daai-console 0.1.0a2__py3-none-any.whl

daai_console/__init__.py

@@ -0,0 +1,44 @@
+from daai_console.client import DaaiClient
+from daai_console.exceptions import (
+    DaaiApiError,
+    DaaiConflictError,
+    DaaiError,
+    DaaiNotFoundError,
+    DaaiUnauthorizedError,
+    DaaiValidationError,
+)
+from daai_console.runtime import ActionExecutor, DaaiActionRunner, PendingActionManager
+from daai_console.store import InMemoryPendingStore, PendingAction, PendingStore, SQLitePendingStore
+from daai_console.types import (
+    ActionRunStatusResponse,
+    ActionTicket,
+    ExecutionReportResponse,
+    ExecutionStatus,
+    GovernanceReceipt,
+    GovernanceStatus,
+    InterceptResponse,
+)
+
+__all__ = [
+    "ActionExecutor",
+    "ActionRunStatusResponse",
+    "ActionTicket",
+    "DaaiApiError",
+    "DaaiClient",
+    "DaaiConflictError",
+    "DaaiError",
+    "DaaiNotFoundError",
+    "DaaiUnauthorizedError",
+    "DaaiValidationError",
+    "DaaiActionRunner",
+    "ExecutionReportResponse",
+    "ExecutionStatus",
+    "GovernanceReceipt",
+    "GovernanceStatus",
+    "InMemoryPendingStore",
+    "InterceptResponse",
+    "PendingAction",
+    "PendingActionManager",
+    "PendingStore",
+    "SQLitePendingStore",
+]

