control-zero 0.2.0__tar.gz

control_zero-0.2.0/.gitignore

@@ -0,0 +1,63 @@
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[cod]
+*$py.class
+
+# C extensions
+*.so
+
+# Distribution / packaging
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+
+# PyInstaller
+*.manifest
+*.spec
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+coverage_html/
+*.cover
+.hypothesis/
+.pytest_cache/
+
+# Environments
+.env
+.venv
+env/
+venv/
+ENV/
+
+# IDE
+.idea/
+.vscode/
+*.swp
+*.swo
+
+# OS
+.DS_Store
+Thumbs.db

control_zero-0.2.0/LICENSE

@@ -0,0 +1,17 @@
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   Copyright 2024 Control Zero
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

control_zero-0.2.0/PKG-INFO

@@ -0,0 +1,216 @@
+Metadata-Version: 2.4
+Name: control-zero
+Version: 0.2.0
+Summary: Enterprise MCP governance SDK - secrets, policies, and observability
+Project-URL: Homepage, https://controlzero.dev
+Project-URL: Documentation, https://docs.controlzero.dev
+Author-email: Control Zero <hello@controlzero.dev>
+License: Proprietary
+License-File: LICENSE
+Keywords: governance,mcp,observability,policy,secrets
+Classifier: Development Status :: 3 - Alpha
+Classifier: Intended Audience :: Developers
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Requires-Python: >=3.9
+Requires-Dist: cryptography>=41.0.0
+Requires-Dist: httpx>=0.25.0
+Requires-Dist: pydantic>=2.0.0
+Provides-Extra: all
+Requires-Dist: anthropic>=0.20.0; extra == 'all'
+Requires-Dist: crewai>=0.30.0; extra == 'all'
+Requires-Dist: langchain-core>=0.1.0; extra == 'all'
+Requires-Dist: langchain>=0.1.0; extra == 'all'
+Requires-Dist: langgraph>=0.0.20; extra == 'all'
+Requires-Dist: mcp>=0.1.0; extra == 'all'
+Requires-Dist: openai>=1.0.0; extra == 'all'
+Provides-Extra: crewai
+Requires-Dist: crewai>=0.30.0; extra == 'crewai'
+Provides-Extra: dev
+Requires-Dist: anthropic>=0.20.0; extra == 'dev'
+Requires-Dist: mypy>=1.0.0; extra == 'dev'
+Requires-Dist: openai>=1.0.0; extra == 'dev'
+Requires-Dist: pytest-asyncio>=0.21.0; extra == 'dev'
+Requires-Dist: pytest-cov>=4.0.0; extra == 'dev'
+Requires-Dist: pytest-mock>=3.10.0; extra == 'dev'
+Requires-Dist: pytest>=7.0.0; extra == 'dev'
+Requires-Dist: respx>=0.20.0; extra == 'dev'
+Requires-Dist: ruff>=0.1.0; extra == 'dev'
+Provides-Extra: langchain
+Requires-Dist: langchain-core>=0.1.0; extra == 'langchain'
+Requires-Dist: langchain>=0.1.0; extra == 'langchain'
+Requires-Dist: langgraph>=0.0.20; extra == 'langchain'
+Provides-Extra: mcp
+Requires-Dist: mcp>=0.1.0; extra == 'mcp'
+Description-Content-Type: text/markdown
+
+# Control Zero Python SDK
+
+Enterprise MCP governance - secrets, policies, and observability for AI agents.
+
+## Installation
+
+```bash
+pip install control-zero
+```
+
+## Quick Start
+
+```python
+from control_zero import ControlZeroClient
+
+# Initialize with your API key
+client = ControlZeroClient(api_key="cz_live_xxx")
+
+# This fetches config, secrets, and policies from Control Zero
+client.initialize()
+
+# Call MCP tools - secrets are injected automatically!
+result = client.call_tool("github", "list_issues", {"repo": "acme/app"})
+
+# Close when done (flushes logs)
+client.close()
+```
+
+## Features
+
+### Automatic Secret Injection
+
