glacis 0.1.4__py3-none-any.whl → 0.2.0__py3-none-any.whl

glacis/__init__.py

@@ -37,6 +37,13 @@ Streaming Example:
     ... })
     >>> await session.attest_chunk(input=audio_chunk, output=transcript)
     >>> receipt = await session.end(metadata={"duration": "00:05:23"})
+
+Controls Example:
+    >>> from glacis.controls import ControlsRunner, PIIControl, JailbreakControl
+    >>> from glacis.config import load_config
+    >>> cfg = load_config()  # Loads glacis.yaml
+    >>> runner = ControlsRunner(cfg.controls)
+    >>> results = runner.run("Patient SSN: 123-45-6789")
 """
 
 from glacis.client import AsyncGlacis, Glacis, GlacisMode
@@ -44,26 +51,56 @@ from glacis.crypto import canonical_json, hash_payload
 from glacis.models import (
     AttestInput,
     AttestReceipt,
+    ControlExecution,
+    ControlPlaneAttestation,
+    ControlStatus,
+    ControlType,
+    Determination,
+    GlacisApiError,
     GlacisConfig,
+    JailbreakSummary,
     LogEntry,
     LogQueryParams,
     LogQueryResult,
     MerkleInclusionProof,
+    ModelInfo,
     OfflineAttestReceipt,
     OfflineVerifyResult,
+    PiiPhiSummary,
+    PolicyContext,
+    PolicyScope,
+    SafetyScores,
+    SamplingDecision,
+    SamplingMetadata,
     SignedTreeHead,
     VerifyResult,
 )
 from glacis.storage import ReceiptStorage
 from glacis.streaming import SessionContext, SessionReceipt, StreamingSession
 
-__version__ = "0.2.0"
+# Controls module (optional dependencies for individual controls)
+try:
+    from glacis.controls import (  # noqa: F401
+        BaseControl,
+        ControlResult,
+        ControlsRunner,
+        JailbreakControl,
+        PIIControl,
+    )
+
+    _CONTROLS_AVAILABLE = True
+except ImportError:
+    _CONTROLS_AVAILABLE = False
+
+__version__ = "0.3.0"
 
 __all__ = [
     # Main classes
     "Glacis",
     "AsyncGlacis",
     "GlacisMode",
+    # Exceptions
+    "GlacisApiError",
     # Streaming
     "StreamingSession",
     "SessionContext",
@@ -82,7 +119,31 @@ __all__ = [
     "LogEntry",
     "MerkleInclusionProof",
     "SignedTreeHead",
+    # Control Plane
+    "ControlPlaneAttestation",
+    "PolicyContext",
+    "PolicyScope",
+    "ModelInfo",
+    "Determination",
+    "ControlExecution",
+    "ControlType",
+    "ControlStatus",
+    "SafetyScores",
+    "PiiPhiSummary",
+    "JailbreakSummary",
+    "SamplingMetadata",
+    "SamplingDecision",
     # Crypto utilities
     "canonical_json",
     "hash_payload",
 ]
+
+# Add controls exports if available
+if _CONTROLS_AVAILABLE:
+    __all__.extend([
+        "BaseControl",
+        "ControlResult",
+        "ControlsRunner",
+        "PIIControl",
+        "JailbreakControl",
+    ])

glacis/__main__.py

@@ -5,86 +5,7 @@ Usage:
     python -m glacis verify <receipt.json>
 """
 