daai_console/client.py

@@ -0,0 +1,237 @@
+from __future__ import annotations
+
+from datetime import datetime
+from typing import Any
+from uuid import UUID
+
+import httpx
+
+from daai_console.exceptions import (
+    DaaiApiError,
+    DaaiConflictError,
+    DaaiError,
+    DaaiNotFoundError,
+    DaaiUnauthorizedError,
+    DaaiValidationError,
+)
+from daai_console.types import (
+    ActionRunStatusResponse,
+    ExecutionReportResponse,
+    ExecutionStatus,
+    GovernanceReceipt,
+    GovernanceStatus,
+    InterceptResponse,
+)
+
+
+class DaaiClient:
+    """Low-level DAAI Console API client for cooperative action governance."""
+
+    def __init__(
+        self,
+        base_url: str,
+        api_key: str,
+        workspace_key: str,
+        timeout_seconds: float = 10.0,
+        http_client: httpx.Client | None = None,
+    ) -> None:
+        self._api_key = api_key
+        self._workspace_key = workspace_key
+        self._owns_client = http_client is None
+
+        if http_client is not None:
+            self._http = http_client
+            return
+
+        self._http = httpx.Client(
+            base_url=base_url.rstrip("/"),
+            timeout=timeout_seconds,
+        )
+
+    def close(self) -> None:
+        if self._owns_client:
+            self._http.close()
+
+    def __enter__(self) -> "DaaiClient":
+        return self
+
+    def __exit__(self, exc_type: Any, exc: Any, tb: Any) -> None:
+        self.close()
+
+    def intercept(
+        self,
+        action: str,
+        payload: dict[str, Any] | None = None,
+        idempotency_key: str | None = None,
+    ) -> InterceptResponse:
+        """Propose a registered action before the developer app executes it."""
+        body: dict[str, Any] = {
+            "action": action,
+            "payload": payload or {},
+        }
+        if idempotency_key is not None:
+            body["idempotency_key"] = idempotency_key
+
+        data = self._request("POST", "/v1/sdk/intercept", json=body)
+        return InterceptResponse(
+            action_run_id=UUID(data["action_run_id"]),
+            governance_status=GovernanceStatus(data["governance_status"]),
+            execution_status=ExecutionStatus(data["execution_status"]),
+            governance_reason=data["governance_reason"],
+            executable=bool(data["executable"]),
+            idempotent_replay=bool(data["idempotent_replay"]),
+            receipt=_parse_receipt(data.get("receipt")),
+        )
+
+    def status(self, action_run_id: UUID | str) -> ActionRunStatusResponse:
+        """Fetch current governance and execution status for an action run."""
+        run_id = str(action_run_id)
+        data = self._request("GET", f"/v1/sdk/action-runs/{run_id}/status")
+        governance_status = GovernanceStatus(data["governance_status"])
+        executable = data.get("executable")
+        if executable is None:
+            executable = governance_status in (
+                GovernanceStatus.ALLOWED,
+                GovernanceStatus.APPROVED,
+            )
+
+        return ActionRunStatusResponse(
+            action_run_id=UUID(data["action_run_id"]),
+            action=data["action"],
+            governance_status=governance_status,
+            execution_status=ExecutionStatus(data["execution_status"]),
+            governance_reason=data["governance_reason"],
+            executable=bool(executable),
+            receipt=_parse_receipt(data.get("receipt")),
+            created_at=_parse_datetime(data["created_at"]),
+            decided_at=_parse_datetime(data["decided_at"])
+            if data.get("decided_at") is not None
+            else None,
+        )
+
+    def report_executed(
+        self,
+        action_run_id: UUID | str,
+        execution_result: dict[str, Any] | None = None,
+    ) -> ExecutionReportResponse:
+        """Report that the developer-owned executor completed successfully."""
+        run_id = str(action_run_id)
+        data = self._request(
+            "POST",
+            f"/v1/sdk/action-runs/{run_id}/report-executed",
+            json={"execution_result": execution_result or {}},
+        )
+        return _parse_execution_report(data)
+
+    def report_failed(
+        self,
+        action_run_id: UUID | str,
+        execution_error: str,
+        execution_result: dict[str, Any] | None = None,
+    ) -> ExecutionReportResponse:
+        """Report that the developer-owned executor failed after approval/allowance."""
+        run_id = str(action_run_id)
+        data = self._request(
+            "POST",
+            f"/v1/sdk/action-runs/{run_id}/report-failed",
+            json={
+                "execution_error": execution_error,
+                "execution_result": execution_result or {},
+            },
+        )
+        return _parse_execution_report(data)
+
+    def _request(self, method: str, path: str, **kwargs: Any) -> dict[str, Any]:
+        headers = kwargs.pop("headers", {})
+        headers.update(
+            {
+                "Authorization": f"Bearer {self._api_key}",
+                "X-DAAI-Workspace-Key": self._workspace_key,
+            }
+        )
+
+        try:
+            response = self._http.request(method=method, url=path, headers=headers, **kwargs)
+        except httpx.HTTPError as exc:
+            raise DaaiError(message=str(exc)) from exc
+
+        if response.is_success:
+            data = response.json()
+            if not isinstance(data, dict):
+                raise DaaiApiError(
+                    message="unexpected response payload",
+                    status_code=response.status_code,
+                    body=data,
+                )
+            return data
+
+        self._raise_api_error(response)
+        raise RuntimeError("unreachable")
+
+    def _raise_api_error(self, response: httpx.Response) -> None:
+        body: Any
+        detail: str
+
+        try:
+            body = response.json()
+        except ValueError:
+            body = response.text
+
+        if isinstance(body, dict):
+            detail = str(body.get("detail", f"request failed with {response.status_code}"))
+        else:
+            detail = str(body) if body else f"request failed with {response.status_code}"
+
+        exception_class: type[DaaiApiError]
+        if response.status_code == 401:
+            exception_class = DaaiUnauthorizedError
+        elif response.status_code == 404:
+            exception_class = DaaiNotFoundError
+        elif response.status_code == 409:
+            exception_class = DaaiConflictError
+        elif response.status_code == 422:
+            exception_class = DaaiValidationError
+        else:
+            exception_class = DaaiApiError
+
+        raise exception_class(
+            message=detail,
+            status_code=response.status_code,
+            body=body,
+        )
+
+
+def _parse_execution_report(data: dict[str, Any]) -> ExecutionReportResponse:
+    reported_at_raw = data.get("execution_reported_at")
+    reported_at = (
+        _parse_datetime(reported_at_raw) if reported_at_raw is not None else None
+    )
+    return ExecutionReportResponse(
+        action_run_id=UUID(data["action_run_id"]),
+        execution_status=ExecutionStatus(data["execution_status"]),
+        execution_error=data.get("execution_error"),
+        execution_reported_at=reported_at,
+        idempotent_replay=bool(data["idempotent_replay"]),
+    )
+
+
+def _parse_receipt(raw: dict[str, Any] | None) -> GovernanceReceipt | None:
+    if raw is None:
+        return None
+
+    return GovernanceReceipt(
+        id=UUID(raw["id"]),
+        outcome=raw["outcome"],
+        reason=raw["reason"],
+        policy_type=raw["policy_type"],
+        policy_snapshot=raw["policy_snapshot"],
+        created_at=_parse_datetime(raw["created_at"]),
+    )
+
+
+def _parse_datetime(value: str) -> datetime:
+    # FastAPI/Pydantic can emit UTC as a trailing "Z"; Python 3.9
+    # fromisoformat expects "+00:00", so normalize first.
+    if value.endswith("Z"):
+        value = f"{value[:-1]}+00:00"
+    return datetime.fromisoformat(value)

