from registry.json
+node = compliance_node([
+    "https://raw.githubusercontent.com/kingztech2019/agt-policies-nigeria/main/policies/ndpa-data-residency.yaml",
+    "https://raw.githubusercontent.com/kingztech2019/agt-policies-nigeria/main/policies/agent-pii-leakage.yaml",
+])
+graph.add_node("compliance", node)
+```
+
+### With CrewAI
+
+```python
+from adapters.crewai import build_tools_for_jurisdiction
+
+tools = build_tools_for_jurisdiction("NG")
+agent = Agent(role="Fintech Agent", tools=tools, ...)
+```
+
+### With AutoGen
+
+```python
+from adapters.autogen import check_all_packs
+
+result = check_all_packs(jurisdiction="NG", action="send_to_external", output="user@example.com")
+# {"overall": "block", "results": [...]}
+```
+
+### Direct OPA (from agt-policies-nigeria)
+
+```bash
+git clone https://github.com/kingztech2019/agt-policies-nigeria
+cd agt-policies-nigeria
+opa test policies/rego/ -v   # 306 tests
+```
+
+---
+
+## Consuming the Registry
+
+```python
+import json, urllib.request
+
+registry = json.loads(
+    urllib.request.urlopen(
+        "https://raw.githubusercontent.com/kingztech2019/comply54/main/registry.json"
+    ).read()
+)
+
+# Get all packs for Nigeria
+ng_pack_ids = registry["jurisdiction_map"]["NG"]
+ng_packs = [p for p in registry["packs"] if p["id"] in ng_pack_ids]
+
+# Fetch a policy YAML directly
+import yaml, urllib.request
+policy_yaml = yaml.safe_load(
+    urllib.request.urlopen(ng_packs[0]["source_yaml"]).read()
+)
+```
+
+---
+
+## Adding a New Pack
+
+New packs that are NOT part of `agt-policies-nigeria` (e.g. Ghana DPA, Rwanda DPA,
+ECOWAS) go into `packages/<jurisdiction>/<slug>/` in this repo. See [CONTRIBUTING.md](CONTRIBUTING.md).
+
+Packs already in `agt-policies-nigeria` do not need to be duplicated here — add a
+registry entry in `registry.json` with the `source_yaml` URL.
+
+---
+
+## Validation & CI
+
+```bash
+pip install pyyaml jsonschema
+
+# Validate all packs in registry.json (fetches remote ones over HTTPS)
+python tools/validate.py
+
+# Skip remote packs (offline mode)
+python tools/validate.py --local-only
+
+# Validate a single local pack
+python tools/validate.py packages/ghana/gdpa
+```
+
+CI runs on every push and PR:
+1. Schema validation (all registry packs — remote + local)
+2. OPA tests (local packs only — remote packs tested in agt-policies-nigeria)
+3. Regal lint (local packs only)
+4. meta.json completeness (local packs)
+5. Registry source URL reachability check
+
+---
+
+## Disclaimer
+
+Comply54 policy packs are community-maintained governance **starter templates**, not
+certified legal compliance instruments. Organisations must perform their own assessments
+with qualified legal and regulatory advisors before deploying in regulated environments.

