fathom-rules 0.1.0__tar.gz

fathom_rules-0.1.0/.gitignore

@@ -0,0 +1,227 @@
+./specs/
+.claude
+.vscode
+.cursor
+.worktrees
+
+CLAUDE.md
+
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[codz]
+*$py.class
+
+# C extensions
+*.so
+
+# Distribution / packaging
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+share/python-wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+MANIFEST
+
+# PyInstaller
+#   Usually these files are written by a python script from a template
+#   before PyInstaller builds the exe, so as to inject date/other infos into it.
+*.manifest
+*.spec
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.nox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*.cover
+*.py.cover
+.hypothesis/
+.pytest_cache/
+cover/
+
+# Translations
+*.mo
+*.pot
+
+# Django stuff:
+*.log
+local_settings.py
+db.sqlite3
+db.sqlite3-journal
+
+# Flask stuff:
+instance/
+.webassets-cache
+
+# Scrapy stuff:
+.scrapy
+
+# Sphinx documentation
+docs/_build/
+
+# PyBuilder
+.pybuilder/
+target/
+
+# Jupyter Notebook
+.ipynb_checkpoints
+
+# IPython
+profile_default/
+ipython_config.py
+
+# pyenv
+#   For a library or package, you might want to ignore these files since the code is
+#   intended to run in multiple environments; otherwise, check them in:
+# .python-version
+
+# pipenv
+#   According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
+#   However, in case of collaboration, if having platform-specific dependencies or dependencies
+#   having no cross-platform support, pipenv may install dependencies that don't work, or not
+#   install all needed dependencies.
+# Pipfile.lock
+
+# UV
+#   Similar to Pipfile.lock, it is generally recommended to include uv.lock in version control.
+#   This is especially recommended for binary packages to ensure reproducibility, and is more
+#   commonly ignored for libraries.
+uv.lock
+
+# poetry
+#   Similar to Pipfile.lock, it is generally recommended to include poetry.lock in version control.
+#   This is especially recommended for binary packages to ensure reproducibility, and is more
+#   commonly ignored for libraries.
+#   https://python-poetry.org/docs/basic-usage/#commit-your-poetrylock-file-to-version-control
+# poetry.lock
+# poetry.toml
+
+# pdm
+#   Similar to Pipfile.lock, it is generally recommended to include pdm.lock in version control.
+#   pdm recommends including project-wide configuration in pdm.toml, but excluding .pdm-python.
+#   https://pdm-project.org/en/latest/usage/project/#working-with-version-control
+# pdm.lock
+# pdm.toml
+.pdm-python
+.pdm-build/
+
+# pixi
+#   Similar to Pipfile.lock, it is generally recommended to include pixi.lock in version control.
+# pixi.lock
+#   Pixi creates a virtual environment in the .pixi directory, just like venv module creates one
+#   in the .venv directory. It is recommended not to include this directory in version control.
+.pixi
+
+# PEP 582; used by e.g. github.com/David-OConnor/pyflow and github.com/pdm-project/pdm
+__pypackages__/
+
+# Celery stuff
+celerybeat-schedule
+celerybeat.pid
+
+# Redis
+*.rdb
+*.aof
+*.pid
+
+# RabbitMQ
+mnesia/
+rabbitmq/
+rabbitmq-data/
+
+# ActiveMQ
+activemq-data/
+
+# SageMath parsed files
+*.sage.py
+
+# Environments
+.env
+.envrc
+.venv
+env/
+venv/
+ENV/
+env.bak/
+venv.bak/
+
+# Spyder project settings
+.spyderproject
+.spyproject
+
+# Rope project settings
+.ropeproject
+
+# mkdocs documentation
+/site
+
+# mypy
+.mypy_cache/
+.dmypy.json
+dmypy.json
+
+# Pyre type checker
+.pyre/
+
+# pytype static type analyzer
+.pytype/
+
+# Cython debug symbols
+cython_debug/
+
+# PyCharm
+#   JetBrains specific template is maintained in a separate JetBrains.gitignore that can
+#   be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore
+#   and can be added to the global gitignore or merged into this file.  For a more nuclear
+#   option (not recommended) you can uncomment the following to ignore the entire idea folder.
+# .idea/
+
+# Abstra
+#   Abstra is an AI-powered process automation framework.
+#   Ignore directories containing user credentials, local state, and settings.
+#   Learn more at https://abstra.io/docs
+.abstra/
+
+# Visual Studio Code
+#   Visual Studio Code specific template is maintained in a separate VisualStudioCode.gitignore 
+#   that can be found at https://github.com/github/gitignore/blob/main/Global/VisualStudioCode.gitignore
+#   and can be added to the global gitignore or merged into this file. However, if you prefer, 
+#   you could uncomment the following to ignore the entire vscode folder
+# .vscode/
+
+# Ruff stuff:
+.ruff_cache/
+
+# PyPI configuration file
+.pypirc
+
+# Marimo
+marimo/_static/
+marimo/_lsp/
+__marimo__/
+
+# Streamlit
+.streamlit/secrets.toml
+specs/.current-spec
+specs/phase-1/.tasks.lock
+**/.progress.md