daai_console/exceptions.py

@@ -0,0 +1,36 @@
+from __future__ import annotations
+
+from dataclasses import dataclass
+from typing import Any
+
+
+@dataclass
+class DaaiError(Exception):
+    message: str
+    status_code: int | None = None
+    body: Any | None = None
+
+    def __str__(self) -> str:
+        if self.status_code is None:
+            return self.message
+        return f"{self.status_code}: {self.message}"
+
+
+class DaaiUnauthorizedError(DaaiError):
+    """Raised for 401 API responses."""
+
+
+class DaaiNotFoundError(DaaiError):
+    """Raised for 404 API responses."""
+
+
+class DaaiConflictError(DaaiError):
+    """Raised for 409 API responses."""
+
+
+class DaaiValidationError(DaaiError):
+    """Raised for 422 API responses."""
+
+
+class DaaiApiError(DaaiError):
+    """Raised for other non-success API responses."""

daai_console/runtime/__init__.py

@@ -0,0 +1,8 @@
+from daai_console.runtime.manager import PendingActionManager
+from daai_console.runtime.runner import ActionExecutor, DaaiActionRunner
+
+__all__ = [
+    "ActionExecutor",
+    "DaaiActionRunner",
+    "PendingActionManager",
+]

daai_console/runtime/manager.py

@@ -0,0 +1,53 @@
+from __future__ import annotations
+
+from datetime import datetime, timezone
+from typing import Any
+
+from daai_console.client import DaaiClient
+from daai_console.store import PendingAction, PendingStore
+from daai_console.types import ActionTicket, GovernanceStatus
+
+
+class PendingActionManager:
+    def __init__(self, client: DaaiClient, pending_store: PendingStore) -> None:
+        self._client = client
+        self._pending_store = pending_store
+
+    def propose(
+        self,
+        action: str,
+        payload: dict[str, Any] | None = None,
+        idempotency_key: str | None = None,
+    ) -> ActionTicket:
+        """Propose an action and persist it locally only when approval is pending."""
+        action_payload = payload or {}
+        response = self._client.intercept(
+            action=action,
+            payload=action_payload,
+            idempotency_key=idempotency_key,
+        )
+
+        stored_for_later = response.governance_status == GovernanceStatus.PENDING_APPROVAL
+        if stored_for_later:
+            self._pending_store.put(
+                PendingAction(
+                    action_run_id=response.action_run_id,
+                    action=action,
+                    payload=action_payload,
+                    idempotency_key=idempotency_key,
+                    created_at=datetime.now(timezone.utc),
+                )
+            )
+
+        return ActionTicket(
+            action_run_id=response.action_run_id,
+            action=action,
+            payload=action_payload,
+            idempotency_key=idempotency_key,
+            governance_status=response.governance_status,
+            execution_status=response.execution_status,
+            governance_reason=response.governance_reason,
+            executable=response.executable,
+            idempotent_replay=response.idempotent_replay,
+            stored_for_later=stored_for_later,
+        )

