dbl-policy 0.1.1__tar.gz

dbl_policy-0.1.1/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 Lukas Pfister
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

dbl_policy-0.1.1/PKG-INFO

@@ -0,0 +1,80 @@
+Metadata-Version: 2.4
+Name: dbl-policy
+Version: 0.1.1
+Summary: Deterministic policy evaluation layer for dbl-core
+Author-email: Lukas Pfister <228201683+lukaspfisterch@users.noreply.github.com>
+License: MIT
+Project-URL: Repository, https://github.com/lukaspfisterch/dbl-policy
+Project-URL: Issues, https://github.com/lukaspfisterch/dbl-policy/issues
+Keywords: dbl,policy,governance,deterministic
+Classifier: Development Status :: 2 - Pre-Alpha
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3 :: Only
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Typing :: Typed
+Requires-Python: >=3.11
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: dbl-core<0.4,>=0.3
+Provides-Extra: test
+Requires-Dist: pytest<9,>=8; extra == "test"
+Provides-Extra: dev
+Requires-Dist: pytest<9,>=8; extra == "dev"
+Requires-Dist: ruff<1,>=0.5; extra == "dev"
+Requires-Dist: mypy<2,>=1.10; extra == "dev"
+Dynamic: license-file
+
+# DBL Policy
+
+DBL Policy provides deterministic, tenant-scoped policy evaluation that produces DECISION events only. It does not execute tasks.
+
+## Scope
+- Policy decisions derived only from authoritative inputs.
+- No execution, no orchestration, no IO side effects.
+
+## Contract
+- docs/dbl_policy_contract.md
+
+## Install
+
+```bash
+pip install dbl-policy
+```
+
+Requires `dbl-core>=0.3.0`, Python 3.11+.
+
+## Usage
+
+```python
+from dbl_policy import (
+    PolicyContext,
+    PolicyDecision,
+    PolicyId,
+    PolicyVersion,
+    TenantId,
+    DecisionOutcome,
+    decision_to_dbl_event,
+)
+
+context = PolicyContext(
+    tenant_id=TenantId("tenant-1"),
+    inputs={"use_case": "llm-generate"},
+)
+
+decision = PolicyDecision(
+    outcome=DecisionOutcome.ALLOW,
+    reason_code="ok",
+    policy_id=PolicyId("example"),
+    policy_version=PolicyVersion("1.0.0"),
+    tenant_id=context.tenant_id,
+)
+
+event = decision_to_dbl_event(decision, correlation_id="c1")
+```
+
+## License
+
+MIT License. See LICENSE.

dbl_policy-0.1.1/README.md

@@ -0,0 +1,51 @@
+# DBL Policy
+
+DBL Policy provides deterministic, tenant-scoped policy evaluation that produces DECISION events only. It does not execute tasks.
+
+## Scope
+- Policy decisions derived only from authoritative inputs.
+- No execution, no orchestration, no IO side effects.
+
+## Contract
+- docs/dbl_policy_contract.md
+
+## Install
+
+```bash
+pip install dbl-policy
+```
+
+Requires `dbl-core>=0.3.0`, Python 3.11+.
+
+## Usage
+
+```python
+from dbl_policy import (
+    PolicyContext,
+    PolicyDecision,
+    PolicyId,
+    PolicyVersion,
+    TenantId,
+    DecisionOutcome,
+    decision_to_dbl_event,
+)
+
+context = PolicyContext(
+    tenant_id=TenantId("tenant-1"),
+    inputs={"use_case": "llm-generate"},
+)
+
+decision = PolicyDecision(
+    outcome=DecisionOutcome.ALLOW,
+    reason_code="ok",
+    policy_id=PolicyId("example"),
+    policy_version=PolicyVersion("1.0.0"),
+    tenant_id=context.tenant_id,
+)
+
+event = decision_to_dbl_event(decision, correlation_id="c1")
+```
+
+## License
+
+MIT License. See LICENSE.

