coreason-manifest 0.1.0__py3-none-any.whl

coreason_manifest/policies/compliance.rego

@@ -0,0 +1,81 @@
+package coreason.compliance
+
+import rego.v1
+
+# Do not import data.tbom to avoid namespace confusion, access via data.tbom directly if needed or via helper.
+
+default allow := false
+
+# Deny if 'pickle' is in libraries (matches "pickle", "pickle==1.0", "pickle>=2.0")
+deny contains msg if {
+    some i
+    lib_str := input.dependencies.libraries[i]
+    # Check if the library name starts with 'pickle' followed by end of string or version specifier
+    regex.match("^pickle([<>=!@\\[].*)?$", lib_str)
+    msg := "Security Risk: 'pickle' library is strictly forbidden."
+}
+
+# Deny if 'os' is in libraries
+deny contains msg if {
+    some i
+    lib_str := input.dependencies.libraries[i]
+    regex.match("^os([<>=!@\\[].*)?$", lib_str)
+    msg := "Security Risk: 'os' library is strictly forbidden."
+}
+
+# Deny if description is too short (Business Rule example)
+# Iterates over ALL steps to ensure compliance.
+deny contains msg if {
+    some step in input.topology.steps
+    count(step.description) < 5
+    msg := "Step description is too short."
+}
+
+# Rule 1 (Dependency Pinning): All library dependencies must have explicit version pins.
+# Strictly enforces "name==version" (with optional extras).
+# Rejects "name>=version", "name==version,>=other", etc.
+deny contains msg if {
+    some i
+    lib := input.dependencies.libraries[i]
+
+    # Regex Explanation:
+    # ^                         Start
+    # [a-zA-Z0-9_\-\.]+         Package name (alphanum, _, -, .)
+    # (\[[a-zA-Z0-9_\-\.,]+\])? Optional extras in brackets (e.g. [security,fast])
+    # ==                        Must be strictly '=='
+    # [a-zA-Z0-9_\-\.\+]+       Version string (alphanum, _, -, ., + for metadata)
+    # $                         End (No trailing constraints like ,>=2.0)
+
+    not regex.match("^[a-zA-Z0-9_\\-\\.]+(\\[[a-zA-Z0-9_\\-\\.,]+\\])?==[a-zA-Z0-9_\\-\\.\\+]+$", lib)
+    msg := sprintf("Compliance Violation: Library '%v' must be strictly pinned with '==' (e.g., 'pandas==2.0.1').", [lib])
+}
+
+# Rule 2 (Allowlist Enforcement): Libraries must be in TBOM
+deny contains msg if {
+    some i
+    lib_str := input.dependencies.libraries[i]
+
+    # Extract library name using regex
+    # Pattern must support dots (for namespace packages) and stop before extras brackets or version specifiers.
+    parts := regex.find_all_string_submatch_n("^[a-zA-Z0-9_\\-\\.]+", lib_str, 1)
+    count(parts) > 0
+    lib_name := parts[0][0]
+
+    # Check if lib_name is in tbom (case-insensitive)
+    not is_in_tbom(lib_name)
+
+    msg := sprintf("Compliance Violation: Library '%v' is not in the Trusted Bill of Materials (TBOM).", [lib_name])
+}
+
+# Helper to safely check if lib is in TBOM
+# Returns true if data.tbom exists AND contains the lib (case-insensitive)
+is_in_tbom(lib) if {
+    # Lowercase the input library name
+    lower_lib := lower(lib)
+
+    # Check against TBOM
+    # If data.tbom is undefined, this rule body is undefined (false).
+    # Iterate through TBOM and compare lowercased versions
+    some tbom_lib in data.tbom
+    lower(tbom_lib) == lower_lib
+}

coreason_manifest/policies/tbom.json

@@ -0,0 +1,14 @@
+{
+  "tbom": [
+    "requests",
+    "pydantic",
+    "httpx",
+    "pandas",
+    "numpy",
+    "scipy",
+    "scikit-learn",
+    "torch",
+    "fastapi",
+    "uvicorn"
+  ]
+}