+Secrets configured in the Control Zero dashboard are automatically:
+1. Fetched encrypted from the server
+2. Decrypted in memory
+3. Injected into your MCP calls
+4. Wiped from memory on session end
+
+```python
+# No need to manage secrets in your code!
+# GitHub PAT is automatically injected
+result = client.call_tool("github", "create_issue", {
+    "repo": "acme/app",
+    "title": "Bug report",
+})
+```
+
+### Policy Enforcement
+
+Policies defined in the dashboard are enforced locally:
+
+```python
+from control_zero import PolicyDeniedError
+
+try:
+    result = client.call_tool("stripe", "create_charge", {...})
+except PolicyDeniedError as e:
+    print(f"Denied: {e.decision.reason}")
+```
+
+### Audit Logging
+
+All tool calls are automatically logged for compliance:
+
+- Timestamp, tool, method
+- Latency and status
+- Policy decisions
+- Errors (without sensitive data)
+
+Logs are batched and sent asynchronously to avoid impacting performance.
+
+## Async Usage
+
+```python
+from control_zero import AsyncControlZeroClient
+
+async with AsyncControlZeroClient(api_key="cz_live_xxx") as client:
+    result = await client.call_tool("github", "list_issues", {"repo": "acme/app"})
+```
+
+## MCP Client Wrapping
+
+Wrap an existing MCP client:
+
+```python
+from mcp import Client
+from control_zero import ControlZeroClient, MCPMiddleware
+
+# Initialize Control Zero
+cz = ControlZeroClient(api_key="cz_live_xxx")
+cz.initialize()
+
+# Wrap your MCP client
+mcp = Client()
+wrapped = MCPMiddleware(cz).wrap(mcp)
+
+# Use wrapped client - all calls go through Control Zero
+result = await wrapped.call_tool("github", "list_issues")
+```
+
+## Configuration
+
+```python
+client = ControlZeroClient(
+    api_key="cz_live_xxx",           # Required
+    agent_name="marketing-bot",       # Optional, for logging
+    base_url="https://api.controlzero.dev",  # Or self-hosted
+)
+```
+
+## API Key Types
+
+- `cz_live_*` - Production keys (real secrets, real logging)
+- `cz_test_*` - Test keys (mock responses, test logging)
+
+## Security
+
+- Secrets are held in memory only, never written to disk
+- Memory is securely wiped on session end
+- All communication is encrypted (TLS)
+- Policies are enforced locally for low latency
+
+## Development
+
+### Running Tests
+
+```bash
+# Install dev dependencies
+pip install -e ".[dev]"
+
+# Run all tests
+python -m pytest tests/ -v
+
+# Run with coverage
+python -m pytest tests/ --cov=control_zero --cov-report=term-missing
+
+# Run specific test files
+python -m pytest tests/test_types.py -v
+python -m pytest tests/test_policy.py -v
+python -m pytest tests/test_secrets.py -v
+python -m pytest tests/test_client.py -v
+```
+
+### Code Quality
+
+```bash
+# Format and lint
+ruff check --fix .
+ruff format .
+
+# Type checking
+mypy control_zero/
+```
+
+## Examples
+
+See the [examples/](./examples/) directory for complete usage examples:
+
+- **slack_bot.py** - Secure Slack messaging with channel restrictions
+- **database_agent.py** - PostgreSQL with read-only policies
+- **analytics_agent.py** - ClickHouse queries with governance
+- **github_agent.py** - GitHub operations with branch protection
+- **multi_tool_agent.py** - Complete multi-tool workflow
+
+## License
+
+Proprietary - Control Zero, Inc.