dbl_policy-0.1.1/pyproject.toml

@@ -0,0 +1,59 @@
+[build-system]
+requires = ["setuptools>=61", "wheel"]
+build-backend = "setuptools.build_meta"
+
+[project]
+name = "dbl-policy"
+version = "0.1.1"
+description = "Deterministic policy evaluation layer for dbl-core"
+readme = "README.md"
+license = { text = "MIT" }
+requires-python = ">=3.11"
+authors = [
+  { name = "Lukas Pfister", email = "228201683+lukaspfisterch@users.noreply.github.com" }
+]
+keywords = ["dbl", "policy", "governance", "deterministic"]
+classifiers = [
+  "Development Status :: 2 - Pre-Alpha",
+  "Intended Audience :: Developers",
+  "License :: OSI Approved :: MIT License",
+  "Programming Language :: Python :: 3",
+  "Programming Language :: Python :: 3 :: Only",
+  "Programming Language :: Python :: 3.11",
+  "Programming Language :: Python :: 3.12",
+  "Typing :: Typed",
+]
+dependencies = [
+  "dbl-core>=0.3,<0.4",
+]
+
+[project.optional-dependencies]
+test = [
+  "pytest>=8,<9",
+]
+dev = [
+  "pytest>=8,<9",
+  "ruff>=0.5,<1",
+  "mypy>=1.10,<2",
+]
+
+[project.urls]
+Repository = "https://github.com/lukaspfisterch/dbl-policy"
+Issues = "https://github.com/lukaspfisterch/dbl-policy/issues"
+
+[tool.setuptools]
+package-dir = { "" = "src" }
+license-files = ["LICENSE"]
+
+[tool.setuptools.packages.find]
+where = ["src"]
+include = ["dbl_policy*"]
+exclude = ["tests*", "docs*", "scripts*"]
+
+[tool.setuptools.package-data]
+dbl_policy = ["py.typed"]
+
+[tool.pytest.ini_options]
+testpaths = ["tests"]
+python_files = ["test_*.py"]
+addopts = ["-q", "--strict-markers", "--strict-config"]

dbl_policy-0.1.1/setup.cfg

@@ -0,0 +1,4 @@
+[egg_info]
+tag_build = 
+tag_date = 0
+

dbl_policy-0.1.1/src/dbl_policy/__init__.py

@@ -0,0 +1,28 @@
+from .model import (
+    DecisionOutcome,
+    Policy,
+    PolicyContext,
+    PolicyDecision,
+    PolicyId,
+    PolicyVersion,
+    TenantId,
+    decision_to_dbl_event,
+)
+
+from .allow_all import AllowAllPolicy
+from .deny_all import DenyAllPolicy
+
+__all__ = [
+    "DecisionOutcome",
+    "Policy",
+    "PolicyContext",
+    "PolicyDecision",
+    "PolicyId",
+    "PolicyVersion",
+    "TenantId",
+    "decision_to_dbl_event",
+    "AllowAllPolicy",
+    "DenyAllPolicy",
+]
+
+__version__ = "0.1.1"

dbl_policy-0.1.1/src/dbl_policy/allow_all.py

@@ -0,0 +1,42 @@
+from __future__ import annotations
+
+from dataclasses import dataclass
+from typing import Any, Mapping
+
+from .model import (
+    DecisionOutcome,
+    PolicyContext,
+    PolicyDecision,
+    PolicyId,
+    PolicyVersion,
+    TenantId,
+)
+
+
+@dataclass(frozen=True)
+class AllowAllPolicy:
+    policy_id: PolicyId = PolicyId("dbl_policy.allow_all")
+    policy_version: PolicyVersion = PolicyVersion("1.0.0")
+
+    def evaluate(self, context: PolicyContext) -> PolicyDecision:
+        return PolicyDecision(
+            outcome=DecisionOutcome.ALLOW,
+            reason_code="allow_all",
+            reason_message="development allow-all policy",
+            policy_id=self.policy_id,
+            policy_version=self.policy_version,
+            tenant_id=context.tenant_id,
+        )
+
+
+POLICY = AllowAllPolicy()
+policy = POLICY
+
+
+def evaluate(context: PolicyContext) -> PolicyDecision:
+    return POLICY.evaluate(context)
+
+
+def decide(*, tenant_id: str, inputs: Mapping[str, Any]) -> PolicyDecision:
+    ctx = PolicyContext(tenant_id=TenantId(tenant_id), inputs=inputs)
+    return POLICY.evaluate(ctx)