-import argparse
-import json
-import sys
-from pathlib import Path
-from typing import Any, Union
-
-from glacis import Glacis
-from glacis.models import AttestReceipt, OfflineAttestReceipt, OfflineVerifyResult, VerifyResult
-
-
-def verify_command(args: argparse.Namespace) -> None:
-    """Verify a receipt file."""
-    receipt_path = Path(args.receipt)
-
-    if not receipt_path.exists():
-        print(f"Error: File not found: {receipt_path}", file=sys.stderr)
-        sys.exit(1)
-
-    try:
-        with open(receipt_path) as f:
-            data: dict[str, Any] = json.load(f)
-    except json.JSONDecodeError as e:
-        print(f"Error: Invalid JSON: {e}", file=sys.stderr)
-        sys.exit(1)
-
-    # Determine receipt type and verify
-    receipt: Union[AttestReceipt, OfflineAttestReceipt]
-    result: Union[VerifyResult, OfflineVerifyResult]
-
-    if data.get("attestation_id", "").startswith("oatt_"):
-        offline_receipt = OfflineAttestReceipt(**data)
-        # For verification, we need a signing_seed but it's not used
-        # since we verify using the public key from the receipt
-        dummy_seed = bytes(32)  # All zeros - only used to satisfy constructor
-        glacis = Glacis(mode="offline", signing_seed=dummy_seed)
-        result = glacis.verify(offline_receipt)
-        receipt = offline_receipt
-    else:
-        online_receipt = AttestReceipt(**data)
-        # Online verification doesn't require API key for public receipts
-        glacis = Glacis(api_key="verify_only")
-        result = glacis.verify(online_receipt)
-        receipt = online_receipt
-
-    # Output
-    print(f"Receipt: {receipt.attestation_id}")
-    print(f"Type: {'Offline' if isinstance(receipt, OfflineAttestReceipt) else 'Online'}")
-    print()
-
-    if result.valid:
-        print("Status: VALID")
-        # Get signature validity based on result type
-        if isinstance(result, OfflineVerifyResult):
-            sig_valid = result.signature_valid
-        else:
-            sig_valid = result.verification.signature_valid
-        print(f"  Signature: {'PASS' if sig_valid else 'FAIL'}")
-        if isinstance(result, VerifyResult):
-            print(f"  Merkle proof: {'PASS' if result.verification.proof_valid else 'FAIL'}")
-    else:
-        print("Status: INVALID")
-        if result.error:
-            print(f"  Error: {result.error}")
-        sys.exit(1)
-
-
-def main() -> None:
-    parser = argparse.ArgumentParser(
-        prog="glacis", description="Glacis CLI - Cryptographic attestation for AI systems"
-    )
-    subparsers = parser.add_subparsers(dest="command", required=True)
-
-    # verify command
-    verify_parser = subparsers.add_parser("verify", help="Verify a receipt")
-    verify_parser.add_argument("receipt", help="Path to receipt JSON file")
-    verify_parser.set_defaults(func=verify_command)
-
-    args = parser.parse_args()
-    args.func(args)
-
+from glacis.verify import main
 
 if __name__ == "__main__":
     main()

glacis/client.py

@@ -8,7 +8,7 @@ your infrastructure.
 
 Supports two modes:
 - Online (default): Sends attestations to api.glacis.io for witnessing
-- Offline: Signs attestations locally using Ed25519 via WASM
+- Offline: Signs attestations locally using Ed25519
 
 Example (online):
     >>> from glacis import Glacis
@@ -43,6 +43,7 @@ import httpx
 from glacis.crypto import hash_payload
 from glacis.models import (
     AttestReceipt,
+    ControlPlaneAttestation,
     GlacisApiError,
     GlacisRateLimitError,
     LogQueryResult,
@@ -53,8 +54,8 @@ from glacis.models import (
 )
 
 if TYPE_CHECKING:
+    from glacis.crypto import Ed25519Runtime
     from glacis.storage import ReceiptStorage
-    from glacis.wasm_runtime import WasmRuntime
 
 
 class GlacisMode(str, Enum):
@@ -136,7 +137,7 @@ class Glacis:
             self._storage: Optional["ReceiptStorage"] = None
             self._signing_seed: Optional[bytes] = None
             self._public_key: Optional[str] = None
-            self._wasm_runtime: Optional["WasmRuntime"] = None
+            self._ed25519: Optional["Ed25519Runtime"] = None
         else:
             # Offline mode
             if not signing_seed:
@@ -148,11 +149,11 @@ class Glacis:
             self._signing_seed = signing_seed
             self._client = None  # No HTTP client needed
 
-            # Initialize WASM runtime and derive public key
-            from glacis.wasm_runtime import WasmRuntime
+            # Initialize Ed25519 runtime and derive public key
+            from glacis.crypto import get_ed25519_runtime
 
