coreason-manifest 0.9.0__tar.gz → 0.12.0__tar.gz

{coreason_manifest-0.9.0 → coreason_manifest-0.12.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: coreason_manifest
-Version: 0.9.0
+Version: 0.12.0
 Summary: This package is the definitive source of truth. If it isn't in the manifest, it doesn't exist. If it violates the manifest, it doesn't run.
 License: # The Prosperity Public License 3.0.0
          
@@ -68,6 +68,7 @@ Classifier: License :: Other/Proprietary License
 Classifier: Programming Language :: Python :: 3.12
 Classifier: Operating System :: OS Independent
 Requires-Dist: coreason-identity (>=0.4.1,<0.5.0)
+Requires-Dist: jsonschema (>=4.19.0,<5.0.0)
 Requires-Dist: loguru (>=0.7.2,<0.8.0)
 Requires-Dist: pydantic (>=2.12.5,<3.0.0)
 Requires-Dist: pyyaml (>=6.0.3,<7.0.0)
@@ -87,17 +88,25 @@ The definitive source of truth for CoReason-AI Asset definitions. "The Blueprint
 
 ## Overview
 
-`coreason-manifest` acts as the validator for the "Agent Development Lifecycle" (ADLC). It ensures that every Agent produced meets strict GxP and security standards. If it isn't in the manifest, it doesn't exist. If it violates the manifest, it doesn't run.
+`coreason-manifest` serves as the **Shared Kernel** for the Coreason ecosystem. It contains the canonical Pydantic definitions, schemas, and data structures for Agents and Workflows (Recipes).
+
+It provides the **"Blueprint"** that all other services (Builder, Engine, Simulator) rely on. It focuses on strict typing, schema validation, and serialization, ensuring that if it isn't in the manifest, it doesn't exist.
+
+### Standards Clarification
+*Note: The "Coreason Agent Manifest" (CAM) is a proprietary, strict governance schema designed for the CoReason Platform. It is distinct from the Oracle/Linux Foundation "Open Agent Specification," though we aim for future interoperability via adapters.*
 
 ## Features
 
-*   **Open Agent Specification (OAS) Validation:** Parses and validates agent definitions against a strict schema.
-*   **Compliance Enforcement:** Uses Open Policy Agent (OPA) / Rego to enforce complex business rules and allowlists.
-*   **Integrity Verification:** Calculates and verifies SHA256 hashes of the agent's source code to prevent tampering.
-*   **Automatic Schema Generation:** Inspects Python functions to generate Agent Interfaces, automatically handling `UserContext` injection.
-*   **Dependency Pinning:** Enforces strict version pinning for all library dependencies.
-*   **Trusted Bill of Materials (TBOM):** Validates libraries against an approved list.
-*   **Compliance Microservice:** Can be run as a standalone API server (Service C) for centralized validation.
+*   **Coreason Agent Manifest (CAM):** Strict Pydantic models for Agent definitions (`AgentDefinition`) and Recipes (`Recipe`).
+*   **Strict Typing:** Enforces type safety for critical interfaces.
+*   **Governance & Policy:** Enforce organizational rules (domains, risk levels) on agents via `GovernanceConfig`.
+*   **Ergonomic Factory Methods:** Simplified construction of manifests.
+*   **Flexible Tooling:** Support for external tool definitions (`ToolDefinition`) and risk levels (`ToolRiskLevel`).
+*   **Topology Visualization:** Workflows are defined as graph topologies (`Workflow`).
+
+## Serialization & Base Model
+
+Core definitions (e.g., `Manifest`, `Workflow`, `AgentDefinition`) inherit from Pydantic's `BaseModel`. Shared configuration models like `GovernanceConfig` inherit from `CoReasonBaseModel` for enhanced serialization capabilities.
 
