PyPI - glacis - Versions diffs - 0.1.3__py3-none-any.whl → 0.2.0__py3-none-any.whl - Mend

glacis 0.1.3py3-none-any.whl → 0.2.0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (24) hide show

glacis/__init__.py +62 -1
glacis/__main__.py +1 -80
glacis/client.py +60 -31
glacis/config.py +141 -0
glacis/controls/__init__.py +232 -0
glacis/controls/base.py +104 -0
glacis/controls/jailbreak.py +224 -0
glacis/controls/pii.py +855 -0
glacis/crypto.py +70 -1
glacis/integrations/__init__.py +53 -3
glacis/integrations/anthropic.py +207 -142
glacis/integrations/base.py +476 -0
glacis/integrations/openai.py +156 -121
glacis/models.py +277 -24
glacis/storage.py +324 -8
glacis/verify.py +154 -0
glacis-0.2.0.dist-info/METADATA +275 -0
glacis-0.2.0.dist-info/RECORD +21 -0
glacis/wasm/s3p_core_wasi.wasm +0 -0
glacis/wasm_runtime.py +0 -533
glacis-0.1.3.dist-info/METADATA +0 -324
glacis-0.1.3.dist-info/RECORD +0 -16
{glacis-0.1.3.dist-info → glacis-0.2.0.dist-info}/WHEEL +0 -0
{glacis-0.1.3.dist-info → glacis-0.2.0.dist-info}/licenses/LICENSE +0 -0

glacis/crypto.py CHANGED Viewed

@@ -19,7 +19,8 @@ Example:
 import hashlib
 import json
-from typing import Any
+from base64 import b64encode
+from typing import Any, Optional
 def canonical_json(data: Any) -> str:
@@ -119,3 +120,71 @@ def hash_bytes(data: bytes) -> str:
         Hex-encoded SHA-256 hash (64 characters)
     """
     return hashlib.sha256(data).hexdigest()
+# =============================================================================
+# Ed25519 Signing (for offline attestations)
+# =============================================================================
+class CryptoError(Exception):
+    """Error from cryptographic operations."""
+    pass
+class Ed25519Runtime:
+    """
+    Ed25519 cryptographic runtime using PyNaCl (libsodium bindings).
+    Provides signing and verification for offline attestations.
+    """
+    def __init__(self) -> None:
+        try:
+            import nacl.signing
+            self._nacl_signing = nacl.signing
+        except ImportError:
+            raise CryptoError(
+                "PyNaCl not installed. Install with: pip install pynacl"
+            )
+    def get_public_key_hex(self, seed: bytes) -> str:
+        """Get hex-encoded public key from a 32-byte seed."""
+        if len(seed) != 32:
+            raise ValueError("Seed must be exactly 32 bytes")
+        signing_key = self._nacl_signing.SigningKey(seed)
+        return bytes(signing_key.verify_key).hex()
+    def sign(self, seed: bytes, message: bytes) -> bytes:
+        """Sign a message with Ed25519, returning 64-byte signature."""
+        if len(seed) != 32:
+            raise ValueError("Seed must be exactly 32 bytes")
+        signing_key = self._nacl_signing.SigningKey(seed)
+        signed = signing_key.sign(message)
+        return signed.signature
+    def sign_attestation_json(self, seed: bytes, attestation_json: str) -> str:
+        """Sign an attestation JSON and return SignedAttestation JSON."""
+        if len(seed) != 32:
+            raise ValueError("Seed must be exactly 32 bytes")
+        json_bytes = attestation_json.encode("utf-8")
+        signature = self.sign(seed, json_bytes)
+        signature_b64 = b64encode(signature).decode("ascii")
+        payload = json.loads(attestation_json)
+        return json.dumps({
+            "payload": payload,
+            "signature": signature_b64,
+        }, separators=(",", ":"))
+# Singleton instance
+_ed25519_runtime: Optional[Ed25519Runtime] = None
+def get_ed25519_runtime() -> Ed25519Runtime:
+    """Get the singleton Ed25519 runtime instance."""
+    global _ed25519_runtime
+    if _ed25519_runtime is None:
+        _ed25519_runtime = Ed25519Runtime()
+    return _ed25519_runtime