fathom_rules-0.1.0/.python-version

@@ -0,0 +1 @@
+3.14

fathom_rules-0.1.0/Dockerfile

@@ -0,0 +1,33 @@
+# Debian-based image — CLIPS (clipspy) requires glibc, Alpine won't work
+FROM python:3.14-slim-bookworm
+
+# Install system deps for building clipspy
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    gcc \
+    && rm -rf /var/lib/apt/lists/*
+
+# Install uv
+COPY --from=ghcr.io/astral-sh/uv:latest /uv /uvx /bin/
+
+# Create non-root user
+RUN useradd --create-home --shell /bin/bash fathom
+USER fathom
+WORKDIR /home/fathom/app
+
+# Copy project files
+COPY --chown=fathom:fathom pyproject.toml uv.lock ./
+COPY --chown=fathom:fathom src/ ./src/
+
+# Install with server extras (no dev dependencies)
+RUN uv sync --extra server --no-dev
+
+# Create mount point for rules
+RUN mkdir -p /rules
+VOLUME ["/rules"]
+
+# Configurable port
+ENV PORT=8080
+EXPOSE ${PORT}
+
+# Run the REST server
+CMD ["uv", "run", "uvicorn", "fathom.integrations.rest:app", "--host", "0.0.0.0", "--port", "8080"]

fathom_rules-0.1.0/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 Kraken Networks
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

