eve-coreguard 0.1.1__tar.gz

eve_coreguard-0.1.1/.gitignore

@@ -0,0 +1,196 @@
+# Python
+__pycache__/
+*.py[cod]
+*$py.class
+*.so
+*.egg
+*.egg-info/
+dist/
+build/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+pip-wheel-metadata/
+share/python-wheels/
+*.manifest
+*.spec
+
+# Virtual Environments
+venv/
+ENV/
+env/
+.venv
+
+# PyCharm
+.idea/
+
+# VS Code
+.vscode/
+*.code-workspace
+
+# Jupyter Notebook
+.ipynb_checkpoints
+*.ipynb
+
+# Data and Models
+data/backups/
+data/temp/
+data/cache/
+*.pkl
+*.h5
+*.pth
+*.ckpt
+*.safetensors
+models/
+# saas/models contains Python source, not ML weights — un-ignore it
+!saas/models/
+!saas/models/**
+
+# Logs
+logs/
+*.log
+*.out
+*.err
+
+# Testing
+.coverage
+.pytest_cache/
+htmlcov/
+.tox/
+.nox/
+coverage.xml
+*.cover
+.hypothesis/
+test_results/
+
+# Documentation
+docs/_build/
+site/
+
+# Environment files
+.env
+.env.local
+.env.*.local
+*.env
+
+# System files
+.DS_Store
+Thumbs.db
+desktop.ini
+
+# Temporary files
+*.tmp
+*.temp
+*.swp
+*.swo
+*~
+.tmp/
+
+# Database
+*.db
+*.sqlite
+*.sqlite3
+
+# Secrets and credentials
+*.key
+*.pem
+*.crt
+*.pfx
+secrets/
+credentials/
+
+# Performance profiling
+*.prof
+*.lprof
+
+# Memory dumps
+*.hprof
+*.dump
+
+# Claude
+.claude/
+
+# Local configuration overrides
+config.local.yaml
+settings.local.json
+
+# Node modules
+node_modules/
+
+# FFmpeg binaries
+ffmpeg.exe
+ffprobe.exe
+ffmpeg.zip
+ffmpeg/
+
+# Large binary files
+*.exe
+*.zip
+*.wav
+
+# Runtime data files
+# Deployment-time generated files (written by CI, never committed)
+data/deployment_manifest.json
+data/logs/
+
+# Autonomous-agent runtime outputs (confined here by core/autonomy/safe_output.py)
+# and per-deployment status recorder state. Runtime artifacts, never committed.
+data/runtime/
+data/status/uptime_daily.json
+data/*.db
+data/*.sqlite
+
+data/saas.db-shm
+data/saas.db-wal
+
+# --- P0-1: Audit chain durability ---
+# The signed audit chain and governance evidence are EVE's store of record.
+# They MUST NOT be git-tracked: git operations (checkout/reset/stash/merge)
+# could silently rewrite the chain of custody. See scripts/migrate_audit_store.py
+# and core/audit/store_guard.py. Relocate via EVE_AUDIT_STORE in production.