daai_console/runtime/runner.py

@@ -0,0 +1,80 @@
+from __future__ import annotations
+
+from typing import Any, Callable
+
+from daai_console.client import DaaiClient
+from daai_console.store import PendingStore
+from daai_console.types import ExecutionStatus, GovernanceStatus
+
+
+ActionExecutor = Callable[[dict[str, Any]], Any]
+
+
+class DaaiActionRunner:
+    def __init__(self, client: DaaiClient, pending_store: PendingStore) -> None:
+        self._client = client
+        self._pending_store = pending_store
+        self._executors: dict[str, ActionExecutor] = {}
+
+    def when_executable(
+        self,
+        action: str,
+        run: ActionExecutor,
+    ) -> None:
+        """Register a developer-owned executor for one action name."""
+        self._executors[action] = run
+
+    def run_pending_once(self) -> int:
+        """Poll pending actions once and execute only actions marked executable."""
+        executed_count = 0
+        pending_actions = self._pending_store.list_pending()
+
+        for pending in pending_actions:
+            status = self._client.status(pending.action_run_id)
+
+            if status.governance_status in (
+                GovernanceStatus.REJECTED,
+                GovernanceStatus.BLOCKED,
+            ):
+                self._pending_store.remove(pending.action_run_id)
+                continue
+
+            if status.execution_status in (
+                ExecutionStatus.EXECUTED,
+                ExecutionStatus.FAILED,
+            ):
+                self._pending_store.remove(pending.action_run_id)
+                continue
+
+            if not status.executable:
+                continue
+
+            executor = self._executors.get(pending.action)
+            if executor is None:
+                continue
+
+            try:
+                result = executor(pending.payload)
+                execution_result = _normalize_execution_result(result)
+                self._client.report_executed(
+                    action_run_id=pending.action_run_id,
+                    execution_result=execution_result,
+                )
+                executed_count += 1
+            except Exception as exc:
+                self._client.report_failed(
+                    action_run_id=pending.action_run_id,
+                    execution_error=f"{type(exc).__name__}: {exc}",
+                )
+            finally:
+                self._pending_store.remove(pending.action_run_id)
+
+        return executed_count
+
+
+def _normalize_execution_result(result: Any) -> dict[str, Any]:
+    if result is None:
+        return {}
+    if isinstance(result, dict):
+        return result
+    return {"result": result}

daai_console/store/__init__.py

@@ -0,0 +1,8 @@
+from daai_console.store.pending import InMemoryPendingStore, PendingAction, PendingStore, SQLitePendingStore
+
+__all__ = [
+    "InMemoryPendingStore",
+    "PendingAction",
+    "PendingStore",
+    "SQLitePendingStore",
+]