fathom_rules-0.1.0/PKG-INFO

@@ -0,0 +1,195 @@
+Metadata-Version: 2.4
+Name: fathom-rules
+Version: 0.1.0
+Summary: Deterministic reasoning runtime for AI agents, built on CLIPS via clipspy
+Project-URL: Homepage, https://github.com/kraken-networks/fathom
+Project-URL: Repository, https://github.com/kraken-networks/fathom
+License-Expression: MIT
+License-File: LICENSE
+Classifier: Development Status :: 3 - Alpha
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Programming Language :: Python :: 3
+Classifier: Topic :: Scientific/Engineering :: Artificial Intelligence
+Requires-Python: >=3.14
+Requires-Dist: clipspy<1.1,>=1.0.6
+Requires-Dist: pydantic>=2.0
+Requires-Dist: pyyaml>=6.0
+Provides-Extra: all
+Requires-Dist: asyncpg; extra == 'all'
+Requires-Dist: cryptography>=42.0; extra == 'all'
+Requires-Dist: fastapi>=0.100; extra == 'all'
+Requires-Dist: grpcio-tools; extra == 'all'
+Requires-Dist: grpcio>=1.60; extra == 'all'
+Requires-Dist: langchain-core>=0.2; extra == 'all'
+Requires-Dist: mcp>=1.0; extra == 'all'
+Requires-Dist: prometheus-client; extra == 'all'
+Requires-Dist: prometheus-fastapi-instrumentator; extra == 'all'
+Requires-Dist: pyjwt[crypto]>=2.8; extra == 'all'
+Requires-Dist: redis[hiredis]; extra == 'all'
+Requires-Dist: rich>=13; extra == 'all'
+Requires-Dist: typer[all]>=0.12; extra == 'all'
+Requires-Dist: uvicorn>=0.20; extra == 'all'
+Provides-Extra: attestation
+Requires-Dist: cryptography>=42.0; extra == 'attestation'
+Requires-Dist: pyjwt[crypto]>=2.8; extra == 'attestation'
+Provides-Extra: cli
+Requires-Dist: rich>=13; extra == 'cli'
+Requires-Dist: typer[all]>=0.12; extra == 'cli'
+Provides-Extra: fleet
+Requires-Dist: redis[hiredis]; extra == 'fleet'
+Provides-Extra: fleet-pg
+Requires-Dist: asyncpg; extra == 'fleet-pg'
+Provides-Extra: grpc
+Requires-Dist: grpcio-tools; extra == 'grpc'
+Requires-Dist: grpcio>=1.60; extra == 'grpc'
+Provides-Extra: langchain
+Requires-Dist: langchain-core>=0.2; extra == 'langchain'
+Provides-Extra: mcp
+Requires-Dist: mcp>=1.0; extra == 'mcp'
+Provides-Extra: metrics
+Requires-Dist: prometheus-client; extra == 'metrics'
+Requires-Dist: prometheus-fastapi-instrumentator; extra == 'metrics'
+Provides-Extra: server
+Requires-Dist: fastapi>=0.100; extra == 'server'
+Requires-Dist: uvicorn>=0.20; extra == 'server'
+Description-Content-Type: text/markdown
+
+# Fathom
+
+> A modern Python-first expert system runtime built on CLIPS. Define rules in YAML. Evaluate in microseconds. Zero hallucinations.
+
+**Status:** Design Draft
+**License:** MIT
+**Language:** Python 3.14+
+**Package Manager:** uv
+
+---
+
+## Why Fathom?
+
+Every AI agent framework lets agents decide what to do by guessing. For most tasks, that's fine.
+
+For some tasks, guessing is unacceptable:
+
+- **Policy enforcement** — "Is this agent allowed to do this?" can't be a maybe.
+- **Data routing** — "Which databases should this query hit?" can't hallucinate a source.
+- **Compliance** — "Did this fleet operate within NIST 800-53 controls?" needs a provable answer.
+- **Classification** — "What clearance level does this data require?" is not a prompt engineering problem.
+
+Fathom provides **deterministic, explainable, auditable reasoning** using CLIPS — a battle-tested expert system — wrapped in a modern Python library with YAML-first rule authoring.
+
+## Quick Start
+
+```bash
+uv add fathom-rules
+```
+
+```python
+from fathom import Engine
+
+engine = Engine()
+engine.load_templates("templates/")
+engine.load_rules("rules/")
+
+engine.assert_fact("agent", {
+    "id": "agent-alpha",
+    "clearance": "secret",
+    "purpose": "threat-analysis",
+    "session_id": "sess-001"
+})
+
+engine.assert_fact("data_request", {
+    "agent_id": "agent-alpha",
+    "target": "hr_records",
+    "classification": "top-secret",
+    "action": "read"
+})
+
+result = engine.evaluate()
+print(result.decision)   # "deny"
+print(result.reason)     # "Agent clearance 'secret' insufficient for 'top-secret' data"
+print(result.duration_us)  # 47
+```
+
+## Core Primitives
+
+| Primitive | Purpose | CLIPS Construct |
+|-----------|---------|-----------------|
+| **Templates** | Define fact schemas with typed slots | `deftemplate` |
+| **Facts** | Typed instances asserted into working memory | working memory |
+| **Rules** | Pattern-matching logic with conditions and actions | `defrule` |
+| **Modules** | Namespace rules with controlled execution order | `defmodule` |
+| **Functions** | Reusable logic for conditions and actions | `deffunction` |
+
+## Key Differentiator: Working Memory
+
+Unlike stateless policy engines (OPA, Cedar), Fathom maintains working memory across evaluations within a session:
+
+- **Cumulative reasoning** — "This agent accessed PII from 3 sources — deny the 4th."
+- **Temporal patterns** — "Denial rate spiked 400% in 10 minutes — escalate."
+- **Cross-fact inference** — "Agent A passed data to Agent B, who is requesting external access — violation."
+
+## Integration
+
+**As a library:**
+```python
+from fathom import Engine
+engine = Engine.from_rules("rules/")
+result = engine.evaluate()
+```
+
+**As a sidecar:**
+```bash
+docker run -p 8080:8080 -v ./rules:/rules kraken/fathom:latest
+curl -X POST localhost:8080/v1/evaluate -d '{"facts": [...], "ruleset": "access-control"}'
+```
+
+**As an MCP tool:**
+```python
+from fathom.integrations.mcp import FathomMCPServer
+server = FathomMCPServer(engine)
+server.serve()
+```
+
+## Rule Packs
+
+Pre-built rule collections (planned):
+
+- `fathom-owasp-agentic` — OWASP Agentic Top 10 mitigations
+- `fathom-nist-800-53` — Access control, audit, information flow
+- `fathom-hipaa` — PHI handling, minimum necessary, breach triggers
+- `fathom-cmmc` — CMMC Level 2+ controls
+
+## Performance Targets
+
+| Operation | Target |
+|-----------|--------|
+| Single rule evaluation | < 100µs |
+| 100-rule evaluation | < 500µs |
+| Fact assertion | < 10µs |
+| YAML compilation | < 50ms |
+
+## Related Projects
+
+- **Bosun** — Agent governance built on Fathom (fleet analysis, compliance attestation)
+- **Nautilus** — Intelligent data broker built on Fathom (multi-source routing, classification-aware scoping)
+
+## Development
+
+```bash
+git clone <repo-url>
+cd fathom
+uv sync
+uv run pytest
+```
+
+See [design.md](design.md) for the full specification and roadmap.
+
+## License
+
+MIT — see [LICENSE](LICENSE) for details.
+
+---
+
+Maintained by [Kraken Networks](https://github.com/kraken-networks)