 ## Installation
 
@@ -107,30 +116,60 @@ pip install coreason-manifest
 
 ## Usage
 
-`coreason-manifest` supports two modes: **Library (CLI)** and **Server (Microservice)**.
-
-### 1. Library Usage
-
-Use the python library to validate local agent files and verify source integrity.
+This library is used to define and validate Agent configurations programmatically.
 
 ```python
-from coreason_manifest import ManifestEngine, ManifestConfig
-
-# Initialize and Validate
-config = ManifestConfig(policy_path="./policies/compliance.rego")
-engine = ManifestEngine(config)
-agent_def = engine.load_and_validate("agent.yaml", "./src")
-```
-
-### 2. Server Mode
-
-Run the package as a FastAPI server to provide a centralized compliance API.
-
-```bash
-uvicorn coreason_manifest.server:app --host 0.0.0.0 --port 8000
+from coreason_manifest import (
+    Recipe,
+    ManifestMetadata,
+    AgentStep,
+    Workflow,
+    InterfaceDefinition,
+    StateDefinition,
+    PolicyDefinition
+)
+
+# 1. Define Metadata
+metadata = ManifestMetadata(
+    name="Research Agent",
+    version="1.0.0"
+)
+
+# 2. Define Workflow
+workflow = Workflow(
+    start="step1",
+    steps={
+        "step1": AgentStep(
+            id="step1",
+            agent="gpt-4-researcher",
+            next="step2"
+        ),
+        # ... define other steps
+    }
+)
+
+# 3. Instantiate Manifest
+manifest = Recipe(
+    apiVersion="coreason.ai/v2",
+    kind="Recipe",
+    metadata=metadata,
+    interface=InterfaceDefinition(
+        inputs={"topic": {"type": "string"}},
+        outputs={"summary": {"type": "string"}}
+    ),
+    state=StateDefinition(),
+    policy=PolicyDefinition(max_retries=3),
+    workflow=workflow
+)
+
+print(f"Manifest '{manifest.metadata.name}' created successfully.")
 ```
 
 For full details, see the [Usage Documentation](docs/usage.md).
 
-For detailed requirements and architecture, please refer to the [Product Requirements](docs/product_requirements.md) or [Requirements](docs/requirements.md).
+## Documentation
+
+*   [Usage Guide](docs/usage.md): How to load and create manifests.
+*   [Governance & Policy Enforcement](docs/governance_policy_enforcement.md): Validating agents against organizational rules.
+*   [Coreason Agent Manifest (CAM)](docs/cap/specification.md): The Canonical YAML Authoring Format.
 