daai_console/store/pending.py

@@ -0,0 +1,138 @@
+from __future__ import annotations
+
+import json
+import sqlite3
+from dataclasses import dataclass
+from datetime import datetime
+from pathlib import Path
+from typing import Any, Protocol
+from uuid import UUID
+
+
+@dataclass(frozen=True)
+class PendingAction:
+    action_run_id: UUID
+    action: str
+    payload: dict[str, Any]
+    idempotency_key: str | None
+    created_at: datetime
+
+
+class PendingStore(Protocol):
+    def put(self, pending_action: PendingAction) -> None: ...
+
+    def list_pending(self) -> list[PendingAction]: ...
+
+    def remove(self, action_run_id: UUID | str) -> None: ...
+
+
+class InMemoryPendingStore:
+    def __init__(self) -> None:
+        self._pending: dict[str, PendingAction] = {}
+
+    def put(self, pending_action: PendingAction) -> None:
+        self._pending[str(pending_action.action_run_id)] = pending_action
+
+    def list_pending(self) -> list[PendingAction]:
+        return sorted(
+            self._pending.values(),
+            key=lambda item: item.created_at,
+        )
+
+    def remove(self, action_run_id: UUID | str) -> None:
+        self._pending.pop(str(action_run_id), None)
+
+
+class SQLitePendingStore:
+    def __init__(self, db_path: str | Path = "daai_console_pending_actions.sqlite3") -> None:
+        self._db_path = str(db_path)
+        self._ensure_schema()
+
+    def put(self, pending_action: PendingAction) -> None:
+        payload_json = json.dumps(pending_action.payload, separators=(",", ":"))
+
+        with self._connect() as conn:
+            conn.execute(
+                """
+                INSERT INTO pending_actions (
+                    action_run_id,
+                    action,
+                    payload_json,
+                    idempotency_key,
+                    created_at
+                )
+                VALUES (?, ?, ?, ?, ?)
+                ON CONFLICT(action_run_id) DO UPDATE SET
+                    action = excluded.action,
+                    payload_json = excluded.payload_json,
+                    idempotency_key = excluded.idempotency_key,
+                    created_at = excluded.created_at
+                """,
+                (
+                    str(pending_action.action_run_id),
+                    pending_action.action,
+                    payload_json,
+                    pending_action.idempotency_key,
+                    pending_action.created_at.isoformat(),
+                ),
+            )
+            conn.commit()
+
+    def list_pending(self) -> list[PendingAction]:
+        with self._connect() as conn:
+            rows = conn.execute(
+                """
+                SELECT action_run_id, action, payload_json, idempotency_key, created_at
+                FROM pending_actions
+                ORDER BY created_at ASC
+                """
+            ).fetchall()
+
+        pending: list[PendingAction] = []
+        for row in rows:
+            pending.append(
+                PendingAction(
+                    action_run_id=UUID(row["action_run_id"]),
+                    action=row["action"],
+                    payload=_parse_payload_json(row["payload_json"]),
+                    idempotency_key=row["idempotency_key"],
+                    created_at=datetime.fromisoformat(row["created_at"]),
+                )
+            )
+
+        return pending
+
+    def remove(self, action_run_id: UUID | str) -> None:
+        with self._connect() as conn:
+            conn.execute(
+                "DELETE FROM pending_actions WHERE action_run_id = ?",
+                (str(action_run_id),),
+            )
+            conn.commit()
+
+    def _connect(self) -> sqlite3.Connection:
+        conn = sqlite3.connect(self._db_path)
+        conn.row_factory = sqlite3.Row
+        return conn
+
+    def _ensure_schema(self) -> None:
+        with self._connect() as conn:
+            conn.execute(
+                """
+                CREATE TABLE IF NOT EXISTS pending_actions (
+                    action_run_id TEXT PRIMARY KEY,
+                    action TEXT NOT NULL,
+                    payload_json TEXT NOT NULL,
+                    idempotency_key TEXT,
+                    created_at TEXT NOT NULL
+                )
+                """
+            )
+            conn.commit()
+
+
+def _parse_payload_json(value: str) -> dict[str, Any]:
+    parsed = json.loads(value)
+    if isinstance(parsed, dict):
+        return parsed
+    raise ValueError("pending payload must deserialize to an object")

daai_console/types.py

@@ -0,0 +1,79 @@
+from __future__ import annotations
+
+from dataclasses import dataclass
+from datetime import datetime
+from enum import Enum
+from typing import Any
+from uuid import UUID
+
+
+class GovernanceStatus(str, Enum):
+    ALLOWED = "allowed"
+    PENDING_APPROVAL = "pending_approval"
+    APPROVED = "approved"
+    REJECTED = "rejected"
+    BLOCKED = "blocked"
+
+
+class ExecutionStatus(str, Enum):
+    NOT_EXECUTED = "not_executed"
+    AWAITING_EXECUTION_REPORT = "awaiting_execution_report"
+    EXECUTED = "executed"
+    FAILED = "failed"
+
+
+@dataclass(frozen=True)
+class GovernanceReceipt:
+    id: UUID
+    outcome: str
+    reason: str
+    policy_type: str
+    policy_snapshot: dict[str, Any]
+    created_at: datetime
+
+
+@dataclass(frozen=True)
+class InterceptResponse:
+    action_run_id: UUID
+    governance_status: GovernanceStatus
+    execution_status: ExecutionStatus
+    governance_reason: str
+    executable: bool
+    idempotent_replay: bool
+    receipt: GovernanceReceipt | None
+
+
+@dataclass(frozen=True)
+class ActionRunStatusResponse:
+    action_run_id: UUID
+    action: str
+    governance_status: GovernanceStatus
+    execution_status: ExecutionStatus
+    governance_reason: str
+    executable: bool
+    receipt: GovernanceReceipt | None
+    created_at: datetime
+    decided_at: datetime | None
+
+
+@dataclass(frozen=True)
+class ExecutionReportResponse:
+    action_run_id: UUID
+    execution_status: ExecutionStatus
+    execution_error: str | None
+    execution_reported_at: datetime | None
+    idempotent_replay: bool
+
+
+@dataclass(frozen=True)
+class ActionTicket:
+    action_run_id: UUID
+    action: str
+    payload: dict[str, Any]
+    idempotency_key: str | None
+    governance_status: GovernanceStatus
+    execution_status: ExecutionStatus
+    governance_reason: str
+    executable: bool
+    idempotent_replay: bool
+    stored_for_later: bool