coreason_manifest/policy.py

@@ -0,0 +1,132 @@
+# Prosperity-3.0
+from __future__ import annotations
+
+import json
+import shutil
+import subprocess
+from pathlib import Path
+from typing import Any, List, Optional
+
+from coreason_manifest.errors import PolicyViolationError
+
+
+class PolicyEnforcer:
+    """
+    Component C: PolicyEnforcer (The Compliance Officer).
+
+    Responsibility:
+      - Evaluate the agent against the compliance.rego policy file using OPA.
+    """
+
+    def __init__(
+        self,
+        policy_path: str | Path,
+        opa_path: str = "opa",
+        data_paths: Optional[List[str | Path]] = None,
+    ) -> None:
+        """
+        Initialize the PolicyEnforcer.
+
+        Args:
+            policy_path: Path to the Rego policy file.
+            opa_path: Path to the OPA executable. Defaults to "opa" (expected in PATH).
+            data_paths: List of paths to data files (e.g. JSON/YAML) to be loaded by OPA.
+        """
+        self.policy_path = Path(policy_path)
+        self.data_paths = [Path(p) for p in data_paths] if data_paths else []
+
+        # Validate OPA executable
+        # If opa_path is a simple name (like "opa"), use shutil.which to find it
+        if "/" not in str(opa_path) and "\\" not in str(opa_path):
+            resolved_opa = shutil.which(opa_path)
+            if not resolved_opa:
+                raise FileNotFoundError(f"OPA executable not found in PATH: {opa_path}")
+            self.opa_path = resolved_opa
+        else:
+            # If it's a path, check existence
+            if not Path(opa_path).exists():
+                raise FileNotFoundError(f"OPA executable not found at: {opa_path}")
+            self.opa_path = opa_path
+
+        if not self.policy_path.exists():
+            raise FileNotFoundError(f"Policy file not found: {self.policy_path}")
+
+        for path in self.data_paths:
+            if not path.exists():
+                raise FileNotFoundError(f"Data file not found: {path}")
+
+    def evaluate(self, agent_data: dict[str, Any]) -> None:
+        """
+        Evaluates the agent data against the policy.
+
+        Args:
+            agent_data: The dictionary representation of the AgentDefinition.
+
+        Raises:
+            PolicyViolationError: If there are any policy violations.
+            RuntimeError: If OPA execution fails.
+        """
+        # Prepare input for OPA
+        # We invoke OPA via subprocess: opa eval -d <policy> -d <data> ... -I <input> "data.coreason.compliance.deny"
+        # We pass input via stdin to avoid temp files
+
+        try:
+            # We use 'data.coreason.compliance.deny' as the query
+            query = "data.coreason.compliance.deny"
+
+            # Serialize input to JSON
+            input_json = json.dumps(agent_data)
+
+            cmd = [
+                self.opa_path,
+                "eval",
+                "-d",
+                str(self.policy_path),
+            ]
+
+            # Add data paths
+            for data_path in self.data_paths:
+                cmd.extend(["-d", str(data_path)])
+
+            cmd.extend(
+                [
+                    "-I",  # Read input from stdin
+                    query,
+                    "--format",
+                    "json",
+                ]
+            )
+
+            process = subprocess.run(
+                cmd,
+                input=input_json,
+                capture_output=True,
+                text=True,
+                check=False,  # We handle return code manually
+            )
+
+            if process.returncode != 0:
+                # Include stdout in error message if stderr is empty or insufficient
+                error_msg = process.stderr.strip()
+                if not error_msg:
+                    error_msg = process.stdout.strip() or "Unknown error (empty stdout/stderr)"
+                raise RuntimeError(f"OPA execution failed: {error_msg}")
+
+            # Parse OPA output
+            # Format: {"result": [{"expressions": [{"value": ["violation1", "violation2"]}]}]}
+            result = json.loads(process.stdout)
+
+            violations: List[str] = []
+            if "result" in result and len(result["result"]) > 0:
+                # Assuming the query returns a set/list of strings
+                expressions = result["result"][0].get("expressions", [])
+                if expressions:
+                    violations = expressions[0].get("value", [])
+
+            if violations:
+                raise PolicyViolationError("Policy violations found.", violations=violations)
+
+        except FileNotFoundError as e:
+            raise RuntimeError(f"OPA executable not found at: {self.opa_path}") from e
+        except json.JSONDecodeError as e:
+            raise RuntimeError(f"Failed to parse OPA output: {e}") from e