coreason_manifest-0.12.0/README.md

@@ -0,0 +1,95 @@
+# Coreason Manifest
+
+The definitive source of truth for CoReason-AI Asset definitions. "The Blueprint."
+
+[![License: Prosperity 3.0](https://img.shields.io/badge/license-Prosperity%203.0-blue)](https://github.com/CoReason-AI/coreason-manifest)
+[![Build Status](https://github.com/CoReason-AI/coreason-manifest/actions/workflows/ci.yml/badge.svg)](https://github.com/CoReason-AI/coreason-manifest/actions)
+[![Ruff](https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/astral-sh/ruff/main/assets/badge/v2.json)](https://github.com/astral-sh/ruff)
+[![Documentation](https://img.shields.io/badge/docs-product_requirements-informational)](docs/product_requirements.md)
+
+## Overview
+
+`coreason-manifest` serves as the **Shared Kernel** for the Coreason ecosystem. It contains the canonical Pydantic definitions, schemas, and data structures for Agents and Workflows (Recipes).
+
+It provides the **"Blueprint"** that all other services (Builder, Engine, Simulator) rely on. It focuses on strict typing, schema validation, and serialization, ensuring that if it isn't in the manifest, it doesn't exist.
+
+### Standards Clarification
+*Note: The "Coreason Agent Manifest" (CAM) is a proprietary, strict governance schema designed for the CoReason Platform. It is distinct from the Oracle/Linux Foundation "Open Agent Specification," though we aim for future interoperability via adapters.*
+
+## Features
+
+*   **Coreason Agent Manifest (CAM):** Strict Pydantic models for Agent definitions (`AgentDefinition`) and Recipes (`Recipe`).
+*   **Strict Typing:** Enforces type safety for critical interfaces.
+*   **Governance & Policy:** Enforce organizational rules (domains, risk levels) on agents via `GovernanceConfig`.
+*   **Ergonomic Factory Methods:** Simplified construction of manifests.
+*   **Flexible Tooling:** Support for external tool definitions (`ToolDefinition`) and risk levels (`ToolRiskLevel`).
+*   **Topology Visualization:** Workflows are defined as graph topologies (`Workflow`).
+
+## Serialization & Base Model
+
+Core definitions (e.g., `Manifest`, `Workflow`, `AgentDefinition`) inherit from Pydantic's `BaseModel`. Shared configuration models like `GovernanceConfig` inherit from `CoReasonBaseModel` for enhanced serialization capabilities.
+
+## Installation
+
+```bash
+pip install coreason-manifest
+```
+
+## Usage
+
+This library is used to define and validate Agent configurations programmatically.
+
+```python
+from coreason_manifest import (
+    Recipe,
+    ManifestMetadata,
+    AgentStep,
+    Workflow,
+    InterfaceDefinition,
+    StateDefinition,
+    PolicyDefinition
+)
+
+# 1. Define Metadata
+metadata = ManifestMetadata(
+    name="Research Agent",
+    version="1.0.0"
+)
+
+# 2. Define Workflow
+workflow = Workflow(
+    start="step1",
+    steps={
+        "step1": AgentStep(
+            id="step1",
+            agent="gpt-4-researcher",
+            next="step2"
+        ),
+        # ... define other steps
+    }
+)
+
+# 3. Instantiate Manifest
+manifest = Recipe(
+    apiVersion="coreason.ai/v2",
+    kind="Recipe",
+    metadata=metadata,
+    interface=InterfaceDefinition(
+        inputs={"topic": {"type": "string"}},
+        outputs={"summary": {"type": "string"}}
+    ),
+    state=StateDefinition(),
+    policy=PolicyDefinition(max_retries=3),
+    workflow=workflow
+)
+
+print(f"Manifest '{manifest.metadata.name}' created successfully.")
+```
+
+For full details, see the [Usage Documentation](docs/usage.md).
+
+## Documentation
+
+*   [Usage Guide](docs/usage.md): How to load and create manifests.
+*   [Governance & Policy Enforcement](docs/governance_policy_enforcement.md): Validating agents against organizational rules.
+*   [Coreason Agent Manifest (CAM)](docs/cap/specification.md): The Canonical YAML Authoring Format.

{coreason_manifest-0.9.0 → coreason_manifest-0.12.0}/pyproject.toml

@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "coreason_manifest"
-version = "0.9.0"
+version = "0.12.0"
 description = "This package is the definitive source of truth. If it isn't in the manifest, it doesn't exist. If it violates the manifest, it doesn't run."
 authors = ["Gowtham A Rao <gowtham.rao@coreason.ai>"]
 license = "Prosperity-3.0"
@@ -13,6 +13,7 @@ loguru = "^0.7.2"
 pydantic = "^2.12.5"
 pyyaml = "^6.0.3"
 coreason-identity = "^0.4.1"
+jsonschema = "^4.19.0"
 
 [tool.poetry.group.dev.dependencies]
 pytest = "^9.0.2"
@@ -32,7 +33,7 @@ build-backend = "poetry.core.masonry.api"
 
 [project]
 name = "coreason_manifest"
-version = "0.9.0"
+version = "0.12.0"
 description = "This package is the definitive source of truth. If it isn't in the manifest, it doesn't exist. If it violates the manifest, it doesn't run."
 readme = "README.md"
 requires-python = ">=3.12"
@@ -59,6 +60,9 @@ target-version = "py312"
 select = ["E", "F", "B", "I"]
 ignore = []
 