+data/audit/
+data/governance/
+.chain_seal.json
+**/.chain_seal.json
+**/chain_seal.json
+audit_migration_report.json
+
+# P0-2: DR backup / restore drill artifacts (contain DB + audit copies — never commit)
+/backups/
+/restore_drills/
+/restore_target/
+restore_report.json
+
+# P0-3: generated migration reconciliation artifact (regenerated each run)
+POSTGRES_MIGRATION_RECONCILIATION.json
+ALERT_VERIFICATION_REPORT.md
+
+data/tts_cache/
+data/voice_cache/
+data/voice_events_log.json
+data/ui_preferences_cache.json
+data/uploads/
+data/chroma/
+data/test/
+data/deep_integration_test_report.json
+data/subsystem_config.json
+data/sentience_calibration_knobs.json
+load_test_results/
+eve_log.txt
+test_output.wav
+static_deploy.zip
+nul
+
+# Temp JS files
+tmp_*.js
+
+# OS / editor artifacts
+extglob.FullName
+*.lnk
+MiroShark/
+ruflo/

eve_coreguard-0.1.1/PKG-INFO

@@ -0,0 +1,217 @@
+Metadata-Version: 2.4
+Name: eve-coreguard
+Version: 0.1.1
+Summary: EVE CoreGuard SDK — AI Governance Enforcement in One API Call
+Project-URL: Homepage, https://eveaicore.com
+Project-URL: Documentation, https://docs.eveaicore.com/sdk
+Author: EVE NeuroSystems LLC
+License-Expression: LicenseRef-Proprietary
+Classifier: Development Status :: 4 - Beta
+Classifier: Intended Audience :: Developers
+Classifier: License :: Other/Proprietary License
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
+Classifier: Topic :: Security
+Classifier: Topic :: Software Development :: Libraries
+Classifier: Typing :: Typed
+Requires-Python: >=3.9
+Provides-Extra: async
+Requires-Dist: aiohttp>=3.8; extra == 'async'
+Description-Content-Type: text/markdown
+
+# EVE CoreGuard SDK
+
+**AI Governance Enforcement in One API Call.**
+
+CoreGuard intercepts AI-generated decisions before execution, evaluates them against policy, and returns an auditable enforcement verdict.
+
+## Install
+
+```bash
+pip install eve-coreguard
+```
+
+## Quick Start
+
+```python
+from eve_coreguard import CoreGuardClient
+
+client = CoreGuardClient(
+    api_key="eve_sk_...",
+    base_url="https://api.eveaicore.com",  # or http://localhost:8000
+)
+
+# Evaluate a proposed lending decision against policy
+result = client.evaluate(
+    tenant_id="bank_001",
+    proposed_action={"type": "loan_approval", "amount": 250000, "currency": "USD"},
+    model_output={"decision": "approve", "confidence": 0.91},
+    context={
+        "credit_score": 580,
+        "debt_to_income": 0.52,
+        "employment_verified": False,
+    },
+    policy_set="lending_v1",
+)
+
+if result.blocked:
+    print(f"BLOCKED: {result.decision.action}")
+    print(f"Risk: {result.risk.score} ({result.risk.level})")
+    for v in result.policy_violations:
+        print(f"  - {v.policy_id}: {v.description}")
+    if result.liability_prevented:
+        print(f"Exposure prevented: {result.liability_prevented.estimated_exposure}")
+```
+
+## Core Methods
+
+### Decision Enforcement
+
+```python
+result = client.evaluate(
+    tenant_id="org_001",
+    proposed_action={"type": "loan_approval", "amount": 250000},
+    model_output={"decision": "approve", "confidence": 0.91},
+    context={"credit_score": 580, "debt_to_income": 0.52},
+    policy_set="lending_v1",
+)
+# result.decision.status: ALLOWED | BLOCKED | MODIFIED
+# result.risk.score: 0.0-1.0
+# result.policy_violations: list of violated rules
+# result.regulatory_impact: ECOA, TILA, etc.
+# result.counterfactual: what would have passed
+# result.liability_prevented: estimated exposure
+# result.audit: cryptographic audit trail
+```
+
+### AI Output Verification
+
+```python
+vr = client.verify(
+    ai_output="The capital of France is Paris.",
+    confidence=0.9,
+    domain="factual",
+)
+# vr.passed / vr.blocked
+# vr.crd — Confidence-Reality Divergence score
+# vr.veto.type — pass | soft_veto | hard_veto | charter
+# vr.evidence — step-by-step audit chain
+```
+
+### Audit & Compliance
+
+```python
+# Retrieve cryptographic proof of a governance decision
+proof = client.get_proof("proof_abc123")
+# proof.content_hash, proof.signature, proof.chain_position
+
+# Export decision history
+export = client.export_audit(since="2026-01-01T00:00:00Z", limit=100)
+for record in export.records:
+    print(f"{record.decision_type}: {record.decision}")
+
+# Verify hash chain integrity
+status = client.verify_chain()
+```
+
+## Configuration
+
+| Parameter | Default | Description |
+|-----------|---------|-------------|
+| `api_key` | *required* | EVE API key (`eve_sk_...`) |
+| `base_url` | `https://api.eveaicore.com` | API endpoint |
+| `timeout` | `30.0` | Request timeout (seconds) |
+| `max_retries` | `3` | Retry count for 5xx errors |
+| `raise_on_veto` | `False` | Raise `VetoError` on governance blocks |
+
+## Error Handling
+
+```python
+from eve_coreguard import CoreGuardClient, AuthError, RateLimitError, VetoError
+
+try:
+    result = client.evaluate(...)