coreason_manifest/schemas/__init__.py

@@ -0,0 +1 @@
+# Prosperity-3.0

coreason_manifest/schemas/agent.schema.json

@@ -0,0 +1,209 @@
+{
+  "$defs": {
+    "AgentDependencies": {
+      "additionalProperties": false,
+      "description": "External dependencies for the Agent.",
+      "properties": {
+        "tools": {
+          "description": "List of MCP capability URIs required.",
+          "items": {
+            "format": "uri",
+            "minLength": 1,
+            "type": "string"
+          },
+          "title": "Tools",
+          "type": "array"
+        },
+        "libraries": {
+          "description": "List of Python packages required (if code execution is allowed).",
+          "items": {
+            "type": "string"
+          },
+          "title": "Libraries",
+          "type": "array"
+        }
+      },
+      "title": "AgentDependencies",
+      "type": "object"
+    },
+    "AgentInterface": {
+      "additionalProperties": false,
+      "description": "Interface definition for the Agent.",
+      "properties": {
+        "inputs": {
+          "additionalProperties": true,
+          "description": "Typed arguments the agent accepts (JSON Schema).",
+          "title": "Inputs",
+          "type": "object"
+        },
+        "outputs": {
+          "additionalProperties": true,
+          "description": "Typed structure of the result.",
+          "title": "Outputs",
+          "type": "object"
+        }
+      },
+      "required": [
+        "inputs",
+        "outputs"
+      ],
+      "title": "AgentInterface",
+      "type": "object"
+    },
+    "AgentMetadata": {
+      "additionalProperties": false,
+      "description": "Metadata for the Agent.",
+      "properties": {
+        "id": {
+          "description": "Unique Identifier for the Agent (UUID).",
+          "format": "uuid",
+          "title": "Id",
+          "type": "string"
+        },
+        "version": {
+          "description": "Semantic Version of the Agent.",
+          "pattern": "^[vV]*(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$",
+          "title": "Version",
+          "type": "string"
+        },
+        "name": {
+          "description": "Name of the Agent.",
+          "minLength": 1,
+          "title": "Name",
+          "type": "string"
+        },
+        "author": {
+          "description": "Author of the Agent.",
+          "minLength": 1,
+          "title": "Author",
+          "type": "string"
+        },
+        "created_at": {
+          "description": "Creation timestamp (ISO 8601).",
+          "format": "date-time",
+          "title": "Created At",
+          "type": "string"
+        }
+      },
+      "required": [
+        "id",
+        "version",
+        "name",
+        "author",
+        "created_at"
+      ],
+      "title": "AgentMetadata",
+      "type": "object"
+    },
+    "AgentTopology": {
+      "additionalProperties": false,
+      "description": "Topology of the Agent execution.",
+      "properties": {
+        "steps": {
+          "description": "A directed acyclic graph (DAG) of execution steps.",
+          "items": {
+            "$ref": "#/$defs/Step"
+          },
+          "title": "Steps",
+          "type": "array"
+        },
+        "model_config": {
+          "$ref": "#/$defs/ModelConfig",
+          "description": "Specific LLM parameters."
+        }
+      },
+      "required": [
+        "steps",
+        "model_config"
+      ],
+      "title": "AgentTopology",
+      "type": "object"
+    },
+    "ModelConfig": {
+      "additionalProperties": false,
+      "description": "LLM Configuration parameters.",
+      "properties": {
+        "model": {
+          "description": "The LLM model identifier.",
+          "title": "Model",
+          "type": "string"
+        },
+        "temperature": {
+          "description": "Temperature for generation.",
+          "maximum": 2.0,
+          "minimum": 0.0,
+          "title": "Temperature",
+          "type": "number"
+        }
+      },
+      "required": [
+        "model",
+        "temperature"
+      ],
+      "title": "ModelConfig",
+      "type": "object"
+    },
+    "Step": {
+      "additionalProperties": false,
+      "description": "A single step in the execution graph.",
+      "properties": {
+        "id": {
+          "description": "Unique identifier for the step.",
+          "minLength": 1,
+          "title": "Id",
+          "type": "string"
+        },
+        "description": {
+          "anyOf": [
+            {
+              "type": "string"
+            },
+            {
+              "type": "null"
+            }
+          ],
+          "default": null,
+          "description": "Description of the step.",
+          "title": "Description"
+        }
+      },
+      "required": [
+        "id"
+      ],
+      "title": "Step",
+      "type": "object"
+    }
+  },
+  "$id": "https://coreason.ai/schemas/agent.schema.json",
+  "additionalProperties": false,
+  "description": "The definitive source of truth for CoReason Agent definitions.",
+  "properties": {
+    "metadata": {
+      "$ref": "#/$defs/AgentMetadata"
+    },
+    "interface": {
+      "$ref": "#/$defs/AgentInterface"
+    },
+    "topology": {
+      "$ref": "#/$defs/AgentTopology"
+    },
+    "dependencies": {
+      "$ref": "#/$defs/AgentDependencies"
+    },
+    "integrity_hash": {
+      "description": "SHA256 hash of the source code.",
+      "pattern": "^[a-fA-F0-9]{64}$",
+      "title": "Integrity Hash",
+      "type": "string"
+    }
+  },
+  "required": [
+    "metadata",
+    "interface",
+    "topology",
+    "dependencies",
+    "integrity_hash"
+  ],
+  "title": "CoReason Agent Manifest",
+  "type": "object"
+}