+[tool.ruff.lint.isort]
+known-first-party = ["coreason_manifest"]
+
 [tool.mypy]
 python_version = "3.12"
 strict = true

coreason_manifest-0.12.0/src/coreason_manifest/__init__.py

@@ -0,0 +1,51 @@
+# Copyright (c) 2025 CoReason, Inc.
+#
+# This software is proprietary and dual-licensed.
+# Licensed under the Prosperity Public License 3.0 (the "License").
+# A copy of the license is available at https://prosperitylicense.com/versions/3.0.0
+# For details, see the LICENSE file.
+# Commercial use beyond a 30-day trial requires a separate license.
+#
+# Source Code: https://github.com/CoReason-AI/coreason-manifest
+
+from .v2.io import dump_to_yaml, load_from_yaml
+from .v2.spec.contracts import InterfaceDefinition, PolicyDefinition, StateDefinition
+from .v2.spec.definitions import (
+    AgentDefinition,
+    AgentStep,
+    CouncilStep,
+    LogicStep,
+    ManifestMetadata,
+    ManifestV2,
+    Step,
+    SwitchStep,
+    ToolDefinition,
+    Workflow,
+)
+
+__version__ = "0.12.0"
+
+Manifest = ManifestV2
+Recipe = ManifestV2
+load = load_from_yaml
+dump = dump_to_yaml
+
+__all__ = [
+    "Manifest",
+    "Recipe",
+    "load",
+    "dump",
+    "__version__",
+    "ManifestMetadata",
+    "AgentStep",
+    "Workflow",
+    "AgentDefinition",
+    "ToolDefinition",
+    "Step",
+    "LogicStep",
+    "SwitchStep",
+    "CouncilStep",
+    "InterfaceDefinition",
+    "StateDefinition",
+    "PolicyDefinition",
+]

coreason_manifest-0.12.0/src/coreason_manifest/common.py

@@ -0,0 +1,64 @@
+# Copyright (c) 2025 CoReason, Inc.
+#
+# This software is proprietary and dual-licensed.
+# Licensed under the Prosperity Public License 3.0 (the "License").
+# A copy of the license is available at https://prosperitylicense.com/versions/3.0.0
+# For details, see the LICENSE file.
+# Commercial use beyond a 30-day trial requires a separate license.
+#
+# Source Code: https://github.com/CoReason-AI/coreason-manifest
+
+from enum import Enum
+from typing import Any, Dict
+
+from pydantic import AnyUrl, BaseModel, ConfigDict, PlainSerializer
+from typing_extensions import Annotated
+
+
+class CoReasonBaseModel(BaseModel):
+    """Base model for all CoReason Pydantic models with enhanced serialization.
+
+    This base class addresses JSON serialization challenges in Pydantic v2 (e.g., UUID, datetime)
+    by providing standardized methods (`dump`, `to_json`) with optimal configuration.
+
+    For a detailed rationale, see `docs/coreason_base_model_rationale.md`.
+    """
+
+    model_config = ConfigDict(populate_by_name=True)
+
+    def dump(self, **kwargs: Any) -> Dict[str, Any]:
+        """Serialize the model to a JSON-compatible dictionary.
+
+        Uses mode='json' to ensure types like UUID and datetime are serialized to strings.
+        Defaults to by_alias=True and exclude_none=True.
+        """
+        # Set defaults but allow overrides
+        kwargs.setdefault("mode", "json")
+        kwargs.setdefault("by_alias", True)
+        kwargs.setdefault("exclude_none", True)
+        return self.model_dump(**kwargs)
+
+    def to_json(self, **kwargs: Any) -> str:
+        """Serialize the model to a JSON string.
+
+        Defaults to by_alias=True and exclude_none=True.
+        """
+        # Set defaults but allow overrides
+        kwargs.setdefault("by_alias", True)
+        kwargs.setdefault("exclude_none", True)
+        return self.model_dump_json(**kwargs)
+
+
+# Strict URI type that serializes to string
+StrictUri = Annotated[
+    AnyUrl,
+    PlainSerializer(lambda x: str(x), return_type=str),
+]
+
+
+class ToolRiskLevel(str, Enum):
+    """Risk level for the tool."""
+
+    SAFE = "safe"
+    STANDARD = "standard"
+    CRITICAL = "critical"