comply54-0.1.0/README.md

@@ -0,0 +1,194 @@
+# Comply54
+
+**Open-source AI governance registry and tooling for African regulatory compliance.**
+
+[![CI](https://github.com/comply54/comply54/actions/workflows/ci.yml/badge.svg)](https://github.com/comply54/comply54/actions/workflows/ci.yml)
+[![codecov](https://codecov.io/gh/comply54/comply54/branch/main/graph/badge.svg)](https://codecov.io/gh/comply54/comply54)
+[![PyPI](https://img.shields.io/pypi/v/comply54.svg)](https://pypi.org/project/comply54)
+[![npm](https://img.shields.io/npm/v/@comply54/core.svg)](https://www.npmjs.com/package/@comply54/core)
+[![Python](https://img.shields.io/pypi/pyversions/comply54.svg)](https://pypi.org/project/comply54)
+[![License](https://img.shields.io/badge/license-Apache%202.0-blue.svg)](LICENSE)
+
+---
+
+## How it relates to agt-policies-nigeria
+
+```
+kingztech2019/agt-policies-nigeria          comply54
+──────────────────────────────────          ────────────────────────────────────
+The policy SOURCE.                          The registry and tooling LAYER.
+
+• 12 policy packs (YAML + Rego)    ──▶     • registry.json indexes them by URL
+• Cited in Microsoft AGT main      ──▶     • adapters load them into any framework
+• OPA tests (306 passing)          ──▶     • schema validates them on every PR
+• Stays at kingztech2019 forever   ──▶     • comply54 never duplicates them
+```
+
+`agt-policies-nigeria` is where the policy files live — it is permanently cited in
+[Microsoft Agent-OS](https://github.com/microsoft/agent-governance-toolkit). That repo
+will never move.
+
+`comply54` is where the ecosystem lives — the registry, framework adapters, JSON Schema
+validator, and CI tooling that makes those policies consumable from LangChain, CrewAI,
+AutoGen, and any OPA pipeline. When new packs are contributed (Ghana DPA, Rwanda DPA,
+ECOWAS), their policy files will live under `packages/` in this repo.
+
+---
+
+## Policy Packs (current)
+
+All 12 current packs are sourced from `kingztech2019/agt-policies-nigeria`.
+`registry.json` has the direct raw GitHub URLs for each.
+
+### Universal Agent Safety Controls
+
+| Pack | Regulation | OWASP Ref |
+|------|-----------|-----------|
+| prompt-injection | OWASP Agentic AI — LLM01/ASI01 | LLM01 |
+| pii-leakage | OWASP LLM06 | LLM06 |
+| tool-permissions | OWASP LLM08 | LLM08 |
+| human-approval | OWASP LLM09 | LLM09 |
+| model-routing | OWASP LLM03/LLM05 | LLM03/LLM05 |
+
+### Nigerian Regulatory Packs
+
+| Pack | Regulation | Authority |
+|------|-----------|----------|
+| nigeria/ndpa | Nigeria Data Protection Act 2023 | NDPC |
+| nigeria/cbn | CBN Transaction Limits & Tiered KYC | CBN |
+| nigeria/bvn-nin | CBN BVN Framework; NIBSS Rules | CBN / NIBSS |
+| nigeria/nfiu-aml | MLPPA 2022 / NFIU AML Guidelines | NFIU |
+| nigeria/pos-geofencing | CBN Agent Banking Guidelines 2020 | CBN |
+
+### East Africa
+
+| Pack | Regulation | Authority |
+|------|-----------|----------|
+| kenya/kdpa | Kenya Data Protection Act 2019 | ODPC |
+
+### Southern Africa
+
+| Pack | Regulation | Authority |
+|------|-----------|----------|
+| south-africa/popia | POPIA Act 4 of 2013 | Information Regulator ZA |
+
+---
+
+## Quick Start
+
+### With Microsoft Agent-OS (AGT)
+
+```python
+from adapters.agt import load_jurisdiction
+
+# Loads all packs for Nigeria + universal from agt-policies-nigeria (via raw GitHub URL)
+policies = load_jurisdiction("NG")
+
+for policy in policies:
+    result = policy.evaluate({"action": "export_data", "output": ""})
+```
+
+### With LangChain / LangGraph
+
+```python
+from adapters.langchain import compliance_node
+
+# Pack source URL from registry.json
+node = compliance_node([
+    "https://raw.githubusercontent.com/kingztech2019/agt-policies-nigeria/main/policies/ndpa-data-residency.yaml",
+    "https://raw.githubusercontent.com/kingztech2019/agt-policies-nigeria/main/policies/agent-pii-leakage.yaml",
+])
+graph.add_node("compliance", node)
+```
+
+### With CrewAI
+
+```python
+from adapters.crewai import build_tools_for_jurisdiction
+
+tools = build_tools_for_jurisdiction("NG")
+agent = Agent(role="Fintech Agent", tools=tools, ...)
+```
+
+### With AutoGen
+
+```python
+from adapters.autogen import check_all_packs
+
+result = check_all_packs(jurisdiction="NG", action="send_to_external", output="user@example.com")
+# {"overall": "block", "results": [...]}
+```
+
+### Direct OPA (from agt-policies-nigeria)
+
+```bash
+git clone https://github.com/kingztech2019/agt-policies-nigeria
+cd agt-policies-nigeria
+opa test policies/rego/ -v   # 306 tests
+```
+
+---
+
+## Consuming the Registry
+
+```python
+import json, urllib.request
+
+registry = json.loads(
+    urllib.request.urlopen(
+        "https://raw.githubusercontent.com/kingztech2019/comply54/main/registry.json"
+    ).read()
+)
+
+# Get all packs for Nigeria
+ng_pack_ids = registry["jurisdiction_map"]["NG"]
+ng_packs = [p for p in registry["packs"] if p["id"] in ng_pack_ids]
+
+# Fetch a policy YAML directly
+import yaml, urllib.request
+policy_yaml = yaml.safe_load(
+    urllib.request.urlopen(ng_packs[0]["source_yaml"]).read()
+)
+```
+
+---
+
+## Adding a New Pack
+
+New packs that are NOT part of `agt-policies-nigeria` (e.g. Ghana DPA, Rwanda DPA,
+ECOWAS) go into `packages/<jurisdiction>/<slug>/` in this repo. See [CONTRIBUTING.md](CONTRIBUTING.md).
+
+Packs already in `agt-policies-nigeria` do not need to be duplicated here — add a
+registry entry in `registry.json` with the `source_yaml` URL.
+
+---
+
+## Validation & CI
+
+```bash
+pip install pyyaml jsonschema
+
+# Validate all packs in registry.json (fetches remote ones over HTTPS)
+python tools/validate.py
+
+# Skip remote packs (offline mode)
+python tools/validate.py --local-only
+
+# Validate a single local pack
+python tools/validate.py packages/ghana/gdpa
+```
+
+CI runs on every push and PR:
+1. Schema validation (all registry packs — remote + local)
+2. OPA tests (local packs only — remote packs tested in agt-policies-nigeria)
+3. Regal lint (local packs only)
+4. meta.json completeness (local packs)
+5. Registry source URL reachability check
+
+---
+
+## Disclaimer
+
+Comply54 policy packs are community-maintained governance **starter templates**, not
+certified legal compliance instruments. Organisations must perform their own assessments
+with qualified legal and regulatory advisors before deploying in regulated environments.