coreason_manifest/utils/__init__.py

@@ -0,0 +1,13 @@
+# Copyright (c) 2025 CoReason, Inc.
+#
+# This software is proprietary and dual-licensed.
+# Licensed under the Prosperity Public License 3.0 (the "License").
+# A copy of the license is available at https://prosperitylicense.com/versions/3.0.0
+# For details, see the LICENSE file.
+# Commercial use beyond a 30-day trial requires a separate license.
+#
+# Source Code: https://github.com/CoReason-AI/coreason_manifest
+
+"""
+Utils module.
+"""

coreason_manifest/utils/logger.py

@@ -0,0 +1,48 @@
+# Copyright (c) 2025 CoReason, Inc.
+#
+# This software is proprietary and dual-licensed.
+# Licensed under the Prosperity Public License 3.0 (the "License").
+# A copy of the license is available at https://prosperitylicense.com/versions/3.0.0
+# For details, see the LICENSE file.
+# Commercial use beyond a 30-day trial requires a separate license.
+#
+# Source Code: https://github.com/CoReason-AI/coreason_manifest
+
+import os
+import sys
+from pathlib import Path
+
+from loguru import logger
+
+__all__ = ["logger"]
+
+# Remove default handler
+logger.remove()
+
+# Sink 1: Stdout (Human-readable)
+logger.add(
+    sys.stderr,
+    level="INFO",
+    format=(
+        "<green>{time:YYYY-MM-DD HH:mm:ss}</green> | "
+        "<level>{level: <8}</level> | "
+        "<cyan>{name}</cyan>:<cyan>{function}</cyan>:<cyan>{line}</cyan> - "
+        "<level>{message}</level>"
+    ),
+)
+
+# Ensure logs directory exists
+log_dir = os.getenv("COREASON_LOG_DIR", "logs")
+log_path = Path(log_dir)
+if not log_path.exists():
+    log_path.mkdir(parents=True, exist_ok=True)
+
+# Sink 2: File (JSON, Rotation, Retention)
+logger.add(
+    f"{log_dir}/app.log",
+    rotation="500 MB",
+    retention="10 days",
+    serialize=True,
+    enqueue=True,
+    level="INFO",
+)

coreason_manifest/validator.py

@@ -0,0 +1,56 @@
+# Prosperity-3.0
+from __future__ import annotations
+
+import json
+from importlib.resources import files
+from typing import Any
+
+from jsonschema import FormatChecker, ValidationError, validate
+
+from coreason_manifest.errors import ManifestSyntaxError
+
+
+class SchemaValidator:
+    """
+    Component B: SchemaValidator (The Structural Engineer).
+
+    Responsibility:
+      - Validate the dictionary against the Master JSON Schema.
+      - Check required fields, data types, and format constraints.
+    """
+
+    def __init__(self) -> None:
+        """Initialize the validator by loading the schema."""
+        self.schema = self._load_schema()
+
+    def _load_schema(self) -> dict[str, Any]:
+        """Loads the JSON schema from the package resources."""
+        try:
+            schema_path = files("coreason_manifest.schemas").joinpath("agent.schema.json")
+            with schema_path.open("r", encoding="utf-8") as f:
+                schema = json.load(f)
+            if not isinstance(schema, dict):
+                raise ManifestSyntaxError("Schema file is not a valid JSON object.")
+            return schema
+        except (IOError, json.JSONDecodeError) as e:
+            raise ManifestSyntaxError(f"Failed to load agent schema: {e}") from e
+
+    def validate(self, data: dict[str, Any]) -> bool:
+        """
+        Validates the given dictionary against the agent schema.
+
+        Args:
+            data: The raw dictionary to validate.
+
+        Returns:
+            bool: True if validation passes.
+
+        Raises:
+            ManifestSyntaxError: If validation fails.
+        """
+        try:
+            validate(instance=data, schema=self.schema, format_checker=FormatChecker())
+            return True
+        except ValidationError as e:
+            # We treat schema validation errors as syntax errors in the manifest
+            raise ManifestSyntaxError(f"Schema validation failed: {e.message}") from e

