PyPI - glacis - Versions diffs - 0.1.3__py3-none-any.whl → 0.2.0__py3-none-any.whl - Mend

glacis 0.1.3py3-none-any.whl → 0.2.0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (24) hide show

glacis/__init__.py +62 -1
glacis/__main__.py +1 -80
glacis/client.py +60 -31
glacis/config.py +141 -0
glacis/controls/__init__.py +232 -0
glacis/controls/base.py +104 -0
glacis/controls/jailbreak.py +224 -0
glacis/controls/pii.py +855 -0
glacis/crypto.py +70 -1
glacis/integrations/__init__.py +53 -3
glacis/integrations/anthropic.py +207 -142
glacis/integrations/base.py +476 -0
glacis/integrations/openai.py +156 -121
glacis/models.py +277 -24
glacis/storage.py +324 -8
glacis/verify.py +154 -0
glacis-0.2.0.dist-info/METADATA +275 -0
glacis-0.2.0.dist-info/RECORD +21 -0
glacis/wasm/s3p_core_wasi.wasm +0 -0
glacis/wasm_runtime.py +0 -533
glacis-0.1.3.dist-info/METADATA +0 -324
glacis-0.1.3.dist-info/RECORD +0 -16
{glacis-0.1.3.dist-info → glacis-0.2.0.dist-info}/WHEEL +0 -0
{glacis-0.1.3.dist-info → glacis-0.2.0.dist-info}/licenses/LICENSE +0 -0

glacis/storage.py CHANGED Viewed

@@ -1,8 +1,11 @@
 """
-SQLite storage for offline receipts.
+SQLite storage for attestation receipts and evidence.
-Stores local attestation receipts in ~/.glacis/receipts.db for persistence
-and later verification.
+Stores local attestation receipts and full evidence in ~/.glacis/glacis.db
+for persistence, audit trails, and later verification.
+Evidence (input, output, control_plane_results) is stored locally for zero-egress
+compliance - only hashes are sent to the GLACIS server.
 """
 from __future__ import annotations
@@ -14,11 +17,11 @@ from pathlib import Path
 from typing import TYPE_CHECKING, Any, Optional
 if TYPE_CHECKING:
-    from glacis.models import OfflineAttestReceipt
+    from glacis.models import ControlPlaneAttestation, OfflineAttestReceipt
-DEFAULT_DB_PATH = Path.home() / ".glacis" / "receipts.db"
+DEFAULT_DB_PATH = Path.home() / ".glacis" / "glacis.db"
-SCHEMA_VERSION = 1
+SCHEMA_VERSION = 2
 SCHEMA = """
 CREATE TABLE IF NOT EXISTS offline_receipts (
@@ -40,11 +43,57 @@ CREATE INDEX IF NOT EXISTS idx_timestamp ON offline_receipts(timestamp);
 CREATE INDEX IF NOT EXISTS idx_payload_hash ON offline_receipts(payload_hash);
 CREATE INDEX IF NOT EXISTS idx_created_at ON offline_receipts(created_at);
+-- Evidence table for full audit trail (both online and offline modes)
+CREATE TABLE IF NOT EXISTS evidence (
+    id INTEGER PRIMARY KEY AUTOINCREMENT,
+    attestation_id TEXT NOT NULL,
+    attestation_hash TEXT NOT NULL,
+    mode TEXT NOT NULL,  -- 'online' or 'offline'
+    service_id TEXT NOT NULL,
+    operation_type TEXT NOT NULL,
+    timestamp TEXT NOT NULL,
+    created_at TEXT NOT NULL,
+    input_json TEXT NOT NULL,
+    output_json TEXT NOT NULL,
+    control_plane_json TEXT,
+    metadata_json TEXT,
+    UNIQUE(attestation_id)
+);
+CREATE INDEX IF NOT EXISTS idx_evidence_attestation_id ON evidence(attestation_id);
+CREATE INDEX IF NOT EXISTS idx_evidence_attestation_hash ON evidence(attestation_hash);
+CREATE INDEX IF NOT EXISTS idx_evidence_service_id ON evidence(service_id);
+CREATE INDEX IF NOT EXISTS idx_evidence_timestamp ON evidence(timestamp);