daai_console-0.1.0a2.dist-info/METADATA

@@ -0,0 +1,241 @@
+Metadata-Version: 2.4
+Name: daai-console
+Version: 0.1.0a2
+Summary: Python SDK for DAAI Console cooperative action governance.
+Author: DAAI Console
+License-Expression: LicenseRef-DAAI-Alpha
+Project-URL: Homepage, https://github.com/sanyAlam/daai-console-python
+Project-URL: Repository, https://github.com/sanyAlam/daai-console-python
+Project-URL: Issues, https://github.com/sanyAlam/daai-console-python/issues
+Keywords: ai,governance,approval,audit,sdk
+Classifier: Development Status :: 3 - Alpha
+Classifier: Intended Audience :: Developers
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3 :: Only
+Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
+Classifier: Typing :: Typed
+Requires-Python: >=3.9
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: httpx<1.0.0,>=0.28.0
+Provides-Extra: dev
+Requires-Dist: build<2.0.0,>=1.2.0; extra == "dev"
+Requires-Dist: pytest<9.0.0,>=8.4.0; extra == "dev"
+Dynamic: license-file
+
+# DAAI Console Python SDK
+
+DAAI Console is a governance layer for AI automations. It lets developers intercept risky registered agent actions before execution, route them through policy and approval, and produce audit receipts.
+
+This repository contains the public alpha Python SDK for DAAI Console.
+
+## What DAAI Console Is Not
+
+DAAI Console is intentionally narrow in alpha. It is not:
+
+- Magic interception of arbitrary code
+- A browser automation framework
+- A replacement for MCP
+- An OS-wide agent scanner
+- A full enterprise security platform
+
+## Execution Boundary
+
+DAAI Console governs proposal, policy, approval, status, and receipts.
+
+The developer application owns real business execution, local business logic, executor functions, external integrations, and worker or cron triggers. Place this SDK before risky functions. The SDK does not execute callbacks inside `intercept()`.
+
+## Install
+
+From PyPI:
+
+```bash
+pip install daai-console
+```
+
+Alpha pinning:
+
+```bash
+pip install daai-console==0.1.0a2
+```
+
+## Environment
+
+Set these values in your server-side environment:
+
+```bash
+export DAAI_API_KEY="..."
+export DAAI_WORKSPACE_KEY="..."
+export DAAI_BASE_URL="https://your-daai-api.example.com"
+```
+
+Do not expose these values in browser code or frontend bundles.
+
+## Minimal Client Example
+
+```python
+import os
+
+from daai_console import DaaiClient
+
+client = DaaiClient(
+    base_url=os.environ["DAAI_BASE_URL"],
+    api_key=os.environ["DAAI_API_KEY"],
+    workspace_key=os.environ["DAAI_WORKSPACE_KEY"],
+)
+
+payload = {
+    "invoice_id": "INV-1025",
+    "customer_name": "Acme Finance",
+    "amount": 1250,
+}
+
+proposal = client.intercept(
+    action="send_invoice_reminder",
+    payload=payload,
+    idempotency_key="invoice-reminder:INV-1025",
+)
+
+print(proposal.governance_status.value)
+print(proposal.executable)
+
+status = client.status(proposal.action_run_id)
+
+if status.executable:
+    try:
+        # Your app owns the real business execution.
+        provider_result = send_invoice_reminder(payload)
+        client.report_executed(
+            proposal.action_run_id,
+            execution_result={"provider_id": provider_result["id"]},
+        )
+    except Exception as exc:
+        client.report_failed(
+            proposal.action_run_id,
+            execution_error=f"{type(exc).__name__}: {exc}",
+        )
+else:
+    print("Not executable yet. Wait for approval or policy decision.")
+```
+
+## Runtime Helper Example
+
+The runtime helpers make the safe path easier: propose once, persist pending approvals locally, and run only after DAAI Console reports `executable=true`.
+
+```python
+import os
+
+from daai_console import (
+    DaaiActionRunner,
+    DaaiClient,
+    PendingActionManager,
+    SQLitePendingStore,