glacis/integrations/__init__.py CHANGED Viewed

@@ -1,12 +1,62 @@
 """
-GLACIS integrations for popular AI providers.
+GLACIS integrations for AI providers.
 These integrations provide drop-in wrappers that automatically attest
-all API calls to the GLACIS transparency log.
+all API calls to the GLACIS transparency log with optional PII/PHI redaction.
 Available integrations:
 - OpenAI: `from glacis.integrations.openai import attested_openai`
 - Anthropic: `from glacis.integrations.anthropic import attested_anthropic`
+Example (OpenAI):
+    >>> from glacis.integrations.openai import attested_openai, get_last_receipt
+    >>> client = attested_openai(
+    ...     openai_api_key="sk-xxx",
+    ...     offline=True,
+    ...     signing_seed=os.urandom(32),
+    ...     redaction="fast",  # Enable PII redaction
+    ... )
+    >>> response = client.chat.completions.create(
+    ...     model="gpt-4o",
+    ...     messages=[{"role": "user", "content": "Hello!"}]
+    ... )
+    >>> receipt = get_last_receipt()
+Example (Anthropic):
+    >>> from glacis.integrations.anthropic import attested_anthropic, get_last_receipt
+    >>> client = attested_anthropic(
+    ...     anthropic_api_key="sk-ant-xxx",
+    ...     offline=True,
+    ...     signing_seed=os.urandom(32),
+    ...     redaction="fast",
+    ... )
+    >>> response = client.messages.create(
+    ...     model="claude-3-5-sonnet-20241022",
+    ...     max_tokens=1024,
+    ...     messages=[{"role": "user", "content": "Hello!"}]
+    ... )
+Note: For Azure OpenAI, use the openai package with azure endpoint configuration.
 """
-__all__ = []
+from glacis.integrations.anthropic import attested_anthropic
+from glacis.integrations.base import (
+    GlacisBlockedError,
+    get_evidence,
+    get_last_receipt,
+)
+from glacis.integrations.openai import attested_openai
+# Backwards compatible aliases
+get_last_openai_receipt = get_last_receipt
+get_last_anthropic_receipt = get_last_receipt
+__all__ = [
+    "attested_openai",
+    "attested_anthropic",
+    "get_last_receipt",
+    "get_last_openai_receipt",
+    "get_last_anthropic_receipt",
+    "get_evidence",
+    "GlacisBlockedError",
+]