dbl_policy-0.1.1/src/dbl_policy/deny_all.py

@@ -0,0 +1,42 @@
+from __future__ import annotations
+
+from dataclasses import dataclass
+from typing import Any, Mapping
+
+from .model import (
+    DecisionOutcome,
+    PolicyContext,
+    PolicyDecision,
+    PolicyId,
+    PolicyVersion,
+    TenantId,
+)
+
+
+@dataclass(frozen=True)
+class DenyAllPolicy:
+    policy_id: PolicyId = PolicyId("dbl_policy.deny_all")
+    policy_version: PolicyVersion = PolicyVersion("1.0.0")
+
+    def evaluate(self, context: PolicyContext) -> PolicyDecision:
+        return PolicyDecision(
+            outcome=DecisionOutcome.DENY,
+            reason_code="deny_all",
+            reason_message="default deny-all policy",
+            policy_id=self.policy_id,
+            policy_version=self.policy_version,
+            tenant_id=context.tenant_id,
+        )
+
+
+POLICY = DenyAllPolicy()
+policy = POLICY
+
+
+def evaluate(context: PolicyContext) -> PolicyDecision:
+    return POLICY.evaluate(context)
+
+
+def decide(*, tenant_id: str, inputs: Mapping[str, Any]) -> PolicyDecision:
+    ctx = PolicyContext(tenant_id=TenantId(tenant_id), inputs=inputs)
+    return POLICY.evaluate(ctx)

dbl_policy-0.1.1/src/dbl_policy/model.py

@@ -0,0 +1,96 @@
+from __future__ import annotations
+
+from dataclasses import dataclass
+from enum import Enum
+import json
+from typing import Any, Mapping, Protocol
+
+from dbl_core import DblEvent, DblEventKind, GateDecision
+
+
+@dataclass(frozen=True)
+class PolicyId:
+    value: str
+
+
+@dataclass(frozen=True)
+class PolicyVersion:
+    value: str
+
+
+@dataclass(frozen=True)
+class TenantId:
+    value: str
+
+
+class DecisionOutcome(str, Enum):
+    ALLOW = "ALLOW"
+    DENY = "DENY"
+
+
+_FORBIDDEN_INPUT_KEYS = {
+    "trace",
+    "trace_digest",
+    "execution",
+    "execution_trace",
+    "success",
+    "failure_code",
+    "exception_type",
+    "exception",
+    "runtime",
+    "runtime_ms",
+}
+
+
+def _canonicalize_mapping(value: Mapping[str, Any]) -> dict[str, Any]:
+    items: dict[str, Any] = {}
+    for key in sorted(value.keys(), key=lambda k: str(k)):
+        items[str(key)] = value[key]
+    return items
+
+
+@dataclass(frozen=True)
+class PolicyContext:
+    tenant_id: TenantId
+    inputs: Mapping[str, Any]
+
+    def __post_init__(self) -> None:
+        if not isinstance(self.inputs, Mapping):
+            raise TypeError("inputs must be a mapping")
+        for key in self.inputs.keys():
+            key_str = str(key).lower()
+            if key_str in _FORBIDDEN_INPUT_KEYS or key_str.startswith("trace") or key_str.startswith("execution"):
+                raise ValueError(f"observational key not allowed: {key}")
+        json.dumps(self.to_dict(), ensure_ascii=True, sort_keys=True)
+
+    def to_dict(self) -> dict[str, Any]:
+        return {
+            "tenant_id": self.tenant_id.value,
+            "inputs": _canonicalize_mapping(self.inputs),
+        }
+
+
+@dataclass(frozen=True)
+class PolicyDecision:
+    outcome: DecisionOutcome
+    reason_code: str
+    policy_id: PolicyId
+    policy_version: PolicyVersion
+    tenant_id: TenantId
+    reason_message: str | None = None
+
+    def __post_init__(self) -> None:
+        if self.outcome not in (DecisionOutcome.ALLOW, DecisionOutcome.DENY):
+            raise ValueError("invalid decision outcome")
+        if not self.reason_code:
+            raise ValueError("reason_code is required")
+
+
+class Policy(Protocol):
+    def evaluate(self, context: PolicyContext) -> PolicyDecision:
+        ...
+
+
+def decision_to_dbl_event(decision: PolicyDecision, correlation_id: str) -> DblEvent:
+    gate = GateDecision(decision.outcome.value, decision.reason_code, decision.reason_message)
+    return DblEvent(DblEventKind.DECISION, correlation_id=correlation_id, data=gate)