comply54-0.1.0/comply54/__init__.py

@@ -0,0 +1,108 @@
+"""
+comply54
+~~~~~~~~
+African AI governance compliance — enforcement engine and sector packs.
+
+Quick start:
+
+    from comply54 import NigeriaFintechCompliance
+
+    compliance = NigeriaFintechCompliance()
+    result = compliance.check(
+        action="transfer_funds",
+        params={"amount": 15_000_000, "currency": "NGN"},
+        context={"kyc_tier": 3},
+    )
+    if result.blocked:
+        raise ValueError(result.primary_violation.messages[0])
+
+Low-level API:
+
+    from comply54 import evaluate, PACK_REGISTRY
+
+    result = evaluate(
+        pack_ids=["nigeria/cbn", "nigeria/ndpa", "universal/pii-leakage"],
+        action="export_data",
+        params={"destination_country": "CN", "data_type": "pii"},
+    )
+"""
+
+from __future__ import annotations
+
+from .core.engine import Comply54Engine
+from .core.models import Action, ComplianceCertificate, ComplianceResult, EvaluationInput, PolicyDecision
+from .core.packs import (
+    PACK_REGISTRY,
+    PackSpec,
+    packs_for_ids,
+    packs_for_jurisdiction,
+)
+from .sectors import (
+    KenyaFintechCompliance,
+    NigeriaFintechCompliance,
+    PanAfricanFintechCompliance,
+    SectorCompliance,
+)
+
+__version__ = "0.1.0"
+__all__ = [
+    # Sector packs (recommended entry point)
+    "NigeriaFintechCompliance",
+    "KenyaFintechCompliance",
+    "PanAfricanFintechCompliance",
+    "SectorCompliance",
+    # Low-level API
+    "evaluate",
+    "list_packs",
+    "Comply54Engine",
+    "EvaluationInput",
+    "ComplianceResult",
+    "ComplianceCertificate",
+    "PolicyDecision",
+    "Action",
+    # Pack registry
+    "PACK_REGISTRY",
+    "PackSpec",
+    "packs_for_jurisdiction",
+    "packs_for_ids",
+]
+
+
+def list_packs() -> list[PackSpec]:
+    """Return all registered comply54 packs."""
+    return list(PACK_REGISTRY.values())
+
+
+def evaluate(
+    pack_ids: list[str],
+    action: str,
+    params: dict | None = None,
+    output: str = "",
+    context: dict | None = None,
+) -> ComplianceResult:
+    """
+    Evaluate a set of comply54 packs against an agent action.
+
+    This is the lowest-level public API. Prefer sector packs
+    (NigeriaFintechCompliance etc.) for production use.
+
+    Args:
+        pack_ids: List of pack IDs from PACK_REGISTRY.
+        action:   The tool/action name.
+        params:   Structured parameters dict.
+        output:   Agent's proposed text output.
+        context:  Session context dict.
+
+    Returns:
+        ComplianceResult
+
+    Example:
+        result = evaluate(
+            pack_ids=["nigeria/cbn", "universal/pii-leakage"],
+            action="transfer_funds",
+            params={"amount": 15_000_000, "currency": "NGN"},
+        )
+    """
+    packs = packs_for_ids(pack_ids)
+    engine = Comply54Engine(packs=packs)
+    return engine.check(action=action, params=params or {}, output=output, context=context or {})