 CREATE TABLE IF NOT EXISTS schema_version (
     version INTEGER PRIMARY KEY
 );
 """
+# Migration from v1 to v2: Add evidence table
+MIGRATION_V1_TO_V2 = """
+CREATE TABLE IF NOT EXISTS evidence (
+    id INTEGER PRIMARY KEY AUTOINCREMENT,
+    attestation_id TEXT NOT NULL,
+    attestation_hash TEXT NOT NULL,
+    mode TEXT NOT NULL,
+    service_id TEXT NOT NULL,
+    operation_type TEXT NOT NULL,
+    timestamp TEXT NOT NULL,
+    created_at TEXT NOT NULL,
+    input_json TEXT NOT NULL,
+    output_json TEXT NOT NULL,
+    control_plane_json TEXT,
+    metadata_json TEXT,
+    UNIQUE(attestation_id)
+);
+CREATE INDEX IF NOT EXISTS idx_evidence_attestation_id ON evidence(attestation_id);
+CREATE INDEX IF NOT EXISTS idx_evidence_attestation_hash ON evidence(attestation_hash);
+CREATE INDEX IF NOT EXISTS idx_evidence_service_id ON evidence(service_id);
+CREATE INDEX IF NOT EXISTS idx_evidence_timestamp ON evidence(timestamp);
+"""
 class ReceiptStorage:
     """
@@ -67,7 +116,10 @@ class ReceiptStorage:
     def _get_connection(self) -> sqlite3.Connection:
         """Get or create database connection."""
         if self._conn is None:
-            self._conn = sqlite3.connect(str(self.db_path))
+            # check_same_thread=False allows the connection to be used across threads
+            # This is safe because we're only doing simple CRUD operations
+            # and SQLite handles locking internally
+            self._conn = sqlite3.connect(str(self.db_path), check_same_thread=False)
             self._conn.row_factory = sqlite3.Row
             self._init_schema()
         return self._conn
@@ -102,12 +154,16 @@ class ReceiptStorage:
     def _run_migrations(self, from_version: int) -> None:
         """Run schema migrations."""
-        # No migrations needed yet since this is v1
         conn = self._conn
         if conn is None:
             return
         cursor = conn.cursor()
+        # Migration from v1 to v2: Add evidence table
+        if from_version < 2:
+            cursor.executescript(MIGRATION_V1_TO_V2)
         cursor.execute(
             "INSERT OR REPLACE INTO schema_version (version) VALUES (?)",
             (SCHEMA_VERSION,),
@@ -334,3 +390,263 @@ class ReceiptStorage:
     ) -> None:
         """Context manager exit."""
         self.close()
+    # =========================================================================
+    # Evidence Storage (for full audit trail)
+    # =========================================================================
+    def store_evidence(
+        self,
+        attestation_id: str,
+        attestation_hash: str,
+        mode: str,
+        service_id: str,
+        operation_type: str,
+        timestamp: str,
+        input_data: Any,
+        output_data: Any,
+        control_plane_results: Optional["ControlPlaneAttestation"] = None,
+        metadata: Optional[dict[str, Any]] = None,
+    ) -> None:
+        """
+        Store full evidence for an attestation.
+        This stores the complete input, output, and control plane results locally
+        for audit trails and dispute resolution. Only the hash was sent to GLACIS.