+)
+
+client = DaaiClient(
+    base_url=os.environ["DAAI_BASE_URL"],
+    api_key=os.environ["DAAI_API_KEY"],
+    workspace_key=os.environ["DAAI_WORKSPACE_KEY"],
+)
+store = SQLitePendingStore("daai_pending_actions.sqlite3")
+manager = PendingActionManager(client=client, pending_store=store)
+
+manager.propose(
+    action="send_invoice_reminder",
+    payload={"invoice_id": "INV-1025", "amount": 1250},
+    idempotency_key="invoice-reminder:INV-1025",
+)
+
+
+def send_invoice_reminder_executor(payload: dict) -> dict:
+    # Keep your existing execution function here.
+    return {"message_id": "example-local-result"}
+
+
+runner = DaaiActionRunner(client=client, pending_store=store)
+runner.when_executable(
+    action="send_invoice_reminder",
+    run=send_invoice_reminder_executor,
+)
+
+executed_count = runner.run_pending_once()
+print(f"Executed {executed_count} approved action(s).")
+```
+
+## Live Alpha Smoke Tests
+
+The unit tests in `tests/` are mocked SDK-internal tests. They do not call DAAI Console and should remain safe for normal local runs and CI.
+
+The scripts in `examples/live_*.py` are opt-in live smoke tests for alpha testers with real DAAI Console credentials. They call the configured API and should be run manually against a staging or alpha workspace.
+
+Before running live scripts, make sure the action is already registered in your DAAI Console workspace. The default expected action is `send_invoice_reminder`. You can override it with `DAAI_TEST_ACTION_NAME`.
+
+Set required environment variables:
+
+```bash
+export DAAI_API_KEY="..."
+export DAAI_WORKSPACE_KEY="..."
+export DAAI_BASE_URL="https://stage.api.daaihq.com"
+```
+
+`DAAI_BASE_URL` must point to the API, not the dashboard. For staging, use `https://stage.api.daaihq.com`, not `https://stage.daaihq.com`.
+
+Optional environment variables:
+
+```bash
+export DAAI_TEST_ACTION_NAME="send_invoice_reminder"
+export DAAI_PENDING_DB_PATH="./daai_alpha_pending.db"
+```
+
+Run the low-level client smoke test:
+
+```bash
+python examples/live_client_smoke.py
+```
+
+Run the runtime smoke flow:
+
+```bash
+python examples/live_runtime_smoke.py propose
+python examples/live_runtime_smoke.py list-pending
+```
+
+If the proposal returns `pending_approval`, approve it from the approval email or dashboard. The SDK does not auto-approve and does not bypass governance. After approval, run:
+
+```bash
+python examples/live_runtime_smoke.py run-pending
+```
+
+`run-pending` uses `DaaiActionRunner` and a fake executor. It only simulates execution, and only runs when DAAI Console reports `executable=true`.
+
+If the API returns `blocked` or `unknown_action`, it usually means the action is not registered in the workspace, the API/workspace key belongs to another workspace, or the action name does not match exactly. Register the action in the dashboard first, then rerun the script with the same action name.
+
+## Security Notes
+
+- Store `DAAI_API_KEY` and `DAAI_WORKSPACE_KEY` server-side only.
+- Do not expose keys in browser or frontend code.
+- Approval links should not contain sensitive payload data.
+- Local pending stores may contain business payloads; treat them as sensitive.
+- The SDK does not execute callbacks inside `intercept()`.
+- Rejected and blocked actions should not execute.
+
+## Known Limitations
+
+- Python SDK first.
+- Cooperative interception only.
+- Developers must register and gate actions explicitly.
+- No automatic arbitrary-code interception.
+- Staging alpha APIs may change.
+- No enterprise RBAC in alpha.
+
+## Alpha Docs
+
+- [Alpha test checklist](docs/alpha-test-checklist.md)
+- [Security model](docs/security-model.md)
+- [Agency adoption prompt](docs/agency-adoption-prompt.md)
+- [Known limitations](docs/known-limitations.md)
+- [Staging alpha guide](docs/staging-alpha-guide.md)