+except AuthError:
+    print("Invalid API key")
+except RateLimitError as e:
+    print(f"Rate limited — retry in {e.retry_after}s")
+except VetoError as e:
+    print(f"Governance veto: {e.veto_type}")
+```
+
+## Response Metadata (subscription + rate limits)
+
+Every call captures the response's billing and rate-limit headers. Read them
+after a call (or after catching an error):
+
+```python
+result = client.evaluate(tenant_id="bank_001", ...)
+
+client.subscription_state    # 'active' | 'past_due' | 'restricted' | ...
+client.access_state          # 'full_access' | 'warning' | 'read_only' | ...
+client.quota_warning         # 'payment_past_due' when degraded-but-allowed, else None
+client.rate_limit_limit      # '330' | 'unlimited'
+client.rate_limit_remaining  # calls left in the current 60s window (int | None)
+client.retry_after           # seconds to wait after a 429 (int | None)
+```
+
+The decision endpoint is rate-limited per org by plan tier (Free 10/min,
+Pro 330/min, Team 1150/min, Enterprise/Sovereign unlimited). On exhaustion it
+returns `429` with `Retry-After`. See
+[Response-Header Contract](../../docs/sdk/RESPONSE_HEADER_CONTRACT.md).
+
+## Live Demo (Local)
+
+Run a full end-to-end enforcement decision in 3 steps:
+
+**Step 1: Start the server**
+
+```bash
+cd /path/to/EVE
+python -m uvicorn saas.app:app --port 8000
+```
+
+**Step 2: Install the SDK**
+
+```bash
+cd sdks/coreguard
+pip install -e .
+```
+
+**Step 3: Run the demo**
+
+```bash
+python run_demo.py
+```
+
+**Expected output:**
+
+```
+Decision:   BLOCKED
+Action:     deny_loan_approval
+Risk:       0.6284 (HIGH)
+Violations: 3
+  - CREDIT_SCORE_MIN: Credit score 580 is below the minimum threshold of 620
+  - DTI_LIMIT: Debt-to-income ratio 0.52 exceeds the maximum threshold of 0.45
+  - EMPLOYMENT_REQUIRED: Employment verification is missing or unverified
+Regulatory: 3 impact(s)
+  - ECOA [CRITICAL]: Potential discriminatory lending decision based on credit criteria
+  - ECOA [CRITICAL]: DTI threshold may disproportionately affect protected classes
+  - TILA [CRITICAL]: Incomplete underwriting verification
+Liability:  $125,000 - $625,000
+Audit:      audit_8e6db687d87d
+```
+
+## Requirements
+
+- Python 3.9+
+- Zero required dependencies (stdlib `urllib` only)
+- Optional: `aiohttp` for async support (`pip install eve-coreguard[async]`)
+
+## License
+
+Proprietary. See LICENSE for details.

eve_coreguard-0.1.1/README.md

@@ -0,0 +1,192 @@
+# EVE CoreGuard SDK
+
+**AI Governance Enforcement in One API Call.**
+
+CoreGuard intercepts AI-generated decisions before execution, evaluates them against policy, and returns an auditable enforcement verdict.