fathom_rules-0.1.0/README.md

@@ -0,0 +1,138 @@
+# Fathom
+
+> A modern Python-first expert system runtime built on CLIPS. Define rules in YAML. Evaluate in microseconds. Zero hallucinations.
+
+**Status:** Design Draft
+**License:** MIT
+**Language:** Python 3.14+
+**Package Manager:** uv
+
+---
+
+## Why Fathom?
+
+Every AI agent framework lets agents decide what to do by guessing. For most tasks, that's fine.
+
+For some tasks, guessing is unacceptable:
+
+- **Policy enforcement** — "Is this agent allowed to do this?" can't be a maybe.
+- **Data routing** — "Which databases should this query hit?" can't hallucinate a source.
+- **Compliance** — "Did this fleet operate within NIST 800-53 controls?" needs a provable answer.
+- **Classification** — "What clearance level does this data require?" is not a prompt engineering problem.
+
+Fathom provides **deterministic, explainable, auditable reasoning** using CLIPS — a battle-tested expert system — wrapped in a modern Python library with YAML-first rule authoring.
+
+## Quick Start
+
+```bash
+uv add fathom-rules
+```
+
+```python
+from fathom import Engine
+
+engine = Engine()
+engine.load_templates("templates/")
+engine.load_rules("rules/")
+
+engine.assert_fact("agent", {
+    "id": "agent-alpha",
+    "clearance": "secret",
+    "purpose": "threat-analysis",
+    "session_id": "sess-001"
+})
+
+engine.assert_fact("data_request", {
+    "agent_id": "agent-alpha",
+    "target": "hr_records",
+    "classification": "top-secret",
+    "action": "read"
+})
+
+result = engine.evaluate()
+print(result.decision)   # "deny"
+print(result.reason)     # "Agent clearance 'secret' insufficient for 'top-secret' data"
+print(result.duration_us)  # 47
+```
+
+## Core Primitives
+
+| Primitive | Purpose | CLIPS Construct |
+|-----------|---------|-----------------|
+| **Templates** | Define fact schemas with typed slots | `deftemplate` |
+| **Facts** | Typed instances asserted into working memory | working memory |
+| **Rules** | Pattern-matching logic with conditions and actions | `defrule` |
+| **Modules** | Namespace rules with controlled execution order | `defmodule` |
+| **Functions** | Reusable logic for conditions and actions | `deffunction` |
+
+## Key Differentiator: Working Memory
+
+Unlike stateless policy engines (OPA, Cedar), Fathom maintains working memory across evaluations within a session:
+
+- **Cumulative reasoning** — "This agent accessed PII from 3 sources — deny the 4th."
+- **Temporal patterns** — "Denial rate spiked 400% in 10 minutes — escalate."
+- **Cross-fact inference** — "Agent A passed data to Agent B, who is requesting external access — violation."
+
+## Integration
+
+**As a library:**
+```python
+from fathom import Engine
+engine = Engine.from_rules("rules/")
+result = engine.evaluate()
+```
+
+**As a sidecar:**
+```bash
+docker run -p 8080:8080 -v ./rules:/rules kraken/fathom:latest
+curl -X POST localhost:8080/v1/evaluate -d '{"facts": [...], "ruleset": "access-control"}'
+```
+
+**As an MCP tool:**
+```python
+from fathom.integrations.mcp import FathomMCPServer
+server = FathomMCPServer(engine)
+server.serve()
+```
+
+## Rule Packs
+
+Pre-built rule collections (planned):
+
+- `fathom-owasp-agentic` — OWASP Agentic Top 10 mitigations
+- `fathom-nist-800-53` — Access control, audit, information flow
+- `fathom-hipaa` — PHI handling, minimum necessary, breach triggers
+- `fathom-cmmc` — CMMC Level 2+ controls
+
+## Performance Targets
+
+| Operation | Target |
+|-----------|--------|
+| Single rule evaluation | < 100µs |
+| 100-rule evaluation | < 500µs |
+| Fact assertion | < 10µs |
+| YAML compilation | < 50ms |
+
+## Related Projects
+
+- **Bosun** — Agent governance built on Fathom (fleet analysis, compliance attestation)
+- **Nautilus** — Intelligent data broker built on Fathom (multi-source routing, classification-aware scoping)
+
+## Development
+
+```bash
+git clone <repo-url>
+cd fathom
+uv sync
+uv run pytest
+```
+
+See [design.md](design.md) for the full specification and roadmap.
+
+## License
+
+MIT — see [LICENSE](LICENSE) for details.
+
+---
+
+Maintained by [Kraken Networks](https://github.com/kraken-networks)