+        Args:
+            attestation_id: The attestation ID (att_xxx or oatt_xxx)
+            attestation_hash: The hash that was attested (payload_hash)
+            mode: 'online' or 'offline'
+            service_id: Service identifier
+            operation_type: Type of operation
+            timestamp: ISO 8601 timestamp
+            input_data: Full input data (will be JSON serialized)
+            output_data: Full output data (will be JSON serialized)
+            control_plane_results: Optional control plane attestation
+            metadata: Optional metadata dict
+        """
+        conn = self._get_connection()
+        cursor = conn.cursor()
+        control_plane_json = None
+        if control_plane_results:
+            control_plane_json = json.dumps(
+                control_plane_results.model_dump(by_alias=True)
+            )
+        cursor.execute(
+            """
+            INSERT OR REPLACE INTO evidence
+            (attestation_id, attestation_hash, mode, service_id, operation_type,
+             timestamp, created_at, input_json, output_json, control_plane_json, metadata_json)
+            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+            """,
+            (
+                attestation_id,
+                attestation_hash,
+                mode,
+                service_id,
+                operation_type,
+                timestamp,
+                datetime.utcnow().isoformat() + "Z",
+                json.dumps(input_data),
+                json.dumps(output_data),
+                control_plane_json,
+                json.dumps(metadata) if metadata else None,
+            ),
+        )
+        conn.commit()
+    def get_evidence(self, attestation_id: str) -> Optional[dict[str, Any]]:
+        """
+        Retrieve full evidence by attestation ID.
+        Args:
+            attestation_id: The attestation ID (att_xxx or oatt_xxx)
+        Returns:
+            Dict with input, output, control_plane_results, and metadata,
+            or None if not found
+        """
+        conn = self._get_connection()
+        cursor = conn.cursor()
+        cursor.execute(
+            "SELECT * FROM evidence WHERE attestation_id = ?",
+            (attestation_id,),
+        )
+        row = cursor.fetchone()
+        if row is None:
+            return None
+        result: dict[str, Any] = {
+            "attestation_id": row["attestation_id"],
+            "attestation_hash": row["attestation_hash"],
+            "mode": row["mode"],
+            "service_id": row["service_id"],
+            "operation_type": row["operation_type"],
+            "timestamp": row["timestamp"],
+            "created_at": row["created_at"],
+            "input": json.loads(row["input_json"]),
+            "output": json.loads(row["output_json"]),
+            "control_plane_results": (
+                json.loads(row["control_plane_json"])
+                if row["control_plane_json"]
+                else None
+            ),
+            "metadata": (
+                json.loads(row["metadata_json"]) if row["metadata_json"] else None
+            ),
+        }
+        return result
+    def get_evidence_by_hash(self, attestation_hash: str) -> Optional[dict[str, Any]]:
+        """
+        Retrieve full evidence by attestation hash.
+        Useful for verifying that stored evidence matches the attested hash.
+        Args:
+            attestation_hash: The payload hash that was attested
+        Returns:
+            Dict with input, output, control_plane_results, and metadata,
+            or None if not found
+        """
+        conn = self._get_connection()
+        cursor = conn.cursor()
+        cursor.execute(
+            "SELECT * FROM evidence WHERE attestation_hash = ?",
+            (attestation_hash,),
+        )
+        row = cursor.fetchone()
+        if row is None:
+            return None
+        result: dict[str, Any] = {
+            "attestation_id": row["attestation_id"],
+            "attestation_hash": row["attestation_hash"],
+            "mode": row["mode"],
+            "service_id": row["service_id"],
+            "operation_type": row["operation_type"],
+            "timestamp": row["timestamp"],
+            "created_at": row["created_at"],
+            "input": json.loads(row["input_json"]),
+            "output": json.loads(row["output_json"]),
+            "control_plane_results": (
+                json.loads(row["control_plane_json"])
+                if row["control_plane_json"]
+                else None
+            ),
+            "metadata": (
+                json.loads(row["metadata_json"]) if row["metadata_json"] else None
+            ),
+        }
+        return result
+    def query_evidence(
+        self,
+        service_id: Optional[str] = None,
+        mode: Optional[str] = None,
+        start: Optional[str] = None,
+        end: Optional[str] = None,
+        limit: int = 50,
+    ) -> list[dict[str, Any]]:
+        """
+        Query evidence with optional filters.