+
+## Install
+
+```bash
+pip install eve-coreguard
+```
+
+## Quick Start
+
+```python
+from eve_coreguard import CoreGuardClient
+
+client = CoreGuardClient(
+    api_key="eve_sk_...",
+    base_url="https://api.eveaicore.com",  # or http://localhost:8000
+)
+
+# Evaluate a proposed lending decision against policy
+result = client.evaluate(
+    tenant_id="bank_001",
+    proposed_action={"type": "loan_approval", "amount": 250000, "currency": "USD"},
+    model_output={"decision": "approve", "confidence": 0.91},
+    context={
+        "credit_score": 580,
+        "debt_to_income": 0.52,
+        "employment_verified": False,
+    },
+    policy_set="lending_v1",
+)
+
+if result.blocked:
+    print(f"BLOCKED: {result.decision.action}")
+    print(f"Risk: {result.risk.score} ({result.risk.level})")
+    for v in result.policy_violations:
+        print(f"  - {v.policy_id}: {v.description}")
+    if result.liability_prevented:
+        print(f"Exposure prevented: {result.liability_prevented.estimated_exposure}")
+```
+
+## Core Methods
+
+### Decision Enforcement
+
+```python
+result = client.evaluate(
+    tenant_id="org_001",
+    proposed_action={"type": "loan_approval", "amount": 250000},
+    model_output={"decision": "approve", "confidence": 0.91},
+    context={"credit_score": 580, "debt_to_income": 0.52},
+    policy_set="lending_v1",
+)
+# result.decision.status: ALLOWED | BLOCKED | MODIFIED
+# result.risk.score: 0.0-1.0
+# result.policy_violations: list of violated rules
+# result.regulatory_impact: ECOA, TILA, etc.
+# result.counterfactual: what would have passed
+# result.liability_prevented: estimated exposure
+# result.audit: cryptographic audit trail
+```
+
+### AI Output Verification
+
+```python
+vr = client.verify(
+    ai_output="The capital of France is Paris.",
+    confidence=0.9,
+    domain="factual",
+)
+# vr.passed / vr.blocked
+# vr.crd — Confidence-Reality Divergence score
+# vr.veto.type — pass | soft_veto | hard_veto | charter
+# vr.evidence — step-by-step audit chain
+```
+
+### Audit & Compliance
+
+```python
+# Retrieve cryptographic proof of a governance decision
+proof = client.get_proof("proof_abc123")
+# proof.content_hash, proof.signature, proof.chain_position
+
+# Export decision history
+export = client.export_audit(since="2026-01-01T00:00:00Z", limit=100)
+for record in export.records:
+    print(f"{record.decision_type}: {record.decision}")
+
+# Verify hash chain integrity
+status = client.verify_chain()
+```
+
+## Configuration
+
+| Parameter | Default | Description |
+|-----------|---------|-------------|
+| `api_key` | *required* | EVE API key (`eve_sk_...`) |
+| `base_url` | `https://api.eveaicore.com` | API endpoint |
+| `timeout` | `30.0` | Request timeout (seconds) |
+| `max_retries` | `3` | Retry count for 5xx errors |
+| `raise_on_veto` | `False` | Raise `VetoError` on governance blocks |
+
+## Error Handling
+
+```python
+from eve_coreguard import CoreGuardClient, AuthError, RateLimitError, VetoError
+
+try:
+    result = client.evaluate(...)
+except AuthError:
+    print("Invalid API key")
+except RateLimitError as e:
+    print(f"Rate limited — retry in {e.retry_after}s")
+except VetoError as e:
+    print(f"Governance veto: {e.veto_type}")
+```
+
+## Response Metadata (subscription + rate limits)
+
+Every call captures the response's billing and rate-limit headers. Read them
+after a call (or after catching an error):
+
+```python
+result = client.evaluate(tenant_id="bank_001", ...)
+
+client.subscription_state    # 'active' | 'past_due' | 'restricted' | ...
+client.access_state          # 'full_access' | 'warning' | 'read_only' | ...