dbl_policy-0.1.1/src/dbl_policy.egg-info/PKG-INFO

@@ -0,0 +1,80 @@
+Metadata-Version: 2.4
+Name: dbl-policy
+Version: 0.1.1
+Summary: Deterministic policy evaluation layer for dbl-core
+Author-email: Lukas Pfister <228201683+lukaspfisterch@users.noreply.github.com>
+License: MIT
+Project-URL: Repository, https://github.com/lukaspfisterch/dbl-policy
+Project-URL: Issues, https://github.com/lukaspfisterch/dbl-policy/issues
+Keywords: dbl,policy,governance,deterministic
+Classifier: Development Status :: 2 - Pre-Alpha
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3 :: Only
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Typing :: Typed
+Requires-Python: >=3.11
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: dbl-core<0.4,>=0.3
+Provides-Extra: test
+Requires-Dist: pytest<9,>=8; extra == "test"
+Provides-Extra: dev
+Requires-Dist: pytest<9,>=8; extra == "dev"
+Requires-Dist: ruff<1,>=0.5; extra == "dev"
+Requires-Dist: mypy<2,>=1.10; extra == "dev"
+Dynamic: license-file
+
+# DBL Policy
+
+DBL Policy provides deterministic, tenant-scoped policy evaluation that produces DECISION events only. It does not execute tasks.
+
+## Scope
+- Policy decisions derived only from authoritative inputs.
+- No execution, no orchestration, no IO side effects.
+
+## Contract
+- docs/dbl_policy_contract.md
+
+## Install
+
+```bash
+pip install dbl-policy
+```
+
+Requires `dbl-core>=0.3.0`, Python 3.11+.
+
+## Usage
+
+```python
+from dbl_policy import (
+    PolicyContext,
+    PolicyDecision,
+    PolicyId,
+    PolicyVersion,
+    TenantId,
+    DecisionOutcome,
+    decision_to_dbl_event,
+)
+
+context = PolicyContext(
+    tenant_id=TenantId("tenant-1"),
+    inputs={"use_case": "llm-generate"},
+)
+
+decision = PolicyDecision(
+    outcome=DecisionOutcome.ALLOW,
+    reason_code="ok",
+    policy_id=PolicyId("example"),
+    policy_version=PolicyVersion("1.0.0"),
+    tenant_id=context.tenant_id,
+)
+
+event = decision_to_dbl_event(decision, correlation_id="c1")
+```
+
+## License
+
+MIT License. See LICENSE.

dbl_policy-0.1.1/src/dbl_policy.egg-info/SOURCES.txt

@@ -0,0 +1,13 @@
+LICENSE
+README.md
+pyproject.toml
+src/dbl_policy/__init__.py
+src/dbl_policy/allow_all.py
+src/dbl_policy/deny_all.py
+src/dbl_policy/model.py
+src/dbl_policy.egg-info/PKG-INFO
+src/dbl_policy.egg-info/SOURCES.txt
+src/dbl_policy.egg-info/dependency_links.txt
+src/dbl_policy.egg-info/requires.txt
+src/dbl_policy.egg-info/top_level.txt
+tests/test_policy.py

dbl_policy-0.1.1/src/dbl_policy.egg-info/dependency_links.txt

@@ -0,0 +1 @@
+

dbl_policy-0.1.1/src/dbl_policy.egg-info/requires.txt

@@ -0,0 +1,9 @@
+dbl-core<0.4,>=0.3
+
+[dev]
+pytest<9,>=8
+ruff<1,>=0.5
+mypy<2,>=1.10
+
+[test]
+pytest<9,>=8