+        Args:
+            service_id: Filter by service ID
+            mode: Filter by mode ('online' or 'offline')
+            start: Filter by timestamp >= start (ISO 8601)
+            end: Filter by timestamp <= end (ISO 8601)
+            limit: Maximum number of results (default 50)
+        Returns:
+            List of evidence records
+        """
+        conn = self._get_connection()
+        cursor = conn.cursor()
+        query = "SELECT * FROM evidence WHERE 1=1"
+        params: list[Any] = []
+        if service_id:
+            query += " AND service_id = ?"
+            params.append(service_id)
+        if mode:
+            query += " AND mode = ?"
+            params.append(mode)
+        if start:
+            query += " AND timestamp >= ?"
+            params.append(start)
+        if end:
+            query += " AND timestamp <= ?"
+            params.append(end)
+        query += " ORDER BY created_at DESC LIMIT ?"
+        params.append(limit)
+        cursor.execute(query, params)
+        rows = cursor.fetchall()
+        results = []
+        for row in rows:
+            results.append({
+                "attestation_id": row["attestation_id"],
+                "attestation_hash": row["attestation_hash"],
+                "mode": row["mode"],
+                "service_id": row["service_id"],
+                "operation_type": row["operation_type"],
+                "timestamp": row["timestamp"],
+                "created_at": row["created_at"],
+                "input": json.loads(row["input_json"]),
+                "output": json.loads(row["output_json"]),
+                "control_plane_results": (
+                    json.loads(row["control_plane_json"])
+                    if row["control_plane_json"]
+                    else None
+                ),
+                "metadata": (
+                    json.loads(row["metadata_json"]) if row["metadata_json"] else None
+                ),
+            })
+        return results
+    def count_evidence(
+        self, service_id: Optional[str] = None, mode: Optional[str] = None
+    ) -> int:
+        """
+        Count evidence records.
+        Args:
+            service_id: Optional service ID filter
+            mode: Optional mode filter ('online' or 'offline')
+        Returns:
+            Number of matching evidence records
+        """
+        conn = self._get_connection()
+        cursor = conn.cursor()
+        query = "SELECT COUNT(*) FROM evidence WHERE 1=1"
+        params: list[Any] = []
+        if service_id:
+            query += " AND service_id = ?"
+            params.append(service_id)
+        if mode:
+            query += " AND mode = ?"
+            params.append(mode)
+        cursor.execute(query, params)
+        row = cursor.fetchone()
+        return row[0] if row else 0
+    # NOTE: Evidence is intentionally append-only (no delete method).
+    # For a compliant audit trail, evidence must be immutable.
+    # Evidence deletion should only happen through:
+    # 1. Data retention policies (automated, time-based)
+    # 2. Explicit admin/compliance operations
+    # 3. Legal requirements (GDPR right to be forgotten)
+    # These operations should be logged and audited separately.

glacis/verify.py ADDED Viewed

@@ -0,0 +1,154 @@
+"""
+Glacis CLI - Receipt Verification
+Usage:
+    python -m glacis verify <receipt.json>
+    python -m glacis verify <receipt.json> --base-url https://api.glacis.io
+"""
+import argparse
+import json
+import sys
+from pathlib import Path
+from typing import Any, Union
+import httpx
+from glacis.models import (
+    AttestReceipt,
+    OfflineAttestReceipt,
+    OfflineVerifyResult,
+    VerifyResult,
+)
+DEFAULT_BASE_URL = "https://api.glacis.io"
+def verify_online(attestation_hash: str, base_url: str) -> VerifyResult:
+    """Verify an online attestation via direct HTTP call."""
+    url = f"{base_url}/v1/verify/{attestation_hash}"
+    try:
+        response = httpx.get(url, timeout=30.0)
+        response.raise_for_status()
+        return VerifyResult.model_validate(response.json())
+    except httpx.HTTPStatusError as e:
+        return VerifyResult(
+            valid=False,
+            error=f"HTTP {e.response.status_code}: {e.response.text}",
+        )
+    except httpx.RequestError as e:
+        return VerifyResult(
+            valid=False,
+            error=f"Request failed: {e}",
+        )
+def verify_offline(receipt: OfflineAttestReceipt) -> OfflineVerifyResult:
+    """
+    Verify an offline attestation.