glacis/integrations/anthropic.py CHANGED Viewed

@@ -1,62 +1,82 @@
 """
 GLACIS integration for Anthropic.
-Provides an attested Anthropic client wrapper that automatically logs all
-messages to the GLACIS transparency log.
+Provides an attested Anthropic client wrapper that automatically:
+1. Runs enabled controls (PII/PHI redaction, jailbreak detection, etc.)
+2. Logs all completions to the GLACIS transparency log
+3. Creates control plane attestations
 Example:
-    >>> from glacis.integrations.anthropic import attested_anthropic
-    >>> client = attested_anthropic(glacis_api_key="glsk_live_xxx", anthropic_api_key="sk-xxx")
+    >>> from glacis.integrations.anthropic import attested_anthropic, get_last_receipt
+    >>> client = attested_anthropic(
+    ...     anthropic_api_key="sk-ant-xxx",
+    ...     offline=True,
+    ...     signing_seed=os.urandom(32),
+    ... )
     >>> response = client.messages.create(
-    ...     model="claude-3-opus-20240229",
+    ...     model="claude-3-5-sonnet-20241022",
+    ...     max_tokens=1024,
     ...     messages=[{"role": "user", "content": "Hello!"}]
     ... )
-    # Response is automatically attested to GLACIS
+    >>> receipt = get_last_receipt()
 """
-from typing import TYPE_CHECKING, Any, Optional
+from __future__ import annotations
+from typing import TYPE_CHECKING, Any, Literal, Optional, Union
+from glacis.integrations.base import (
+    GlacisBlockedError,
+    create_controls_runner,
+    create_glacis_client,
+    get_evidence,
+    get_last_receipt,
+    initialize_config,
+    set_last_receipt,
+    store_evidence,
+    suppress_noisy_loggers,
+)
 if TYPE_CHECKING:
     from anthropic import Anthropic
 def attested_anthropic(
-    glacis_api_key: str,
+    glacis_api_key: Optional[str] = None,
     anthropic_api_key: Optional[str] = None,
     glacis_base_url: str = "https://api.glacis.io",
     service_id: str = "anthropic",
     debug: bool = False,
+    offline: Optional[bool] = None,
+    signing_seed: Optional[bytes] = None,
+    redaction: Union[bool, Literal["fast", "full"], None] = None,
+    config: Optional[str] = None,
     **anthropic_kwargs: Any,
 ) -> "Anthropic":
     """
-    Create an attested Anthropic client.
-    All messages are automatically attested to the GLACIS transparency log.
-    The input (messages) and output (response) are hashed locally - the actual
-    content never leaves your infrastructure.
+    Create an attested Anthropic client with controls (PII redaction, jailbreak detection).
     Args:
-        glacis_api_key: GLACIS API key
+        glacis_api_key: GLACIS API key (required for online mode)
         anthropic_api_key: Anthropic API key (default: from ANTHROPIC_API_KEY env var)
         glacis_base_url: GLACIS API base URL
         service_id: Service identifier for attestations
         debug: Enable debug logging
+        offline: Enable offline mode (local signing, no server)
+        signing_seed: 32-byte Ed25519 signing seed (required for offline mode)
+        redaction: PII/PHI redaction mode - "fast", "full", True, False, or None
+        config: Path to glacis.yaml config file
         **anthropic_kwargs: Additional arguments passed to Anthropic client
     Returns:
         Wrapped Anthropic client
-    Example:
-        >>> client = attested_anthropic(
-        ...     glacis_api_key="glsk_live_xxx",
-        ...     anthropic_api_key="sk-xxx"
-        ... )
-        >>> response = client.messages.create(
-        ...     model="claude-3-opus-20240229",
-        ...     max_tokens=1024,
-        ...     messages=[{"role": "user", "content": "Hello!"}]
-        ... )
+    Raises:
+        GlacisBlockedError: If a control blocks the request
     """
+    # Suppress noisy loggers
+    suppress_noisy_loggers(["anthropic", "anthropic._base_client"])
     try:
         from anthropic import Anthropic
     except ImportError:
@@ -65,11 +85,24 @@ def attested_anthropic(
             "Install it with: pip install glacis[anthropic]"
         )
-    from glacis import Glacis
-    glacis = Glacis(
-        api_key=glacis_api_key,
-        base_url=glacis_base_url,
+    # Initialize config and determine modes
+    cfg, effective_offline, effective_service_id = initialize_config(
+        config_path=config,
+        redaction=redaction,
+        offline=offline,
+        glacis_api_key=glacis_api_key,
+        default_service_id="anthropic",
+        service_id=service_id,
+    )
+    # Create controls runner and Glacis client
+    controls_runner = create_controls_runner(cfg, debug)
+    glacis = create_glacis_client(
+        offline=effective_offline,
+        signing_seed=signing_seed,
+        glacis_api_key=glacis_api_key,
+        glacis_base_url=glacis_base_url,
         debug=debug,
     )
@@ -84,132 +117,157 @@ def attested_anthropic(
     original_create = client.messages.create
     def attested_create(*args: Any, **kwargs: Any) -> Any:
-        # Extract input
+        if kwargs.get("stream", False):
+            raise NotImplementedError(
+                "Streaming is not currently supported with attested_anthropic. "
+                "Use stream=False for now."
+            )
         messages = kwargs.get("messages", [])