coreason_manifest-0.12.0/src/coreason_manifest/governance.py

@@ -0,0 +1,83 @@
+# Copyright (c) 2025 CoReason, Inc.
+#
+# This software is proprietary and dual-licensed.
+# Licensed under the Prosperity Public License 3.0 (the "License").
+# A copy of the license is available at https://prosperitylicense.com/versions/3.0.0
+# For details, see the LICENSE file.
+# Commercial use beyond a 30-day trial requires a separate license.
+#
+# Source Code: https://github.com/CoReason-AI/coreason-manifest
+
+"""Governance and Policy Enforcement module for Coreason Agents.
+
+This module provides tools to validate an AgentDefinition against a set of organizational rules.
+"""
+
+from typing import List, Optional
+
+from pydantic import ConfigDict, Field
+
+from coreason_manifest.common import CoReasonBaseModel, ToolRiskLevel
+
+
+class GovernanceConfig(CoReasonBaseModel):
+    """Configuration for governance rules.
+
+    Attributes:
+        allowed_domains: List of allowed domains for tool URIs.
+        max_risk_level: Maximum allowed risk level for tools.
+        require_auth_for_critical_tools: Whether authentication is required for agents using CRITICAL tools.
+        allow_inline_tools: Whether to allow inline tool definitions (which lack risk scoring).
+        allow_custom_logic: Whether to allow LogicNodes and conditional Edges with custom code.
+        strict_url_validation: Enforce strict, normalized URL validation.
+    """
+
+    model_config = ConfigDict(extra="forbid", frozen=True)
+
+    allowed_domains: Optional[List[str]] = Field(
+        None, description="If provided, all Tool URIs must match one of these domains."
+    )
+    max_risk_level: Optional[ToolRiskLevel] = Field(
+        None, description="If provided, no tool can exceed this risk level."
+    )
+    require_auth_for_critical_tools: bool = Field(
+        True,
+        description="If an agent uses a CRITICAL tool, agent.metadata.requires_auth must be True.",
+    )
+    allow_inline_tools: bool = Field(
+        True, description="Whether to allow inline tool definitions (which lack risk scoring)."
+    )
+    allow_custom_logic: bool = Field(
+        False, description="Whether to allow LogicNodes and conditional Edges with custom code."
+    )
+    strict_url_validation: bool = Field(True, description="Enforce strict, normalized URL validation.")
+
+
+class ComplianceViolation(CoReasonBaseModel):
+    """Details of a compliance violation.
+
+    Attributes:
+        rule: Name of the rule broken.
+        message: Human readable details.
+        component_id: Name of the tool or component causing the issue.
+    """
+
+    model_config = ConfigDict(extra="forbid", frozen=True)
+
+    rule: str = Field(..., description="Name of the rule broken, e.g., 'domain_restriction'.")
+    message: str = Field(..., description="Human readable details.")
+    component_id: Optional[str] = Field(None, description="Name of the tool or component causing the issue.")
+
+
+class ComplianceReport(CoReasonBaseModel):
+    """Report of compliance checks.
+
+    Attributes:
+        passed: Whether the agent passed all checks.
+        violations: List of violations found.
+    """
+
+    model_config = ConfigDict(extra="forbid", frozen=True)
+
+    passed: bool = Field(..., description="Whether the agent passed all checks.")
+    violations: List[ComplianceViolation] = Field(default_factory=list, description="List of violations found.")

{coreason_manifest-0.9.0/src/coreason_manifest/utils → coreason_manifest-0.12.0/src/coreason_manifest/schemas}/__init__.py

@@ -6,8 +6,4 @@
 # For details, see the LICENSE file.
 # Commercial use beyond a 30-day trial requires a separate license.
 #
-# Source Code: https://github.com/CoReason-AI/coreason_manifest
-
-"""
-Utils module.
-"""
+# Source Code: https://github.com/CoReason-AI/coreason-manifest