coreason_manifest-0.1.0.dist-info/METADATA

@@ -0,0 +1,114 @@
+Metadata-Version: 2.4
+Name: coreason_manifest
+Version: 0.1.0
+Summary: This package is the definitive source of truth. If it isn't in the manifest, it doesn't exist. If it violates the manifest, it doesn't run.
+License: # The Prosperity Public License 3.0.0
+         
+         Contributor: CoReason, Inc.
+         
+         Source Code: https://github.com/CoReason-AI/coreason_manifest
+         
+         ## Purpose
+         
+         This license allows you to use and share this software for noncommercial purposes for free and to try this software for commercial purposes for thirty days.
+         
+         ## Agreement
+         
+         In order to receive this license, you have to agree to its rules.  Those rules are both obligations under that agreement and conditions to your license.  Don't do anything with this software that triggers a rule you can't or won't follow.
+         
+         ## Notices
+         
+         Make sure everyone who gets a copy of any part of this software from you, with or without changes, also gets the text of this license and the contributor and source code lines above.
+         
+         ## Commercial Trial
+         
+         Limit your use of this software for commercial purposes to a thirty-day trial period.  If you use this software for work, your company gets one trial period for all personnel, not one trial per person.
+         
+         ## Contributions Back
+         
+         Developing feedback, changes, or additions that you contribute back to the contributor on the terms of a standardized public software license such as [the Blue Oak Model License 1.0.0](https://blueoakcouncil.org/license/1.0.0), [the Apache License 2.0](https://www.apache.org/licenses/LICENSE-2.0.html), [the MIT license](https://spdx.org/licenses/MIT.html), or [the two-clause BSD license](https://spdx.org/licenses/BSD-2-Clause.html) doesn't count as use for a commercial purpose.
+         
+         ## Personal Uses
+         
+         Personal use for research, experiment, and testing for the benefit of public knowledge, personal study, private entertainment, hobby projects, amateur pursuits, or religious observance, without any anticipated commercial application, doesn't count as use for a commercial purpose.
+         
+         ## Noncommercial Organizations
+         
+         Use by any charitable organization, educational institution, public research organization, public safety or health organization, environmental protection organization, or government institution doesn't count as use for a commercial purpose regardless of the source of funding or obligations resulting from the funding.
+         
+         ## Defense
+         
+         Don't make any legal claim against anyone accusing this software, with or without changes, alone or with other technology, of infringing any patent.
+         
+         ## Copyright
+         
+         The contributor licenses you to do everything with this software that would otherwise infringe their copyright in it.
+         
+         ## Patent
+         
+         The contributor licenses you to do everything with this software that would otherwise infringe any patents they can license or become able to license.
+         
+         ## Reliability
+         
+         The contributor can't revoke this license.
+         
+         ## Excuse
+         
+         You're excused for unknowingly breaking [Notices](#notices) if you take all practical steps to comply within thirty days of learning you broke the rule.
+         
+         ## No Liability
+         
+         ***As far as the law allows, this software comes as is, without any warranty or condition, and the contributor won't be liable to anyone for any damages related to this software or this license, under any kind of legal claim.***
+License-File: LICENSE
+License-File: NOTICE
+Author: Gowtham A Rao
+Author-email: gowtham.rao@coreason.ai
+Requires-Python: >=3.11
+Classifier: License :: Other/Proprietary License
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Operating System :: OS Independent
+Requires-Dist: jsonschema (>=4.25.1,<5.0.0)
+Requires-Dist: loguru (>=0.7.2,<0.8.0)
+Requires-Dist: pydantic (>=2.12.5,<3.0.0)
+Requires-Dist: pyyaml (>=6.0.3,<7.0.0)
+Project-URL: Documentation, https://github.com/CoReason-AI/coreason_manifest
+Project-URL: Homepage, https://github.com/CoReason-AI/coreason_manifest
+Project-URL: Repository, https://github.com/CoReason-AI/coreason_manifest
+Description-Content-Type: text/markdown
+
+# coreason-manifest
+
+This package is the definitive source of truth. If it isn't in the manifest, it doesn't exist. If it violates the manifest, it doesn't run.
+
+[![CI](https://github.com/CoReason-AI/coreason_manifest/actions/workflows/ci.yml/badge.svg)](https://github.com/CoReason-AI/coreason_manifest/actions/workflows/ci.yml)
+
+## Getting Started
+
+### Prerequisites
+
+- Python 3.12+
+- Poetry
+
+### Installation
+
+1.  Clone the repository:
+    ```sh
+    git clone https://github.com/example/example.git
+    cd my_python_project
+    ```
+2.  Install dependencies:
+    ```sh
+    poetry install
+    ```
+
+### Usage
+
+-   Run the linter:
+    ```sh
+    poetry run pre-commit run --all-files
+    ```
+-   Run the tests:
+    ```sh
+    poetry run pytest
+    ```
+