         model = kwargs.get("model", "unknown")
         system = kwargs.get("system")
-        # Make the API call
-        response = original_create(*args, **kwargs)
-        # Attest the interaction
-        try:
-            input_data: dict[str, Any] = {
-                "model": model,
-                "messages": messages,
-            }
-            if system:
-                input_data["system"] = system
-            glacis.attest(
-                service_id=service_id,
-                operation_type="completion",
-                input=input_data,
-                output={
-                    "model": response.model,
-                    "content": [
-                        {
-                            "type": block.type,
-                            "text": getattr(block, "text", None),
-                        }
-                        for block in response.content
-                    ],
-                    "stop_reason": response.stop_reason,
-                    "usage": {
-                        "input_tokens": response.usage.input_tokens,
-                        "output_tokens": response.usage.output_tokens,
-                    },
-                },
-                metadata={"provider": "anthropic", "model": model},
+        # Run controls if enabled
+        if controls_runner:
+            from glacis.integrations.base import (
+                ControlResultsAccumulator,
+                create_control_plane_attestation_from_accumulator,
+                handle_blocked_request,
+                process_text_for_controls,
             )
-        except Exception as e:
-            if debug:
-                print(f"[glacis] Attestation failed: {e}")
-        return response
-    # Replace the create method
-    client.messages.create = attested_create  # type: ignore
-    return client
-def attested_async_anthropic(
-    glacis_api_key: str,
-    anthropic_api_key: Optional[str] = None,
-    glacis_base_url: str = "https://api.glacis.io",
-    service_id: str = "anthropic",
-    debug: bool = False,
-    **anthropic_kwargs: Any,
-) -> Any:
-    """
-    Create an attested async Anthropic client.
-    Same as `attested_anthropic` but for async usage.
+            accumulator = ControlResultsAccumulator()
+            # Process system prompt through controls
+            # (system prompt is always "new" in current context)
+            if system and isinstance(system, str):
+                final_system = process_text_for_controls(
+                    controls_runner, system, accumulator
+                )
+                kwargs["system"] = final_system
+            # Process messages with delta scanning (only scan last user message)
+            processed_messages = []
+            # Find the last user message index
+            last_user_idx = -1
+            for i, msg in enumerate(messages):
+                if isinstance(msg, dict) and msg.get("role") == "user":
+                    last_user_idx = i
+            for i, msg in enumerate(messages):
+                role = msg.get("role", "") if isinstance(msg, dict) else ""
+                # Only run controls on the LAST user message (the new one)
+                if role == "user" and i == last_user_idx:
+                    if isinstance(msg, dict) and isinstance(msg.get("content"), str):
+                        content = msg["content"]
+                        final_text = process_text_for_controls(
+                            controls_runner, content, accumulator
+                        )
+                        processed_messages.append({**msg, "content": final_text})
+                    elif isinstance(msg, dict) and isinstance(msg.get("content"), list):
+                        # Handle content blocks (text, image, etc.)
+                        redacted_content = []
+                        for block in msg["content"]:
+                            if isinstance(block, dict) and block.get("type") == "text":
+                                text = block.get("text", "")
+                                final_text = process_text_for_controls(
+                                    controls_runner, text, accumulator
+                                )
+                                redacted_content.append({**block, "text": final_text})
+                            else:
+                                redacted_content.append(block)
+                        processed_messages.append({**msg, "content": redacted_content})
+                    else:
+                        processed_messages.append(msg)
+                else:
+                    processed_messages.append(msg)
+            kwargs["messages"] = processed_messages
+            messages = processed_messages
-    Example:
-        >>> client = attested_async_anthropic(glacis_api_key="glsk_live_xxx")
-        >>> response = await client.messages.create(...)
-    """
-    try:
-        from anthropic import AsyncAnthropic
-    except ImportError:
-        raise ImportError(
-            "Anthropic integration requires the 'anthropic' package. "
-            "Install it with: pip install glacis[anthropic]"
-        )
-    from glacis import AsyncGlacis
-    glacis = AsyncGlacis(