control_zero-0.2.0/README.md

@@ -0,0 +1,167 @@
+# Control Zero Python SDK
+
+Enterprise MCP governance - secrets, policies, and observability for AI agents.
+
+## Installation
+
+```bash
+pip install control-zero
+```
+
+## Quick Start
+
+```python
+from control_zero import ControlZeroClient
+
+# Initialize with your API key
+client = ControlZeroClient(api_key="cz_live_xxx")
+
+# This fetches config, secrets, and policies from Control Zero
+client.initialize()
+
+# Call MCP tools - secrets are injected automatically!
+result = client.call_tool("github", "list_issues", {"repo": "acme/app"})
+
+# Close when done (flushes logs)
+client.close()
+```
+
+## Features
+
+### Automatic Secret Injection
+
+Secrets configured in the Control Zero dashboard are automatically:
+1. Fetched encrypted from the server
+2. Decrypted in memory
+3. Injected into your MCP calls
+4. Wiped from memory on session end
+
+```python
+# No need to manage secrets in your code!
+# GitHub PAT is automatically injected
+result = client.call_tool("github", "create_issue", {
+    "repo": "acme/app",
+    "title": "Bug report",
+})
+```
+
+### Policy Enforcement
+
+Policies defined in the dashboard are enforced locally:
+
+```python
+from control_zero import PolicyDeniedError
+
+try:
+    result = client.call_tool("stripe", "create_charge", {...})
+except PolicyDeniedError as e:
+    print(f"Denied: {e.decision.reason}")
+```
+
+### Audit Logging
+
+All tool calls are automatically logged for compliance:
+
+- Timestamp, tool, method
+- Latency and status
+- Policy decisions
+- Errors (without sensitive data)
+
+Logs are batched and sent asynchronously to avoid impacting performance.
+
+## Async Usage
+
+```python
+from control_zero import AsyncControlZeroClient
+
+async with AsyncControlZeroClient(api_key="cz_live_xxx") as client:
+    result = await client.call_tool("github", "list_issues", {"repo": "acme/app"})
+```
+
+## MCP Client Wrapping
+
+Wrap an existing MCP client:
+
+```python
+from mcp import Client
+from control_zero import ControlZeroClient, MCPMiddleware
+
+# Initialize Control Zero
+cz = ControlZeroClient(api_key="cz_live_xxx")
+cz.initialize()
+
+# Wrap your MCP client
+mcp = Client()
+wrapped = MCPMiddleware(cz).wrap(mcp)
+
+# Use wrapped client - all calls go through Control Zero
+result = await wrapped.call_tool("github", "list_issues")
+```
+
+## Configuration
+
+```python
+client = ControlZeroClient(
+    api_key="cz_live_xxx",           # Required
+    agent_name="marketing-bot",       # Optional, for logging
+    base_url="https://api.controlzero.dev",  # Or self-hosted
+)
+```
+
+## API Key Types
+
+- `cz_live_*` - Production keys (real secrets, real logging)
+- `cz_test_*` - Test keys (mock responses, test logging)
+
+## Security
+
+- Secrets are held in memory only, never written to disk
+- Memory is securely wiped on session end
+- All communication is encrypted (TLS)
+- Policies are enforced locally for low latency
+
+## Development
+
+### Running Tests
+
+```bash
+# Install dev dependencies
+pip install -e ".[dev]"
+
+# Run all tests
+python -m pytest tests/ -v
+
+# Run with coverage
+python -m pytest tests/ --cov=control_zero --cov-report=term-missing
+
+# Run specific test files
+python -m pytest tests/test_types.py -v
+python -m pytest tests/test_policy.py -v
+python -m pytest tests/test_secrets.py -v
+python -m pytest tests/test_client.py -v
+```
+
+### Code Quality
+
+```bash
+# Format and lint
+ruff check --fix .
+ruff format .
+
+# Type checking
+mypy control_zero/
+```
+
+## Examples
+
+See the [examples/](./examples/) directory for complete usage examples:
+
+- **slack_bot.py** - Secure Slack messaging with channel restrictions
+- **database_agent.py** - PostgreSQL with read-only policies
+- **analytics_agent.py** - ClickHouse queries with governance
+- **github_agent.py** - GitHub operations with branch protection
+- **multi_tool_agent.py** - Complete multi-tool workflow
+
+## License
+
+Proprietary - Control Zero, Inc.

control_zero-0.2.0/control_zero/__init__.py

@@ -0,0 +1,31 @@
+"""
+Control Zero - Enterprise MCP Governance SDK
+
+The "magic" SDK that handles authentication, secret injection, policy enforcement,
+and observability for MCP tool calls.
+
+Usage:
+    from control_zero import ControlZeroClient
+
+    # Initialize with your API key
+    client = ControlZeroClient(api_key="cz_live_xxx")
+
+    # Call MCP tools - secrets are injected automatically
+    result = await client.call_tool("github", "list_issues", {"repo": "acme/app"})
+"""
+
+from control_zero.client import ControlZeroClient, AsyncControlZeroClient
+from control_zero.mcp import MCPMiddleware
+from control_zero.policy import PolicyDecision, PolicyDeniedError
+from control_zero.types import ToolConfig, SessionConfig
+
+__version__ = "0.1.0"
+__all__ = [
+    "ControlZeroClient",
+    "AsyncControlZeroClient",
+    "MCPMiddleware",
+    "PolicyDecision",
+    "PolicyDeniedError",
+    "ToolConfig",
+    "SessionConfig",
+]