+    Note: Full cryptographic signature verification of offline receipts requires
+    the original signing seed or the complete signed payload (which includes
+    a timestamp). Without these, we validate the receipt structure and format.
+    For full cryptographic verification, use the Glacis client with the
+    original signing_seed that created the receipt.
+    """
+    try:
+        # Validate receipt structure and format
+        valid = (
+            receipt.attestation_id.startswith("oatt_")
+            and len(receipt.payload_hash) == 64
+            and len(receipt.public_key) == 64
+            and len(receipt.signature) > 0
+            and receipt.witness_status == "UNVERIFIED"
+        )
+        return OfflineVerifyResult(
+            valid=valid,
+            witness_status="UNVERIFIED",
+            signature_valid=valid,  # Structure valid (not full crypto verification)
+            attestation=receipt,
+        )
+    except Exception as e:
+        return OfflineVerifyResult(
+            valid=False,
+            witness_status="UNVERIFIED",
+            signature_valid=False,
+            attestation=receipt,
+            error=str(e),
+        )
+def verify_command(args: argparse.Namespace) -> None:
+    """Verify a receipt file."""
+    receipt_path = Path(args.receipt)
+    if not receipt_path.exists():
+        print(f"Error: File not found: {receipt_path}", file=sys.stderr)
+        sys.exit(1)
+    try:
+        with open(receipt_path) as f:
+            data: dict[str, Any] = json.load(f)
+    except json.JSONDecodeError as e:
+        print(f"Error: Invalid JSON: {e}", file=sys.stderr)
+        sys.exit(1)
+    # Determine receipt type and verify
+    receipt: Union[AttestReceipt, OfflineAttestReceipt]
+    result: Union[VerifyResult, OfflineVerifyResult]
+    # Check for offline receipt - supports both camelCase and snake_case
+    att_id = data.get("attestationId") or data.get("attestation_id") or ""
+    if att_id.startswith("oatt_"):
+        receipt = OfflineAttestReceipt(**data)
+        result = verify_offline(receipt)
+    else:
+        receipt = AttestReceipt(**data)
+        result = verify_online(receipt.attestation_hash, args.base_url)
+    # Output
+    print(f"Receipt: {receipt.attestation_id}")
+    print(f"Type: {'Offline' if isinstance(receipt, OfflineAttestReceipt) else 'Online'}")
+    print()
+    if result.valid:
+        print("Status: VALID")
+        if isinstance(result, OfflineVerifyResult):
+            sig_valid = result.signature_valid
+        else:
+            sig_valid = result.verification.signature_valid if result.verification else False
+        print(f"  Signature: {'PASS' if sig_valid else 'FAIL'}")
+        if isinstance(result, VerifyResult) and result.verification:
+            print(f"  Merkle proof: {'PASS' if result.verification.proof_valid else 'FAIL'}")
+    else:
+        print("Status: INVALID")
+        if result.error:
+            print(f"  Error: {result.error}")
+        sys.exit(1)
+def main() -> None:
+    parser = argparse.ArgumentParser(
+        prog="glacis", description="Glacis CLI - Cryptographic attestation for AI systems"
+    )
+    subparsers = parser.add_subparsers(dest="command", required=True)
+    # verify command
+    verify_parser = subparsers.add_parser("verify", help="Verify a receipt")
+    verify_parser.add_argument("receipt", help="Path to receipt JSON file")
+    verify_parser.add_argument(
+        "--base-url",
+        default=DEFAULT_BASE_URL,
+        help=f"API base URL (default: {DEFAULT_BASE_URL})",
+    )
+    verify_parser.set_defaults(func=verify_command)
+    args = parser.parse_args()
+    args.func(args)
+if __name__ == "__main__":
+    main()

glacis 0.1.3__py3-none-any.whl → 0.2.0__py3-none-any.whl

glacis 0.1.3py3-none-any.whl → 0.2.0py3-none-any.whl