daai_console-0.1.0a2.dist-info/RECORD

@@ -0,0 +1,15 @@
+daai_console/__init__.py,sha256=uDacij5zg7hW3poyh-CJM4KXMF0FQRHfhBmgVH2eO00,1127
+daai_console/client.py,sha256=CyZeGwJQE__rixKUa4x1DcXygQ2aQesfRtbDiI3fBps,7883
+daai_console/exceptions.py,sha256=MJpAJF8FgE8EoyTKP0EJSh6WjK4-x1G_m10p9jeLsQo,772
+daai_console/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+daai_console/types.py,sha256=H6qwxdB53mV4nQhGQrF9KzpiUnGoJhgZkHi4jpOFHe0,1837
+daai_console/runtime/__init__.py,sha256=5AYSBLcPE2GgeQt7ITs5ovP5jOgy6LWY0P8a6EDo6XM,224
+daai_console/runtime/manager.py,sha256=4yTEg737j2iA6BAJ1izJKfBcqc23D8BRc38a914n8TY,1891
+daai_console/runtime/runner.py,sha256=tjgf0F1sBXxNxn3EQJSzgsVWUJTa8pacN5dkklXhKoU,2579
+daai_console/store/__init__.py,sha256=Ls5esVt_MhxuuCuhezbgLUKhxNzy9KDpyQTv4C8hxwk,219
+daai_console/store/pending.py,sha256=VbWvtGU1Yv0G5N81mnDjFptDrZ164pGTnu22h4ImqGQ,4389
+daai_console-0.1.0a2.dist-info/licenses/LICENSE,sha256=fKcW6l5A2Alu1LWFp3Od2ClPszT7eJ3OjUx39X5xD4o,863
+daai_console-0.1.0a2.dist-info/METADATA,sha256=8-McO_HFQxhhlIFLW5gcSSxqQw5vdTP5u6sdKcr1EUs,7666
+daai_console-0.1.0a2.dist-info/WHEEL,sha256=aeYiig01lYGDzBgS8HxWXOg3uV61G9ijOsup-k9o1sk,91
+daai_console-0.1.0a2.dist-info/top_level.txt,sha256=3xwhPyK71ROPJZcfDMA3NLqVOJ4OsyGhjud6c6kUo7U,13
+daai_console-0.1.0a2.dist-info/RECORD,,

daai_console-0.1.0a2.dist-info/WHEEL

@@ -0,0 +1,5 @@
+Wheel-Version: 1.0
+Generator: setuptools (82.0.1)
+Root-Is-Purelib: true
+Tag: py3-none-any
+

daai_console-0.1.0a2.dist-info/licenses/LICENSE

@@ -0,0 +1,17 @@
+DAAI Console Alpha SDK License
+
+Copyright (c) 2026 DAAI Console.
+
+This SDK is provided for alpha evaluation of DAAI Console. You may use, copy,
+and modify this SDK for the purpose of evaluating, testing, and integrating
+DAAI Console during the alpha period.
+
+Redistribution, resale, or production use outside an active DAAI Console alpha
+or written agreement requires prior written permission from DAAI Console.
+
+THE SDK IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
+INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
+PARTICULAR PURPOSE, AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES, OR OTHER LIABILITY, WHETHER
+IN AN ACTION OF CONTRACT, TORT, OR OTHERWISE, ARISING FROM, OUT OF, OR IN
+CONNECTION WITH THE SDK OR THE USE OR OTHER DEALINGS IN THE SDK.

daai_console-0.1.0a2.dist-info/top_level.txt

@@ -0,0 +1 @@
+daai_console