dbl_policy-0.1.1/src/dbl_policy.egg-info/top_level.txt

@@ -0,0 +1 @@
+dbl_policy

dbl_policy-0.1.1/tests/test_policy.py

@@ -0,0 +1,89 @@
+from __future__ import annotations
+
+import pytest
+
+from dbl_core import DblEventKind, GateDecision
+from dbl_policy import (
+    DecisionOutcome,
+    PolicyContext,
+    PolicyDecision,
+    PolicyId,
+    PolicyVersion,
+    TenantId,
+    decision_to_dbl_event,
+)
+from dbl_policy.allow_all import POLICY as ALLOW_POLICY
+from dbl_policy.deny_all import POLICY as DENY_POLICY
+
+
+class ExamplePolicy:
+    def __init__(self, policy_id: PolicyId, policy_version: PolicyVersion) -> None:
+        self._policy_id = policy_id
+        self._policy_version = policy_version
+
+    def evaluate(self, context: PolicyContext) -> PolicyDecision:
+        if context.tenant_id.value == "tenant-deny":
+            return PolicyDecision(
+                outcome=DecisionOutcome.DENY,
+                reason_code="tenant_blocked",
+                policy_id=self._policy_id,
+                policy_version=self._policy_version,
+                tenant_id=context.tenant_id,
+            )
+        return PolicyDecision(
+            outcome=DecisionOutcome.ALLOW,
+            reason_code="ok",
+            policy_id=self._policy_id,
+            policy_version=self._policy_version,
+            tenant_id=context.tenant_id,
+        )
+
+
+def test_determinism_same_context_same_decision():
+    policy = ExamplePolicy(PolicyId("example"), PolicyVersion("1.0.0"))
+    context = PolicyContext(tenant_id=TenantId("tenant-1"), inputs={"use_case": "x"})
+    d1 = policy.evaluate(context)
+    d2 = policy.evaluate(context)
+    assert d1 == d2
+
+
+def test_tenant_scoping_changes_decision():
+    policy = ExamplePolicy(PolicyId("example"), PolicyVersion("1.0.0"))
+    allow_ctx = PolicyContext(tenant_id=TenantId("tenant-1"), inputs={"use_case": "x"})
+    deny_ctx = PolicyContext(tenant_id=TenantId("tenant-deny"), inputs={"use_case": "x"})
+    assert policy.evaluate(allow_ctx).outcome == DecisionOutcome.ALLOW
+    assert policy.evaluate(deny_ctx).outcome == DecisionOutcome.DENY
+
+
+def test_no_observables_in_context():
+    with pytest.raises(ValueError, match="observational key not allowed"):
+        PolicyContext(tenant_id=TenantId("tenant-1"), inputs={"trace": {"x": 1}})
+
+
+def test_decision_to_dbl_event():
+    decision = PolicyDecision(
+        outcome=DecisionOutcome.ALLOW,
+        reason_code="ok",
+        policy_id=PolicyId("example"),
+        policy_version=PolicyVersion("1.0.0"),
+        tenant_id=TenantId("tenant-1"),
+    )
+    event = decision_to_dbl_event(decision, correlation_id="c1")
+    assert event.event_kind == DblEventKind.DECISION
+    assert isinstance(event.data, GateDecision)
+    assert event.data.decision == "ALLOW"
+    assert event.data.reason_code == "ok"
+
+
+def test_allow_all_policy() -> None:
+    ctx = PolicyContext(tenant_id=TenantId("tenant-1"), inputs={"use_case": "x"})
+    d = ALLOW_POLICY.evaluate(ctx)
+    assert d.outcome == DecisionOutcome.ALLOW
+    assert d.reason_code == "allow_all"
+
+
+def test_deny_all_policy() -> None:
+    ctx = PolicyContext(tenant_id=TenantId("tenant-1"), inputs={"use_case": "x"})
+    d = DENY_POLICY.evaluate(ctx)
+    assert d.outcome == DecisionOutcome.DENY
+    assert d.reason_code == "deny_all"