-            self._wasm_runtime = WasmRuntime.get_instance()
-            self._public_key = self._wasm_runtime.get_public_key_hex(signing_seed)
+            self._ed25519 = get_ed25519_runtime()
+            self._public_key = self._ed25519.get_public_key_hex(signing_seed)
 
             # Initialize storage
             from glacis.storage import ReceiptStorage
@@ -183,20 +184,23 @@ class Glacis:
         input: Any,
         output: Any,
         metadata: Optional[dict[str, str]] = None,
+        control_plane_results: Optional[ControlPlaneAttestation] = None,
     ) -> Union[AttestReceipt, OfflineAttestReceipt]:
         """
         Attest an AI operation.
 
-        The input and output are hashed locally using RFC 8785 canonical JSON + SHA-256.
-        In online mode, the hash is sent to the server for witnessing.
-        In offline mode, the attestation is signed locally.
+        The input, output, and control_plane_results are hashed locally using RFC 8785
+        canonical JSON + SHA-256. Only the hash is sent to the server - the actual
+        data never leaves your infrastructure (zero egress).
 
         Args:
             service_id: Service identifier (e.g., "my-ai-service")
             operation_type: Type of operation (inference, embedding, completion, classification)
             input: Input data (hashed locally, never sent)
             output: Output data (hashed locally, never sent)
-            metadata: Optional metadata (sent to server in online mode)
+            metadata: Optional metadata (stored locally for evidence)
+            control_plane_results: Optional control plane attestation
+                (hashed locally, cryptographically bound)
 
         Returns:
             AttestReceipt (online) or OfflineAttestReceipt (offline)
@@ -205,32 +209,47 @@ class Glacis:
             GlacisApiError: On API errors (online mode)
             GlacisRateLimitError: When rate limited (online mode)
         """
-        payload_hash = self.hash({"input": input, "output": output})
+        # Build payload to hash - includes control_plane_results for cryptographic binding
+        payload_to_hash: dict[str, Any] = {"input": input, "output": output}
+        if control_plane_results:
+            payload_to_hash["control_plane_results"] = (
+                control_plane_results.model_dump(by_alias=True)
+            )
+        payload_hash = self.hash(payload_to_hash)
 
         if self.mode == GlacisMode.OFFLINE:
             return self._attest_offline(
-                service_id, operation_type, payload_hash, input, output, metadata
+                service_id, operation_type, payload_hash,
+                input, output, metadata, control_plane_results,
             )
 
-        return self._attest_online(service_id, operation_type, payload_hash, metadata)
+        return self._attest_online(service_id, operation_type, payload_hash, control_plane_results)
 
     def _attest_online(
         self,
         service_id: str,
         operation_type: str,
         payload_hash: str,
-        metadata: Optional[dict[str, str]],
+        control_plane_results: Optional[ControlPlaneAttestation] = None,
     ) -> AttestReceipt:
-        """Create a server-witnessed attestation."""
+        """Create a server-witnessed attestation.
+
+        The server is a pure witness service - it only receives the hash and
+        adds it to the Merkle tree. All rich metadata (input, output, control_plane_results)
+        stays in the customer's infrastructure for zero-egress compliance.
+
+        The control_plane_results is cryptographically bound via the payload_hash (which
+        includes control_plane_results in its computation).
+        """
         self._debug(f"Attesting (online): service_id={service_id}, hash={payload_hash[:16]}...")
 
+        # Only send what the server needs - hash goes into Merkle tree
+        # metadata and control_plane_results are NOT sent (zero egress - stored locally)
         body: dict[str, Any] = {
             "serviceId": service_id,
             "operationType": operation_type,
             "payloadHash": payload_hash,
         }
-        if metadata:
-            body["metadata"] = metadata
 
         response = self._request_with_retry(
             "POST",
@@ -240,6 +259,8 @@ class Glacis:
         )
 
         receipt = AttestReceipt.model_validate(response)
+        # Attach control_plane_results locally for evidence (not sent to server)
+        receipt.control_plane_results = control_plane_results
         self._debug(f"Attestation successful: {receipt.attestation_id}")
         return receipt
 