comply54-0.1.0/comply54/autogen/adapter.py

@@ -0,0 +1,68 @@
+"""
+comply54.autogen.adapter
+~~~~~~~~~~~~~~~~~~~~~~~~
+Microsoft AutoGen integration for comply54.
+
+Usage:
+    from autogen import AssistantAgent
+    from comply54.autogen import register_compliance
+    from comply54 import NigeriaFintechCompliance
+
+    assistant = AssistantAgent("assistant", llm_config=llm_config)
+    register_compliance(assistant, NigeriaFintechCompliance())
+"""
+
+from __future__ import annotations
+
+import json
+from typing import Annotated, Any
+
+from ..sectors._base import SectorCompliance
+
+
+def register_compliance(agent: Any, compliance: SectorCompliance) -> None:
+    """
+    Register a comply54 SectorCompliance pack as a callable function tool on an AutoGen agent.
+
+    Args:
+        agent:      An autogen ConversableAgent or AssistantAgent.
+        compliance: A SectorCompliance instance.
+    """
+    def check_compliance(
+        action: Annotated[str, "The agent action or tool name to evaluate."],
+        params: Annotated[str, "JSON-encoded parameters dict."] = "{}",
+        output: Annotated[str, "The agent's proposed output text."] = "",
+        context: Annotated[str, "JSON-encoded session context dict."] = "{}",
+    ) -> str:
+        result = compliance.check(
+            action=action,
+            params=json.loads(params) if params else {},
+            output=output,
+            context=json.loads(context) if context else {},
+        )
+        return json.dumps({
+            "overall": result.overall,
+            "blocked": result.blocked,
+            "violations": [
+                {"pack": d.pack, "action": d.action, "messages": d.messages}
+                for d in result.violations
+            ],
+        })
+
+    fn_name = f"comply54_{compliance.__class__.__name__.lower()}"
+    check_compliance.__name__ = fn_name
+    check_compliance.__doc__ = (
+        f"comply54 compliance check: {compliance.name}. "
+        f"Jurisdictions: {', '.join(compliance.jurisdictions)}. "
+        "Returns JSON with overall decision and violations."
+    )
+
+    try:
+        agent.register_for_llm(
+            name=fn_name,
+            description=check_compliance.__doc__,
+        )(check_compliance)
+    except AttributeError as e:
+        raise ImportError(
+            "pyautogen is required. Install with: pip install comply54[autogen]"
+        ) from e

comply54-0.1.0/comply54/core/__init__.py

@@ -0,0 +1,12 @@
+from .models import PolicyDecision, ComplianceResult, EvaluationInput
+from .engine import Comply54Engine
+from .packs import PACK_REGISTRY, PackSpec
+
+__all__ = [
+    "PolicyDecision",
+    "ComplianceResult",
+    "EvaluationInput",
+    "Comply54Engine",
+    "PACK_REGISTRY",
+    "PackSpec",
+]