-        api_key=glacis_api_key,
-        base_url=glacis_base_url,
-        debug=debug,
-    )
-    client_kwargs: dict[str, Any] = {**anthropic_kwargs}
-    if anthropic_api_key:
-        client_kwargs["api_key"] = anthropic_api_key
-    client = AsyncAnthropic(**client_kwargs)
-    original_create = client.messages.create
-    async def attested_create(*args: Any, **kwargs: Any) -> Any:
-        messages = kwargs.get("messages", [])
-        model = kwargs.get("model", "unknown")
-        system = kwargs.get("system")
+            if debug:
+                if accumulator.pii_summary:
+                    print(
+                        f"[glacis] PII redacted: {accumulator.pii_summary.categories} "
+                        f"({accumulator.pii_summary.count} items)"
+                    )
+                if accumulator.jailbreak_summary and accumulator.jailbreak_summary.detected:
+                    print(
+                        f"[glacis] Jailbreak detected: "
+                        f"score={accumulator.jailbreak_summary.score:.2f}, "
+                        f"action={accumulator.jailbreak_summary.action}"
+                    )
+            # Build control plane attestation
+            control_plane_results = create_control_plane_attestation_from_accumulator(
+                accumulator, cfg, model, "anthropic", "messages.create"
+            )
-        response = await original_create(*args, **kwargs)
+            # Check if we need to block BEFORE making the API call
+            if accumulator.should_block:
+                handle_blocked_request(
+                    glacis_client=glacis,
+                    service_id=effective_service_id,
+                    input_data={
+                        "model": model,
+                        "messages": messages,
+                        "system": kwargs.get("system")
+                    },
+                    control_plane_results=control_plane_results,
+                    provider="anthropic",
+                    model=model,
+                    jailbreak_score=accumulator.jailbreak_summary.score
+                    if accumulator.jailbreak_summary
+                    else 0.0,
+                    debug=debug,
+                )
+        else:
+            control_plane_results = None
+        # Make the API call (only if not blocked)
+        response = original_create(*args, **kwargs)
+        # Build input/output data
+        input_data: dict[str, Any] = {"model": model, "messages": messages}
+        if system:
+            input_data["system"] = kwargs.get("system", system)
+        output_data = {
+            "model": response.model,
+            "content": [
+                {"type": block.type, "text": getattr(block, "text", None)}
+                for block in response.content
+            ],
+            "stop_reason": response.stop_reason,
+            "usage": {
+                "input_tokens": response.usage.input_tokens,
+                "output_tokens": response.usage.output_tokens,
+            },
+        }
+        # Attest and store
         try:
-            input_data: dict[str, Any] = {
-                "model": model,
-                "messages": messages,
-            }
-            if system:
-                input_data["system"] = system
-            await glacis.attest(
-                service_id=service_id,
+            receipt = glacis.attest(
+                service_id=effective_service_id,
                 operation_type="completion",
                 input=input_data,
-                output={
-                    "model": response.model,
-                    "content": [
-                        {
-                            "type": block.type,
-                            "text": getattr(block, "text", None),
-                        }
-                        for block in response.content
-                    ],
-                    "stop_reason": response.stop_reason,
-                    "usage": {
-                        "input_tokens": response.usage.input_tokens,
-                        "output_tokens": response.usage.output_tokens,
-                    },
-                },
+                output=output_data,
+                metadata={"provider": "anthropic", "model": model},
+                control_plane_results=control_plane_results,
+            )
+            set_last_receipt(receipt)
+            store_evidence(
+                receipt=receipt,
+                service_id=effective_service_id,
+                operation_type="completion",
+                input_data=input_data,
+                output_data=output_data,
+                control_plane_results=control_plane_results,
                 metadata={"provider": "anthropic", "model": model},
+                debug=debug,
             )
         except Exception as e:
             if debug:
@@ -218,5 +276,12 @@ def attested_async_anthropic(
         return response
     client.messages.create = attested_create  # type: ignore
     return client
+__all__ = [
+    "attested_anthropic",
+    "get_last_receipt",
+    "get_evidence",
+    "GlacisBlockedError",
+]

glacis 0.1.3__py3-none-any.whl → 0.2.0__py3-none-any.whl

glacis 0.1.3py3-none-any.whl → 0.2.0py3-none-any.whl