@@ -251,6 +272,7 @@ class Glacis:
         input: Any,
         output: Any,
         metadata: Optional[dict[str, str]],
+        control_plane_results: Optional[ControlPlaneAttestation] = None,
     ) -> OfflineAttestReceipt:
         """Create a locally-signed attestation."""
         self._debug(f"Attesting (offline): service_id={service_id}, hash={payload_hash[:16]}...")
@@ -259,8 +281,8 @@ class Glacis:
         timestamp = datetime.utcnow().isoformat() + "Z"
         timestamp_ms = int(datetime.utcnow().timestamp() * 1000)
 
-        # Build attestation payload
-        attestation_payload = {
+        # Build attestation payload (this is what gets signed)
+        attestation_payload: dict[str, Any] = {
             "version": 1,
             "serviceId": service_id,
             "operationType": operation_type,
@@ -269,15 +291,21 @@ class Glacis:
             "mode": "offline",
         }
 
+        # Include control plane results in signed payload if provided
+        if control_plane_results:
+            attestation_payload["controlPlaneResults"] = (
+                control_plane_results.model_dump(by_alias=True)
+            )
+
         # Sign using WASM
         attestation_json = json.dumps(
             attestation_payload, separators=(",", ":"), sort_keys=True
         )
-        assert self._wasm_runtime is not None
+        assert self._ed25519 is not None
         assert self._signing_seed is not None
         assert self._public_key is not None
 
-        signed_json = self._wasm_runtime.sign_attestation_json(
+        signed_json = self._ed25519.sign_attestation_json(
             self._signing_seed, attestation_json
         )
         signed = json.loads(signed_json)
@@ -290,6 +318,7 @@ class Glacis:
             payload_hash=payload_hash,
             signature=signed["signature"],
             public_key=self._public_key,
+            control_plane_results=control_plane_results,
         )
 
         # Store in SQLite
@@ -334,7 +363,7 @@ class Glacis:
             # Online attestation ID
             return self._verify_online(receipt)
         elif isinstance(receipt, AttestReceipt):
-            return self._verify_online(receipt.attestation_id)
+            return self._verify_online(receipt.attestation_hash)
         else:
             raise TypeError(f"Invalid receipt type: {type(receipt)}")
 
@@ -359,13 +388,13 @@ class Glacis:
             # which we don't currently do. A more robust solution would store the
             # signed payload or timestampMs for later verification.
 
-            # Use WASM to verify if we have the runtime
-            if self._wasm_runtime and self._signing_seed:
+            # Use Ed25519 to verify if we have the runtime
+            if self._ed25519 and self._signing_seed:
                 # We can at least verify the public key matches our seed
-                derived_pubkey = self._wasm_runtime.get_public_key_hex(self._signing_seed)
+                derived_pubkey = self._ed25519.get_public_key_hex(self._signing_seed)
                 signature_valid = derived_pubkey == receipt.public_key
             else:
-                # Without the WASM runtime, we can't fully verify
+                # Without the Ed25519 runtime, we can't fully verify
                 # But we can check if the receipt is in our storage
                 signature_valid = True  # Trusted from local storage
 
@@ -430,9 +459,9 @@ class Glacis:
         """
         params: dict[str, Any] = {}
         if org_id:
-            params["org_id"] = org_id
+            params["orgId"] = org_id
         if service_id:
-            params["service_id"] = service_id
+            params["serviceId"] = service_id
         if start:
             params["start"] = start
         if end:
@@ -702,9 +731,9 @@ class AsyncGlacis:
         """
         params: dict[str, Any] = {}
         if org_id:
-            params["org_id"] = org_id
+            params["orgId"] = org_id
         if service_id:
-            params["service_id"] = service_id
+            params["serviceId"] = service_id
         if start:
             params["start"] = start
         if end:

glacis/config.py

@@ -0,0 +1,141 @@
+"""
+GLACIS Configuration Module
+
+Provides configuration models and loading for glacis.yaml config files.
+The config file allows toggling controls (PII/PHI redaction, etc.) on/off.
+
+Example glacis.yaml:
+    version: "1.0"
+    policy:
+      id: "hipaa-safe-harbor"
+      tenant_id: "my-org"
+    controls:
+      pii_phi:
+        enabled: true
+        backend: "presidio"
+        mode: "fast"
+      jailbreak:
+        enabled: true
+        backend: "prompt_guard_22m"
+        threshold: 0.5
+        action: "flag"
+    attestation:
+      offline: true
+      service_id: "my-service"
+
+Usage:
+    from glacis.config import load_config
+
+    # Auto-load from ./glacis.yaml
+    config = load_config()
+
+    # Or explicit path
+    config = load_config("path/to/glacis.yaml")
+"""
+
+from pathlib import Path
+from typing import Literal, Optional
+
+from pydantic import BaseModel, Field
+
+
+class PiiPhiConfig(BaseModel):
+    """PII/PHI redaction control configuration."""
+
+    enabled: bool = Field(default=False, description="Enable PII/PHI redaction")
+    backend: str = Field(
+        default="presidio",
+        description="Backend model identifier (e.g., 'presidio')",
+    )
+    mode: Literal["fast", "full"] = Field(
+        default="fast",
+        description="Redaction mode: 'fast' (regex-only) or 'full' (regex + NER)",
+    )
+
+
+class JailbreakConfig(BaseModel):
+    """Jailbreak/prompt injection detection configuration."""
+
+    enabled: bool = Field(default=False, description="Enable jailbreak detection")
+    backend: str = Field(
+        default="prompt_guard_22m",
+        description="Backend model: 'prompt_guard_22m' or 'prompt_guard_86m'",
+    )
+    threshold: float = Field(
+        default=0.5,
+        ge=0.0,
+        le=1.0,
+        description="Classification threshold (0-1)",
+    )
+    action: Literal["block", "flag", "log"] = Field(
+        default="flag",
+        description="Action when jailbreak detected: 'block', 'flag', or 'log'",
+    )
+
+
+class ControlsConfig(BaseModel):
+    """Configuration for all controls."""
+
+    pii_phi: PiiPhiConfig = Field(default_factory=PiiPhiConfig)
+    jailbreak: JailbreakConfig = Field(default_factory=JailbreakConfig)
+
+
+class PolicyConfig(BaseModel):
+    """Policy metadata included in attestations."""
+
+    id: str = Field(default="default", description="Policy identifier")
+    version: str = Field(default="1.0", description="Policy version")
+    tenant_id: str = Field(default="default", description="Tenant identifier")
+
+
+class AttestationConfig(BaseModel):
+    """Attestation settings."""
+
+    offline: bool = Field(default=True, description="Use offline mode (local signing)")
+    service_id: str = Field(default="openai", description="Service identifier")
+
+
+class GlacisConfig(BaseModel):
+    """Root configuration model for GLACIS."""
+
+    version: str = Field(default="1.0", description="Config schema version")
+    policy: PolicyConfig = Field(default_factory=PolicyConfig)
+    controls: ControlsConfig = Field(default_factory=ControlsConfig)
+    attestation: AttestationConfig = Field(default_factory=AttestationConfig)
+
+
+def load_config(path: Optional[str] = None) -> GlacisConfig:
+    """
+    Load configuration from a YAML file.
+
+    Args:
+        path: Explicit path to config file. If None, looks for ./glacis.yaml
+
+    Returns:
+        GlacisConfig instance (defaults if no config file found)
+
+    Example:
+        >>> config = load_config()  # Auto-load ./glacis.yaml
+        >>> config = load_config("configs/production.yaml")  # Explicit path
+    """
+    if path:
+        config_path = Path(path)
+    else:
+        config_path = Path("glacis.yaml")
+
+    if config_path.exists():
+        try:
+            import yaml
+        except ImportError:
+            raise ImportError(
+                "pyyaml is required for config file support. "
+                "Install with: pip install pyyaml"
+            )
+
+        with open(config_path) as f:
+            data = yaml.safe_load(f)
+
+        if data:
+            return GlacisConfig(**data)
+
+    return GlacisConfig()