+client.quota_warning         # 'payment_past_due' when degraded-but-allowed, else None
+client.rate_limit_limit      # '330' | 'unlimited'
+client.rate_limit_remaining  # calls left in the current 60s window (int | None)
+client.retry_after           # seconds to wait after a 429 (int | None)
+```
+
+The decision endpoint is rate-limited per org by plan tier (Free 10/min,
+Pro 330/min, Team 1150/min, Enterprise/Sovereign unlimited). On exhaustion it
+returns `429` with `Retry-After`. See
+[Response-Header Contract](../../docs/sdk/RESPONSE_HEADER_CONTRACT.md).
+
+## Live Demo (Local)
+
+Run a full end-to-end enforcement decision in 3 steps:
+
+**Step 1: Start the server**
+
+```bash
+cd /path/to/EVE
+python -m uvicorn saas.app:app --port 8000
+```
+
+**Step 2: Install the SDK**
+
+```bash
+cd sdks/coreguard
+pip install -e .
+```
+
+**Step 3: Run the demo**
+
+```bash
+python run_demo.py
+```
+
+**Expected output:**
+
+```
+Decision:   BLOCKED
+Action:     deny_loan_approval
+Risk:       0.6284 (HIGH)
+Violations: 3
+  - CREDIT_SCORE_MIN: Credit score 580 is below the minimum threshold of 620
+  - DTI_LIMIT: Debt-to-income ratio 0.52 exceeds the maximum threshold of 0.45
+  - EMPLOYMENT_REQUIRED: Employment verification is missing or unverified
+Regulatory: 3 impact(s)
+  - ECOA [CRITICAL]: Potential discriminatory lending decision based on credit criteria
+  - ECOA [CRITICAL]: DTI threshold may disproportionately affect protected classes
+  - TILA [CRITICAL]: Incomplete underwriting verification
+Liability:  $125,000 - $625,000
+Audit:      audit_8e6db687d87d
+```
+
+## Requirements
+
+- Python 3.9+
+- Zero required dependencies (stdlib `urllib` only)
+- Optional: `aiohttp` for async support (`pip install eve-coreguard[async]`)
+
+## License
+
+Proprietary. See LICENSE for details.

eve_coreguard-0.1.1/eve_coreguard/__init__.py

@@ -0,0 +1,62 @@
+"""
+EVE CoreGuard SDK — AI Governance Enforcement in One API Call.
+
+Usage::
+
+    from eve_coreguard import CoreGuardClient
+
+    client = CoreGuardClient(api_key="eve_sk_...")
+
+    # Decision enforcement (pre-execution policy check)
+    result = client.evaluate(
+        request_id="req-001",
+        tenant_id="bank_001",
+        proposed_action={"type": "loan_approval", "amount": 250000},
+        model_output={"decision": "approve", "confidence": 0.91},
+        context={"credit_score": 580, "debt_to_income": 0.52},
+        policy_set="lending_v1",
+    )
+    if result.decision.status == "BLOCKED":
+        print(f"Blocked: {result.decision.action}")
+        print(f"Risk: {result.risk.score} ({result.risk.level})")
+
+    # AI output verification (8-stage governance pipeline)
+    vr = client.verify(ai_output="The capital of France is Paris.")
+    print(f"CRD: {vr.crd:.2f}, Blocked: {vr.blocked}")
+"""
+
+__version__ = "0.1.1"
+
+from eve_coreguard.client import CoreGuardClient
+from eve_coreguard.exceptions import (
+    AuthError,
+    CoreGuardError,
+    PaymentRequiredError,
+    PolicySetNotFoundError,
+    RateLimitError,
+    VetoError,
+)
+from eve_coreguard.models import (
+    AuditRecord,
+    EvaluationResult,
+    ProofBundle,
+    VerifyResult,
+)
+
+__all__ = [
+    "CoreGuardClient",
+    "CoreGuardError",
+    "AuthError",
+    "PaymentRequiredError",
+    "PolicySetNotFoundError",
+    "RateLimitError",
+    "VetoError",
+    "EvaluationResult",
+    "VerifyResult",
+    "AuditRecord",
+    "ProofBundle",
+    "verify_proof",
+]
+
+# Convenience alias at package level
+verify_proof = CoreGuardClient.verify_proof